<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=utf-8" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<div>

<blockquote dir="auto">

<p>If the parametes is only “x” then the documentation of gnutls_pubkey_import_ecc_raw shall be updated to state</p>

</blockquote>

<p dir="auto">I agree it makes sense. I've sent a potential update of this text as part of <a href="https://gitlab.com/gnutls/gnutls/merge_requests/799" data-original="!799" data-link="false" data-link-reference="false" data-project="179611" data-merge-request="19138104" data-reference-type="merge_request" data-container="body" data-placement="bottom" title="tests: verify whether certificate request levels behave consistently" class="gfm gfm-merge_request has-tooltip">!799</a>. Feel free to open pull requests with documentation updates.</p>

<blockquote dir="auto">

<p><a href="https://tools.ietf.org/html/rfc6376#section-5.5" rel="nofollow noreferrer noopener" target="_blank">RFC6376</a> says “The Signer MUST compute the message hash as described in Section 3.7 and then sign it using the selected public-key algorithm.”</p>

</blockquote>

<blockquote dir="auto">

<p>gnutls_pubkey_verify_hash2() calls _gnutls_pk_is_not_prehashed() which fails for ed25519.</p>

</blockquote>

<blockquote dir="auto">

<p>How shall the requirement to sign the hash from RFC6376 be implemented in GnuTLS for Ed25519, as presented in RFC8463?  In particular which function shall verify the signature of the signed hash?</p>

</blockquote>

<p dir="auto">This text cannot literally apply to ed25519 because it is designed to directly hash the data (hashing with sha512 is part of the signature). How it applies to the rfcs you describe is something I do not know. I know however that the knotdns guys have already implemented that part using gnutls, so I'd recommend to check how they have done it.</p>

</div>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777777;">

—

<br>

Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/613#note_116752598">view it on GitLab</a>.

<br>

You're receiving this email because of your account on gitlab.com.

If you'd like to receive fewer emails, you can

<a href="https://gitlab.com/sent_notifications/b4dd8fed45446e8d2a0b238a526b8727/unsubscribe">unsubscribe</a>

from this thread or

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/613#note_116752598"}}</script>

</p>

</div>

</body>

</html>