Received: by 2002:a05:7412:cfc7:b0:fc:a2b0:25d7 with SMTP id by7csp2161486rdb; Tue, 20 Feb 2024 21:19:20 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVWNOzkVGpl2Q7KfDg8eiO/6ADjcEe5yeGrRH+0KWQ7PHSaqXHbVeJEz40I6scYg6hTxyZgdu8WMEyhCWcC8VgPt34bRYy+W5XuKTMpyA== X-Google-Smtp-Source: AGHT+IEtNq+pSpc7ZsLvTNP5TAWtq7l09toWigWb2N6/pIreGdxNKzbIaWvrPA/AStTY75gnD6hr X-Received: by 2002:a05:620a:5601:b0:787:25e8:3391 with SMTP id vu1-20020a05620a560100b0078725e83391mr17993336qkn.18.1708492760727; Tue, 20 Feb 2024 21:19:20 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708492760; cv=pass; d=google.com; s=arc-20160816; b=gqK1GOrORZZxN4ytC5MAO4RNTyE8wFwb1egEhB1ONqwy3GHIobeOz2XGseb8f1SVhE kBeNoBaZFtzDulQ0VKUIz94P0vpWMbQ3efittgLO+PVvl7iCMCWTsx+w6xsWuBCtfB4K Lfr54fQ/m5cuVXCdxedN4QEDQnv/h0Y5d4/WCP9PNgE6iTNwZuaY62CbYBrMDBnuTpub 3ntZAqNgz9VjK9K0c1HcDCR8ClVvo76hd2VhlvvuI7fxHCs2Fa5c2AKQmplsGKJpAFIn RQAlJCXiNnLFrDHn9+bpPAQzjscr4wQdCS5rWLkXZLK9t4nTvL2xgww2E7s+byVD3QC4 5Sjg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-disposition:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:message-id:subject:to:from:date; bh=3aFrta568p4hTEvwI66LG5ImXAK3VVCfcpmimGNMRm4=; fh=9d/MRVO1GLT8D5b/gZz5muvmarDdmt+7wAxsxtYmA4I=; b=iykoI0p/cfaGdYlmgvgV7bcR0WxG6wiMIXrBTDfdcI6IDEY9h0xufeDIkGVh4xeykt UCiwJABo+/vagvqgbh+G4K1dmZzCTCg4ktJwy/y5KqKcVD9/PhGdqqYhsF/QHf98uEQB GNCaFqX1vVwPirwQfyhb+kwvGpnk/kTwsAxxr/RDfhEAbWfwfibyTzc6UbXdL81TZOCF 2Z2kYNEzKZm4U1O795OHR+cZiIE0MlQRfkJjI9v9QWmSbyX21hFZMBgAZVibYG2hTbdR reILnXeLO2io5UELkaR1Rucs5L0v7J4MdFFjP01rk+iokDi+xLMoYnSBJq56SewKk0UI olwA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=gondor.apana.org.au dmarc=pass fromdomain=gondor.apana.org.au); spf=pass (google.com: domain of linux-crypto+bounces-2207-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-2207-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=REJECT sp=QUARANTINE dis=NONE) header.from=apana.org.au Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id pb11-20020a05620a838b00b0078784bc4e64si751937qkn.615.2024.02.20.21.19.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Feb 2024 21:19:20 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto+bounces-2207-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=gondor.apana.org.au dmarc=pass fromdomain=gondor.apana.org.au); spf=pass (google.com: domain of linux-crypto+bounces-2207-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-2207-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=REJECT sp=QUARANTINE dis=NONE) header.from=apana.org.au Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 279391C2261F for ; Wed, 21 Feb 2024 05:19:20 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 87F4339ADD; Wed, 21 Feb 2024 05:19:16 +0000 (UTC) X-Original-To: linux-crypto@vger.kernel.org Received: from abb.hmeau.com (abb.hmeau.com [144.6.53.