On Sat, Feb 03, 2024 at 01:19:59AM -0600, Joachim Vandersmissen wrote: > Hi Herbert, > > As requested, I replaced the existing check with the new SP 800-56Br2 > check. I verified that the restriction is now applied in both FIPS and > non-FIPS mode. I tried to make it clear in the comments why the code is > now deviating from RFC3447. > > ---8<--- > > SP 800-56Br2, Section 7.1.1 [1] specifies that: > 1. If m does not satisfy 1 < m < (n – 1), output an indication that m is > out of range, and exit without further processing. > > Similarly, Section 7.1.2 of the same standard specifies that: > 1. If the ciphertext c does not satisfy 1 < c < (n – 1), output an > indication that the ciphertext is out of range, and exit without further > processing. > > This range is slightly more conservative than RFC3447, as it also > excludes RSA fixed points 0, 1, and n - 1. > > [1] https://doi.org/10.6028/NIST.SP.800-56Br2 > > Signed-off-by: Joachim Vandersmissen <git@xxxxxxxxx> > --- > crypto/rsa.c | 36 ++++++++++++++++++++++++++++++++---- > 1 file changed, 32 insertions(+), 4 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
