[gnutls-devel] GnuTLS | WIP: GOST key exchange support (!1097)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Tue Nov 5 12:54:54 CET 2019
Nikos Mavrogiannopoulos commented on a discussion on lib/auth/vko_gost.c: https://gitlab.com/gnutls/gnutls/merge_requests/1097#note_240195188
> + }
> +
> + has_pcert = 1;
> + }
> +
> + ret = _gnutls_gost_keytrans_decrypt(has_pcert ? &peer_cert.pubkey->params : NULL,
> + &privkey->key.x509->params,
> + &cek, &ukm, &session->key.key);
> + if (ret < 0) {
> + gnutls_assert();
> + _gnutls_free_datum(&ukm);
> + goto cleanup;
> + }
> +
> + if (ret == 0)
> + session->internals.hsk_flags &= ~HSK_CRT_VRFY_EXPECTED;
Why is that? Isn't this ciphersuite equivalent to the RSA one? The RSA one doesn't require this flag to be unset. Where is this flag being set, is it in _gnutls_recv_client_certificate()?
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1097#note_240195188
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191105/379acf6f/attachment.html>
More information about the Gnutls-devel
mailing list