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 91533A35 for ; Wed, 21 Feb 2024 05:19:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=144.6.53.87 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708492756; cv=none; b=lDqRqzaOpCfKwb8IjJb/Du6kVGLlKvyx9oiIuthMipTLC9RyCfPoAUieTsA2mc+EksFejbifdY0UcZOuNBaFRMnDoOC7DOv8aRYwW5rgztMt9u9TpTEXTcyvZEIDv9GQhmfR+2jgC8VtBAlFwRRO+uAVe3KU1e55idmn912qNzk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708492756; c=relaxed/simple; bh=a630WBtM15Lun9BatAeO/yXInRGZCfYm0X/zw7kuh2s=; h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type: Content-Disposition; b=Ahdd8w4x+PUZEznAgkAieshCHnjAXVcx+rBr2EJiihC62blngvjaQVXnHEj3k3VD9qYCrQRPN3WxYSke6n2H4lXAZjUpvL5PTAr5yTu7pIZSjuBJBiWZFnoDQ9PfU/SGkhlqruHu2dKO/PJN73OLfnH2L05cQ7itDsxFZo0Gnv0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=gondor.apana.org.au; spf=pass smtp.mailfrom=gondor.apana.org.au; arc=none smtp.client-ip=144.6.53.87 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=gondor.apana.org.au Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gondor.apana.org.au Received: from loth.rohan.me.apana.org.au ([192.168.167.2]) by formenos.hmeau.com with smtp (Exim 4.94.2 #2 (Debian)) id 1rcf0X-00FwdQ-7G; Wed, 21 Feb 2024 13:19:02 +0800 Received: by loth.rohan.me.apana.org.au (sSMTP sendmail emulation); Wed, 21 Feb 2024 13:19:15 +0800 Date: Wed, 21 Feb 2024 13:19:15 +0800 From: Herbert Xu To: Linux Crypto Mailing List , Nicolai Stange , Hannes Reinecke , Stephan Mueller Subject: [PATCH] crypto: dh - Make public key test FIPS-only Message-ID: Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline The function dh_is_pubkey_valid was added to for FIPS but it was only partially conditional to fips_enabled. In particular, the first test in the function relies on the last test to work properly, but the last test is only run in FIPS mode. Fix this inconsistency by making the whole function conditional on fips_enabled. Signed-off-by: Herbert Xu --- crypto/dh.c | 63 +++++++++++++++++++++++++++-------------------------- 1 file changed, 32 insertions(+), 31 deletions(-) diff --git a/crypto/dh.c b/crypto/dh.c index 0fcad279e6fe..68d11d66c0b5 100644 --- a/crypto/dh.c +++ b/crypto/dh.c @@ -106,6 +106,12 @@ static int dh_set_secret(struct crypto_kpp *tfm, const void *buf, */ static int dh_is_pubkey_valid(struct dh_ctx *ctx, MPI y) { + MPI val, q; + int ret; + + if (!fips_enabled) + return 0; + if (unlikely(!ctx->p)) return -EINVAL; @@ -125,41 +131,36 @@ static int dh_is_pubkey_valid(struct dh_ctx *ctx, MPI y) * * For the safe-prime groups q = (p - 1)/2. */ - if (fips_enabled) { - MPI val, q; - int ret; - - val = mpi_alloc(0); - if (!val) - return -ENOMEM; - - q = mpi_alloc(mpi_get_nlimbs(ctx->p)); - if (!q) { - mpi_free(val); - return -ENOMEM; - } - - /* - * ->p is odd, so no need to explicitly subtract one - * from it before shifting to the right. - */ - mpi_rshift(q, ctx->p, 1); - - ret = mpi_powm(val, y, q, ctx->p); - mpi_free(q); - if (ret) { - mpi_free(val); - return ret; - } - - ret = mpi_cmp_ui(val, 1); + val = mpi_alloc(0); + if (!val) + return -ENOMEM; + q = mpi_alloc(mpi_get_nlimbs(ctx->p)); + if (!q) { mpi_free(val); - - if (ret != 0) - return -EINVAL; + return -ENOMEM; } + /* + * ->p is odd, so no need to explicitly subtract one + * from it before shifting to the right. + */ + mpi_rshift(q, ctx->p, 1); + + ret = mpi_powm(val, y, q, ctx->p); + mpi_free(q); + if (ret) { + mpi_free(val); + return ret; + } + + ret = mpi_cmp_ui(val, 1); + + mpi_free(val); + + if (ret != 0) + return -EINVAL; + return 0; } -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt