[gnutls-devel] GnuTLS | Use full hash+sign operations in pct_test (!2100)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Wed Apr 29 02:50:21 CEST 2026
Daiki Ueno commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/2100#note_3297023832
> + const gnutls_x509_spki_st *spki,
> + const gnutls_datum_t *data)
> +{
> + gnutls_privkey_t privkey = NULL;
> + gnutls_pubkey_t pubkey = NULL;
> + gnutls_x509_privkey_t xprivkey = NULL;
> + gnutls_datum_t sig = { NULL, 0 };
> + gnutls_sign_algorithm_t sign_algo;
> + unsigned vflags = 0;
> + int ret;
> +
> + sign_algo = pct_pk_to_sign(algo, spki);
> + if (sign_algo == GNUTLS_SIGN_UNKNOWN)
> + return gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
> +
> + /* Do we still care GOST in FIPS mode? */
For some reason we exercise GOST under FIPS mode in tests/x509sign-verify-gost. Maybe we can skip the test, but I just added `#if ENABLE_GOST ... #endif` for now so the code (and the test) is compiled out if `--disable-gost` is given (which is the case with RHEL at least).
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2100#note_3297023832
You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-6y5kx1lynyht3py9x7d3mhnux-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20260429/8f836bcd/attachment-0001.html>
More information about the Gnutls-devel
mailing list