kernel / kernel-source

Clone
Source Code
GIT

Blame patches.suse/crypto-dh-check-validity-of-z-before-export

ALP-current ALP-current-GA ALP-current-RT ALP-current-RT-GA SLE12-SP5 SLE12-SP5-AZURE SLE12-SP5-RT SLE15-SP2-EB SLE15-SP3-RT-LTSS SLE15-SP4-RT-LTSS SLE15-SP5 SLE15-SP5-AZURE SLE15-SP5-RT SLE15-SP6 SLE15-SP6-AZURE SLE15-SP6-AZURE-GA SLE15-SP6-GA SLE15-SP6-RT SLE15-SP6-RT-GA linux-next master packaging scripts slowroll stable vanilla
  1.   a291df1060d059dec7398fafd04574060e099842
  2.   patches.suse
  3.   crypto-dh-check-validity-of-z-before-export
Blob History Raw
Petr Tesarik a30ba3 
From: =?UTF-8?q?Stephan=20M=C3=BCller?= <smueller@chronox.de>
Petr Tesarik a30ba3 
Date: Mon, 20 Jul 2020 19:08:32 +0200
Petr Tesarik a30ba3 
Subject: crypto: dh - check validity of Z before export
Petr Tesarik a30ba3 
Git-commit: 90fa9ae51c1f2fa932bfa0a4d19163d49f0c1c46
Petr Tesarik a30ba3 
Patch-mainline: v5.9-rc1
Petr Tesarik a30ba3 
References: bsc#1175718
Petr Tesarik a30ba3
Petr Tesarik a30ba3 
SP800-56A rev3 section 5.7.1.1 step 2 mandates that the validity of the
Petr Tesarik a30ba3 
calculated shared secret is verified before the data is returned to the
Petr Tesarik a30ba3 
caller. This patch adds the validation check.
Petr Tesarik a30ba3
Petr Tesarik a30ba3 
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Petr Tesarik a30ba3 
Acked-by: Neil Horman <nhorman@redhat.com>
Petr Tesarik a30ba3 
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Petr Tesarik a30ba3 
Acked-by: Petr Tesarik <ptesarik@suse.com>
Petr Tesarik a30ba3 
---
Petr Tesarik a30ba3 
 crypto/dh.c |   29 +++++++++++++++++++++++++++++
Petr Tesarik a30ba3 
 1 file changed, 29 insertions(+)
Petr Tesarik a30ba3
Petr Tesarik a30ba3 
--- a/crypto/dh.c
Petr Tesarik a30ba3 
+++ b/crypto/dh.c
Petr Tesarik a30ba3 
@@ -9,6 +9,7 @@
Petr Tesarik a30ba3 
 #include <crypto/internal/kpp.h>
Petr Tesarik a30ba3 
 #include <crypto/kpp.h>
Petr Tesarik a30ba3 
 #include <crypto/dh.h>
Petr Tesarik a30ba3 
+#include <linux/fips.h>
Petr Tesarik a30ba3 
 #include <linux/mpi.h>
Petr Tesarik a30ba3
Petr Tesarik a30ba3 
 struct dh_ctx {
Petr Tesarik a30ba3 
@@ -179,6 +180,34 @@ static int dh_compute_value(struct kpp_r
Petr Tesarik a30ba3 
 	if (ret)
Petr Tesarik a30ba3 
 		goto err_free_base;
Petr Tesarik a30ba3
Petr Tesarik a30ba3 
+	/* SP800-56A rev3 5.7.1.1 check: Validation of shared secret */
Petr Tesarik a30ba3 
+	if (fips_enabled && req->src) {
Petr Tesarik a30ba3 
+		MPI pone;
Petr Tesarik a30ba3 
+
Petr Tesarik a30ba3 
+		/* z <= 1 */
Petr Tesarik a30ba3 
+		if (mpi_cmp_ui(val, 1) < 1) {
Petr Tesarik a30ba3 
+			ret = -EBADMSG;
Petr Tesarik a30ba3 
+			goto err_free_base;
Petr Tesarik a30ba3 
+		}
Petr Tesarik a30ba3 
+
Petr Tesarik a30ba3 
+		/* z == p - 1 */
Petr Tesarik a30ba3 
+		pone = mpi_alloc(0);
Petr Tesarik a30ba3 
+
Petr Tesarik a30ba3 
+		if (!pone) {
Petr Tesarik a30ba3 
+			ret = -ENOMEM;
Petr Tesarik a30ba3 
+			goto err_free_base;
Petr Tesarik a30ba3 
+		}
Petr Tesarik a30ba3 
+
Petr Tesarik a30ba3 
+		ret = mpi_sub_ui(pone, ctx->p, 1);
Petr Tesarik a30ba3 
+		if (!ret && !mpi_cmp(pone, val))
Petr Tesarik a30ba3 
+			ret = -EBADMSG;
Petr Tesarik a30ba3 
+
Petr Tesarik a30ba3 
+		mpi_free(pone);
Petr Tesarik a30ba3 
+
Petr Tesarik a30ba3 
+		if (ret)
Petr Tesarik a30ba3 
+			goto err_free_base;
Petr Tesarik a30ba3 
+	}
Petr Tesarik a30ba3 
+
Petr Tesarik a30ba3 
 	ret = mpi_write_to_sgl(val, req->dst, req->dst_len, &sign;;
Petr Tesarik a30ba3 
 	if (ret)
Petr Tesarik a30ba3 
 		goto err_free_base;
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.