[gnutls-devel] GnuTLS | Verification of deterministic RSA-PSS signature fails (#953)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sat Mar 14 15:05:54 CET 2020




Daiki Ueno commented:


Since the salt size is always controlled through spki, why not just set it manually, before calling `gnutls_pubkey_verify_data2`:
```c
		if (tests[i].pk == GNUTLS_PK_RSA_PSS) {
			gnutls_x509_spki_t spki;
			gnutls_x509_spki_init(&spki);
			gnutls_x509_spki_set_rsa_pss_params(spki, tests[i].digest, 0);
			gnutls_pubkey_set_spki(pubkey, spki, 0);
			gnutls_x509_spki_deinit(spki);
		}
```
A fun fact is that, even if we use the reproducible construction, `getrandom` is always called for RSA blinding; so if the purpose of doing this is to avoid access to the random source, it wouldn't work out I'm afraid.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/953#note_304965161
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200314/ddd6208e/attachment.html>


More information about the Gnutls-devel mailing list