[gnutls-devel] GnuTLS | Optimize FIPS power-on self-tests (!1907)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue Dec 17 13:10:53 CET 2024
Daiki Ueno commented on a discussion on lib/fips.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1907#note_2262879934
> }
>
> /* PK */
> - if (_gnutls_config_is_rsa_pkcs1_encrypt_allowed()) {
> - ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA);
> - if (ret < 0) {
> - return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR);
> - }
> + ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA_PSS);
Yes, that's correct; `gnutls_pk_self_test(0, GNUTLS_PK_RSA_PSS)` does perform signature generation and [verification](https://gitlab.com/gnutls/gnutls/-/blob/5f92e8df5121c4fe4892099240bcbafd679db8ed/lib/crypto-selftests-pk.c#L489). Oh, however, it's not KAT anymore. I'll add a test vector there.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1907#note_2262879934
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241217/cfc767bd/attachment.html>
More information about the Gnutls-devel
mailing list