-use flag to disable key generation test for libgcrypt > 1.7

author: Christian Grothoff <christian@grothoff.org> 2015-05-22 07:27:20 +0000
committer: Christian Grothoff <christian@grothoff.org> 2015-05-22 07:27:20 +0000
commit: 259e8c1c53b241df2717d8d0b740453c2252ef27 (patch)
tree: 47b7a9dabff4c1f160e0a47c4b09fc67cc63150e /src/util/crypto_ecc.c
parent: 2bcfaa1c52e32b45aa29cfe09e98b174db8f879c (diff)
download: gnunet-259e8c1c53b241df2717d8d0b740453c2252ef27.tar.gz
gnunet-259e8c1c53b241df2717d8d0b740453c2252ef27.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index dc3f206e7..e6d6bc133 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -492,9 +492,14 @@ GNUNET_CRYPTO_ecdhe_key_create ()
  gcry_mpi_t d;
  int rc;
+  /* NOTE: For libgcrypt >= 1.7, we do not need the 'eddsa' flag here,
+     but should also be harmless. For libgcrypt < 1.7, using 'eddsa'
+     disables an expensive key testing routine. We do not want to run
+     the expensive check for ECDHE, as we generate TONS of keys to
+     use for a very short time. */
  if (0 != (rc = gcry_sexp_build (&s_keyparam, NULL,
                                  "(genkey(ecc(curve \"" CURVE "\")"
-                                  "(flags eddsa)))")))
+                                  "(flags eddsa no-keytest)))")))
  {
    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
    return NULL;
author	Christian Grothoff <christian@grothoff.org>	2015-05-22 07:27:20 +0000
committer	Christian Grothoff <christian@grothoff.org>	2015-05-22 07:27:20 +0000
commit	259e8c1c53b241df2717d8d0b740453c2252ef27 (patch)
tree	47b7a9dabff4c1f160e0a47c4b09fc67cc63150e /src/util/crypto_ecc.c
parent	2bcfaa1c52e32b45aa29cfe09e98b174db8f879c (diff)
download	gnunet-259e8c1c53b241df2717d8d0b740453c2252ef27.tar.gz gnunet-259e8c1c53b241df2717d8d0b740453c2252ef27.zip