On Wed, Jun 27, 2018 at 08:15:31AM +0200, Stephan Müller wrote: > Hi, > > Changes v2: > * addition of a check that mpi_alloc succeeds. > > ---8<--- > > According to SP800-56A section 5.6.2.1, the public key to be processed > for the DH operation shall be checked for appropriateness. The check > shall covers the full verification test in case the domain parameter Q > is provided as defined in SP800-56A section 5.6.2.3.1. If Q is not > provided, the partial check according to SP800-56A section 5.6.2.3.2 is > performed. > > The full verification test requires the presence of the domain parameter > Q. Thus, the patch adds the support to handle Q. It is permissible to > not provide the Q value as part of the domain parameters. This implies > that the interface is still backwards-compatible where so far only P and > G are to be provided. However, if Q is provided, it is imported. > > Without the test, the NIST ACVP testing fails. After adding this check, > the NIST ACVP testing passes. Testing without providing the Q domain > parameter has been performed to verify the interface has not changed. > > Signed-off-by: Stephan Mueller <smueller@xxxxxxxxxx> > --- > crypto/dh.c | 66 ++++++++++++++++++++++++++++++++++++++++++--- > crypto/dh_helper.c | 15 ++++++++--- > include/crypto/dh.h | 4 +++ > 3 files changed, 79 insertions(+), 6 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt