FIPS 186-4 compliance patches for rsa/dsa/ecdsa

Werner Koch wk at
Thu Oct 9 08:51:25 CEST 2014


I am not very inclined to add patches just for the sake of
sell-it-to-the-gov specs.  In particular not if a quick sample shows

-  /* We ignore step 1 from pksc5v2.1 which demands a check that dklen
-     is not larger that 0xffffffff * hlen.  */
+  /* Step 1 */
+  /* If dkLen > (2^32 - 1) * hLen, output "derived key too long" and stop. */
+  if (dklen > 4294967295 * hlen)
+    return GPG_ERR_INV_VALUE;
Which is wrong. 0xffffffff * hlen overflows on many architectures and
the condition does not work as expected.  It does not also not help that
you changed DKLEN from int to long under the assumption that
sizeof(long) > sizeof (int) - which is for example wrong for the
majority of desktop systems.

If you want to have these patches considered, please format them and the
commit logs according to doc/HACKING and send a DCO.  An description of
why these changes benefit would also be appreciated.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gcrypt-devel mailing list