diff options
author | Daiki Ueno <ueno@gnu.org> | 2020-05-04 12:24:10 +0000 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2020-05-04 12:24:10 +0000 |
commit | 4d8f3321158528ae47d4c62382911196ab80f338 (patch) | |
tree | 066e31ee9d195782b350f54c81fff76d319818d3 | |
parent | ff483e4b6305054fa2c49e3b9e3e4083d038c8f0 (diff) | |
parent | 7b4377a12f774975aa9b5091417cbcd65dc33db7 (diff) | |
download | gnutls-4d8f3321158528ae47d4c62382911196ab80f338.tar.gz |
Merge branch 'tmp-reproducible-sig-doc' into 'master'
doc: expand GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE description on RSA-PSS [ci skip]
Closes #953
See merge request gnutls/gnutls!1242
-rw-r--r-- | lib/includes/gnutls/abstract.h | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h index d8805681a9..386ae3e49f 100644 --- a/lib/includes/gnutls/abstract.h +++ b/lib/includes/gnutls/abstract.h @@ -372,9 +372,12 @@ int gnutls_privkey_status(gnutls_privkey_t key); * @GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA: Make an RSA signature on the hashed data as in the TLS protocol. * @GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS: Make an RSA signature on the hashed data with the PSS padding. * @GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE: Make a signature on the hashed data with reproducible parameters. - * For RSA-PSS, that means to use empty salt instead of random value. For ECDSA/DSA, it uses the deterministic - * construction of random parameter according to RFC 6979. Note that - * this only supports the NIST curves and DSA subgroup bits up to 512. + * For RSA-PSS, that means to use empty salt instead of random value. To + * verify a signature created using this flag, the corresponding SPKI needs + * to be set on the public key. Use gnutls_pubkey_set_spki() for that. + * For ECDSA/DSA, it uses the deterministic construction of random parameter + * according to RFC 6979. Note that this only supports the NIST curves and DSA + * subgroup bits up to 512. * @GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE: When importing a private key, automatically * release it when the structure it was imported is released. * @GNUTLS_PRIVKEY_IMPORT_COPY: Copy required values during import. |