<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<p class="details" style="font-style: italic; color: #777;">
<a href="https://gitlab.com/andrew-aladev">Andrew Aladjev</a> created an issue:
</p>
<div></div>
<p dir="auto">Hello. I was passing by <code>gnutls</code>/<code>nettle</code> code and found that <a href="https://gitlab.com/gnutls/gnutls/-/blob/master/configure.ac#L1168">recent <code>gnutls</code> master branch</a> received <a href="https://en.wikipedia.org/wiki/GOST_(block_cipher)" rel="nofollow noreferrer noopener" target="_blank">"gost"</a> support.</p>
<p dir="auto">I am living in post-USSR country and know what political question "gost" is a part of. "<em>Standards</em>" related to gost are weak and partially proprietary, you can find more information about <a href="https://eprint.iacr.org/2016/071.pdf" rel="nofollow noreferrer noopener" target="_blank">s-box genesis here</a> for example. I won't provide more redundant information, but <strong>protection against gost support</strong> is a strong question for many people, not only for me.</p>
<p dir="auto">Today <code>gnutls</code> has <code>ENABLE_GOST</code> option <strong>disabled by default</strong> and everything is fine. But recent commits into <code>nettle</code> <a href="https://gitlab.com/gnutls/nettle/-/blob/master/hmac.h#L213">breaks everything</a>. Today gost is <strong>enabled by default</strong> in <code>nettle</code>.</p>
<p dir="auto">I am sure that russian goverenment will keep integration of gost in other software and regular users like me won't be able to fight with it tomorrow. So I want to add same <code>IF_GOST</code> flag for <code>nettle</code>. If some software won't build with <code>gnutls</code>/<code>nettle</code>/<code>openssl</code> (with gost disabled) - i won't use it before removing mandatory gost support.</p>
<p dir="auto">I've provided patch to Niels Möller (nettle developer) and he asked to clarify plans about gost implementation in <code>gnutls</code>.</p>
<blockquote dir="auto">
<p>I don't know what the gnutls team's plans are for this option. From my perspective, as long as the gost ecc code in gnutls accesses nettle's ecc internals, not supported by the nettle abi, it's essentlial that gnutls' gost code isn't enabled by default and doesn't get into binary distributions. But that's not reason to keep the option if/when all the gost curves are suppported in nettle.</p>
</blockquote>
<p dir="auto">Please clarify plans for gost implementation. Thank you.</p>
<p dir="auto"><a href="https://gitlab.com/gnutls/gnutls/uploads/257112cc25e898ec1105f752924813a3/if_gost_for_nettle.patch" class="gfm">if_gost_for_nettle.patch</a></p>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/942">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/sent_notifications/28f3ed45efdc19bf5b8cf18d80fee225/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/942"}}</script>
</p>
</div>
</body>
</html>