From: Derek Lesho <dlesho@codeweavers.com>
Subject: Re: [PATCH v3 3/4] bcrypt: Implement BCryptSecretAgreement with libgcrypt.
Message-Id: <cefedbdf-5bf6-0d5a-6cf0-b70e2613bf51@codeweavers.com>
Date: Wed, 8 Jan 2020 16:39:42 -0600
In-Reply-To: <119694871b9a8410cd9c48ad486dd46ffe9feab1.camel@codeweavers.com>
References: <20200107202250.2277241-1-dlesho@codeweavers.com> <20200107202250.2277241-3-dlesho@codeweavers.com> <119694871b9a8410cd9c48ad486dd46ffe9feab1.camel@codeweavers.com>

On 2020-01-08 04:10, Hans Leidekker wrote:

> On Tue, 2020-01-07 at 14:22 -0600, Derek Lesho wrote:
>> +/* this is necessary since GNUTLS doesn't support ECDH public key encryption, maybe we can replace this when it does:
>> +   https://github.com/gnutls/gnutls/blob/cdc4fc288d87f91f974aa23b6e8595a53970ce00/lib/nettle/pk.c#L495 */
>> +NTSTATUS compute_secret_ecc (struct key *privkey_in, struct key *pubkey_in, struct secret *secret)
> It would be nice if we could avoid adding another dependency. Has any effort been
> made to add this feature to GnuTLS?

Not that I know of.  I just took a second look, and I think the 
functionality does exist in nettle, so I might be able to add support 
for it in GNUTLS.  However, that would take a very long time to trickle 
down into the libraries shipped by most distros