Hi Herbert, On 1/25/24 23:58, Herbert Xu wrote:
On Sun, Jan 21, 2024 at 01:49:00PM -0600, Joachim Vandersmissen wrote:static int _rsa_enc(const struct rsa_mpi_key *key, MPI c, MPI m) { + /* For FIPS, SP 800-56Br2, Section 7.1.1 requires 1 < m < n - 1 */ + if (fips_enabled && rsa_check_payload_fips(m, key->n)) + return -EINVAL; + /* (1) Validate 0 <= m < n */ if (mpi_cmp_ui(m, 0) < 0 || mpi_cmp(m, key->n) >= 0) return -EINVAL;I think this check makes sense in general, so why not simply replace the second check above with the new check?
Yes, mathematically speaking the values 1 and n - 1 aren't suitable for RSA (they will always be fixed points). I simply didn't want to introduce a breaking change. If you think a breaking change is acceptable, I can update the patch to replace the RFC3447 check with the stricter check.
Thanks,
