[gnutls-devel] GnuTLS | Make TPM2 support self-contained (!1946)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue Apr 8 13:29:48 CEST 2025
Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1946 was reviewed by Daiki Ueno
--
Daiki Ueno started a new discussion on lib/tpm2/callbacks/aes/aes_callbacks.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1946#note_2439799925
> +{
> + if (mode != TPM2_ALG_CFB)
> + return GNUTLS_CIPHER_NULL;
`GNUTLS_CIPHER_NULL` indicates "no encryption", wouldn't it make more sense to return `GNUTLS_CIPHER_UNKNOWN` instead?
--
Daiki Ueno started a new discussion on lib/tpm2/callbacks/ecdh/ecdh_callbacks.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1946#note_2439799964
> + goto fail;
> +
> + ret = gnutls_pubkey_import_ecc_raw(peerkey, GNUTLS_ECC_CURVE_SECP256R1,
Can we assume a specific curve here? Maybe better inspect `tpm_key->publicArea.parameters.eccDetail.curveID`?
--
Daiki Ueno started a new discussion on lib/tpm2/callbacks/ecdh/ecdh_callbacks.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1946#note_2439799974
> +
> +fail:
> + gnutls_free(shared.data);
Good to use `zeroize_temp_key`?
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1946
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250408/ac650b04/attachment-0001.html>
More information about the Gnutls-devel
mailing list