[gnutls-devel] GnuTLS | Draft: key_share: allow key share reuse with hybrids (!2067)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Thu Mar 5 20:18:04 CET 2026 



Alexander Sosedkin commented on a discussion on lib/ext/key_share.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/2067#note_3135862814

 >  
 >  	case GNUTLS_PK_ECDH_X25519:
 >  	case GNUTLS_PK_ECDH_X448:
 > -		gnutls_pk_params_release(&session->key.kshare.ecdhx_params);
 > -		gnutls_pk_params_init(&session->key.kshare.ecdhx_params);
 > +		/* try reusing existing values */
 > +		if (session->key.kshare.ecdhx_params.curve == group->curve &&
 > +		    session->key.kshare.ecdhx_params.algo == group->pk &&
 > +		    session->key.kshare.ecdhx_params.raw_pub.data != NULL) {

okay, so... here's an entire menu of versions to pick from:

* ...
* bdda1c936e key_share: reuse existing key shares (guards edition) - that's the continuation of what I was doing
* f7af8dbbea key_share: reuse key shares (4-loop edition) - this is the version with a lot of passes, mind the limitations like slot reuse guards
* 6636e9b641 key_share: reuse key shares (3-loop edition) - what I see as a natural simplification
* b4c1bfc502 key_share: reuse key shares (2-loop edition) - what I see as a natural simplification
* ec5163e807 key_share: reuse key shares (1-loop edition) - what I see as a natural simplification
* 48cced8375 key_share: guards enable slot reuse - and now we've come full circle

You've probably meant neither of these, but at least now you have an assortment of starting points at your disposal to continue explaining how multiple passes are better =)

what's the closest to what you wanted and what is it lacking?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2067#note_3135862814
You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-a6rrps16ei4sw3kcvcmrfmz9d/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20260305/8ea113cf/attachment-0001.html>

More information about the Gnutls-devel mailing list