From a7c78c2c918a30e889fa167b7e6d901688a741d0 Mon Sep 17 00:00:00 2001
From: Michal Suchanek <msuchanek@suse.de>
Date: Mon, 16 Dec 2019 19:05:35 +0100
Subject: [PATCH] kABI: add _q suffix to exports that take struct dh
References: bsc#1155331
Patch-mainline: never, kABI
Also provide the old API with exports without suffix.
Make sure the FIPS pubkey check is only executed in FIPS mode.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
--- a/crypto/dh_helper.c
+++ b/crypto/dh_helper.c
@@ -118,3 +118,56 @@ int crypto_dh_decode_key(const char *buf
return 0;
}
EXPORT_SYMBOL_GPL(crypto_dh_decode_key);
+
+
+#undef dh
+#undef crypto_dh_key_len
+#undef crypto_dh_encode_key
+#undef crypto_dh_decode_key
+
+#define DH_KPP_SECRET_MIN_SIZE_NO_Q (sizeof(struct kpp_secret) + 3 * sizeof(int))
+
+static inline int dh_data_size_no_q(const struct dh *p)
+{
+ return p->key_size + p->p_size + p->g_size;
+}
+
+int crypto_dh_key_len(const struct dh *p)
+{
+ return DH_KPP_SECRET_MIN_SIZE_NO_Q + dh_data_size_no_q(p);
+}
+EXPORT_SYMBOL_GPL(crypto_dh_key_len);
+
+int crypto_dh_encode_key(char *buf, unsigned int len, const struct dh *old_params)
+{
+ struct dh_q params = {
+ .q_size = 0, .q = NULL,
+ .key_size = old_params->key_size,
+ .p_size = old_params->p_size,
+ .g_size = old_params->g_size,
+ .key = old_params->key,
+ .p = old_params->p,
+ .g = old_params->g,
+ };
+ return crypto_dh_encode_key_q(buf, len, ¶ms);
+
+}
+EXPORT_SYMBOL_GPL(crypto_dh_encode_key);
+
+int crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *old_params)
+{
+ struct dh_q params;
+ int ret = crypto_dh_decode_key_q(buf, len, ¶ms);
+ if (ret)
+ return ret;
+ if (params.q_size)
+ return -EOPNOTSUPP;
+ old_params->key_size = params.key_size;
+ old_params->p_size = params.p_size;
+ old_params->g_size = params.g_size;
+ old_params->key = params.key;
+ old_params->p = params.p;
+ old_params->g = params.g;
+ return ret;
+}
+EXPORT_SYMBOL_GPL(crypto_dh_decode_key);
--- a/include/crypto/dh.h
+++ b/include/crypto/dh.h
@@ -14,6 +14,31 @@
#define _CRYPTO_DH_
/**
+ * struct dh - define a DH private key for old API without Q parameter
+ *
+ * @key: Private DH key
+ * @p: Diffie-Hellman parameter P
+ * @g: Diffie-Hellman generator G
+ * @key_size: Size of the private DH key
+ * @p_size: Size of DH parameter P
+ * @g_size: Size of DH generator G
+ */
+struct dh {
+ void *key;
+ void *p;
+ void *g;
+ unsigned int key_size;
+ unsigned int p_size;
+ unsigned int g_size;
+};
+
+/* kABI we added the q parameter to struct dh so interface of these functions changed. */
+#define dh dh_q
+#define crypto_dh_key_len crypto_dh_key_len_q
+#define crypto_dh_encode_key crypto_dh_encode_key_q
+#define crypto_dh_decode_key crypto_dh_decode_key_q
+
+/**
* DOC: DH Helper Functions
*
* To use DH with the KPP cipher API, the following data structure and
--- a/crypto/dh.c
+++ b/crypto/dh.c
@@ -13,6 +13,7 @@
#include <crypto/internal/kpp.h>
#include <crypto/kpp.h>
#include <crypto/dh.h>
+#include <linux/fips.h>
#include <linux/mpi.h>
struct dh_ctx {
@@ -175,9 +176,11 @@ static int dh_compute_value(struct kpp_r
ret = -EINVAL;
goto err_free_val;
}
- ret = dh_is_pubkey_valid(ctx, base);
- if (ret)
- goto err_free_base;
+ if (fips_enabled) {
+ ret = dh_is_pubkey_valid(ctx, base);
+ if (ret)
+ goto err_free_base;
+ }
} else {
base = ctx->g;
}