Nikos Mavrogiannopoulos nmav@gnutls.org writes:
I do the pkcs1 1.5 encoding in gnutls, and you also do it in the high level functions in nettle, that I cannot use. It would be nice if we can save some code and reduce error risk by having a common pkcs1 1.5 signing function. I'll try to propose one the next few days.
Have you looked at pkcs1_signature_prefix? It does part of the work, so maybe it's a good starting point. The reason it leaves space for the actual digest rather than copying it in place, is to avoid extra copies for the rsa_md5_sign-style functions.
If this could be simplified, to reduce the amount of duplicated code to implement signatures for each supported hash function, while keeping low overhead for applications using only a single variant, that would be nice.
Regards, /Niels