Re: [RFC PATCH] crypto: RSA padding transform

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Sonntag, 6. September 2015, 16:33:26 schrieb Andrzej Zaborowski:

Hi Andrzej,

>>> +     for (pos = 2; pos < child_req->dst_len; pos++)
>>> +             if (dst[pos] == 0x00)
>>> +                     break;
>> 
>> What happens if the padding has a 0x00 in its pseudo random data?
>
>The pseudo random bytes must all be non-zero for the padding to be
>unambiguous (RFC3447 iirc).  If there's a 0x00 in the first 8 bytes

I see, I did not know that detail. Now, you use prandom_u32_max to generate 
the padding in case of encryption/signing. I do not see any code that filters 
out any 0x00 that may be generated by this call. How would it prevented that 
this code does not generate 0x00?


Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux