Re: [PATCH v2] crypto: rsa - restrict plaintext/ciphertext values more

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Feb 03, 2024 at 01:19:59AM -0600, Joachim Vandersmissen wrote:
> Hi Herbert,
> 
> As requested, I replaced the existing check with the new SP 800-56Br2
> check. I verified that the restriction is now applied in both FIPS and
> non-FIPS mode. I tried to make it clear in the comments why the code is
> now deviating from RFC3447.
> 
> ---8<---
> 
> SP 800-56Br2, Section 7.1.1 [1] specifies that:
> 1. If m does not satisfy 1 < m < (n – 1), output an indication that m is
> out of range, and exit without further processing.
> 
> Similarly, Section 7.1.2 of the same standard specifies that:
> 1. If the ciphertext c does not satisfy 1 < c < (n – 1), output an
> indication that the ciphertext is out of range, and exit without further
> processing.
> 
> This range is slightly more conservative than RFC3447, as it also
> excludes RSA fixed points 0, 1, and n - 1.
> 
> [1] https://doi.org/10.6028/NIST.SP.800-56Br2
> 
> Signed-off-by: Joachim Vandersmissen <git@xxxxxxxxx>
> ---
>  crypto/rsa.c | 36 ++++++++++++++++++++++++++++++++----
>  1 file changed, 32 insertions(+), 4 deletions(-)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux