Hi Stephan, On Wed, Jun 27, 2018 at 08:15:31AM +0200, Stephan Müller wrote: > Hi, > > Changes v2: > * addition of a check that mpi_alloc succeeds. > > ---8<--- > > According to SP800-56A section 5.6.2.1, the public key to be processed > for the DH operation shall be checked for appropriateness. The check > shall covers the full verification test in case the domain parameter Q > is provided as defined in SP800-56A section 5.6.2.3.1. If Q is not > provided, the partial check according to SP800-56A section 5.6.2.3.2 is > performed. > > The full verification test requires the presence of the domain parameter > Q. Thus, the patch adds the support to handle Q. It is permissible to > not provide the Q value as part of the domain parameters. This implies > that the interface is still backwards-compatible where so far only P and > G are to be provided. However, if Q is provided, it is imported. > > Without the test, the NIST ACVP testing fails. After adding this check, > the NIST ACVP testing passes. Testing without providing the Q domain > parameter has been performed to verify the interface has not changed. You forgot to update the self-tests in the kernel, so they're failing now, as you *did* change the interface (the "key" is encoded differently now). - Eric