[gnutls-devel] GnuTLS | Draft: key_share: allow key share reuse with hybrids (!2067)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue Feb 17 02:48:27 CET 2026
Daiki Ueno started a new discussion on lib/ext/key_share.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/2067#note_3088140139
>
> case GNUTLS_PK_ECDH_X25519:
> case GNUTLS_PK_ECDH_X448:
> - gnutls_pk_params_release(&session->key.kshare.ecdhx_params);
> - gnutls_pk_params_init(&session->key.kshare.ecdhx_params);
> + /* try reusing existing values */
> + if (session->key.kshare.ecdhx_params.curve == group->curve &&
> + session->key.kshare.ecdhx_params.algo == group->pk &&
> + session->key.kshare.ecdhx_params.raw_pub.data != NULL) {
The GNUTLS_PK_EC branch also needs this treatment for SecP256r1MLKEM768 etc., right? To make it easier to follow, I would rather make the entire logic in multiple passes: first determine which groups to send, dissect hybrids and uniquify standalones, generate key share for each standalone group, and finally combine them.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2067#note_3088140139
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20260217/96f8d18d/attachment.html>
More information about the Gnutls-devel
mailing list