From 8162e252ce4e8fcd34f57e7ea8776e99e341fe4d Mon Sep 17 00:00:00 2001
From: Torsten Duwe <duwe@suse.de>
Date: Dec 18 2019 15:05:52 +0000
Subject: patches.kabi/kABI-add-_q-suffix-to-exports-that-take-struct-dh.patch:

	Make sure the FIPS pubkey check is only executed in FIPS mode.

---

diff --git a/patches.kabi/kABI-add-_q-suffix-to-exports-that-take-struct-dh.patch b/patches.kabi/kABI-add-_q-suffix-to-exports-that-take-struct-dh.patch
index 9174e15..d083734 100644
--- a/patches.kabi/kABI-add-_q-suffix-to-exports-that-take-struct-dh.patch
+++ b/patches.kabi/kABI-add-_q-suffix-to-exports-that-take-struct-dh.patch
@@ -7,18 +7,13 @@ References: bsc#1155331
 Patch-mainline: never, kABI
 
 Also provide the old API with exports without suffix.
+Make sure the FIPS pubkey check is only executed in FIPS mode.
 
 Signed-off-by: Michal Suchanek <msuchanek@suse.de>
----
- crypto/dh_helper.c  | 53 +++++++++++++++++++++++++++++++++++++++++++++
- include/crypto/dh.h | 25 +++++++++++++++++++++
- 2 files changed, 78 insertions(+)
 
-diff --git a/crypto/dh_helper.c b/crypto/dh_helper.c
-index 14539904416e..cea667d370cc 100644
 --- a/crypto/dh_helper.c
 +++ b/crypto/dh_helper.c
-@@ -109,3 +109,56 @@ int crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *params)
+@@ -118,3 +118,56 @@ int crypto_dh_decode_key(const char *buf
  	return 0;
  }
  EXPORT_SYMBOL_GPL(crypto_dh_decode_key);
@@ -75,15 +70,12 @@ index 14539904416e..cea667d370cc 100644
 +	return ret;
 +}
 +EXPORT_SYMBOL_GPL(crypto_dh_decode_key);
-diff --git a/include/crypto/dh.h b/include/crypto/dh.h
-index 6b424ad3482e..5ad8690a3a9e 100644
 --- a/include/crypto/dh.h
 +++ b/include/crypto/dh.h
-@@ -13,6 +13,31 @@
- #ifndef _CRYPTO_DH_
+@@ -14,6 +14,31 @@
  #define _CRYPTO_DH_
  
-+/**
+ /**
 + * struct dh - define a DH private key for old API without Q parameter
 + *
 + * @key:	Private DH key
@@ -108,9 +100,32 @@ index 6b424ad3482e..5ad8690a3a9e 100644
 +#define crypto_dh_encode_key crypto_dh_encode_key_q
 +#define crypto_dh_decode_key crypto_dh_decode_key_q
 +
- /**
++/**
   * DOC: DH Helper Functions
   *
--- 
-2.23.0
-
+  * To use DH with the KPP cipher API, the following data structure and
+--- a/crypto/dh.c
++++ b/crypto/dh.c
+@@ -13,6 +13,7 @@
+ #include <crypto/internal/kpp.h>
+ #include <crypto/kpp.h>
+ #include <crypto/dh.h>
++#include <linux/fips.h>
+ #include <linux/mpi.h>
+ 
+ struct dh_ctx {
+@@ -175,9 +176,11 @@ static int dh_compute_value(struct kpp_r
+ 			ret = -EINVAL;
+ 			goto err_free_val;
+ 		}
+-		ret = dh_is_pubkey_valid(ctx, base);
+-		if (ret)
+-			goto err_free_base;
++		if (fips_enabled) {
++			ret = dh_is_pubkey_valid(ctx, base);
++			if (ret)
++				goto err_free_base;
++		}
+ 	} else {
+ 		base = ctx->g;
+ 	}