Am Mittwoch, 17. Mai 2017, 17:26:52 CEST schrieb Tudor Ambarus: Hi Tudor, > If the user provides a NULL private key, the kernel will > generate it and further use it for dh. > > Signed-off-by: Tudor Ambarus <tudor.ambarus@xxxxxxxxxxxxx> > --- > crypto/dh.c | 21 +++++++++++++++++++++ > 1 file changed, 21 insertions(+) > > diff --git a/crypto/dh.c b/crypto/dh.c > index 87e3542..7b4ac5b 100644 > --- a/crypto/dh.c > +++ b/crypto/dh.c > @@ -83,7 +83,9 @@ static int dh_set_secret(struct crypto_kpp *tfm, const > void *buf, unsigned int len) > { > struct dh_ctx *ctx = dh_get_ctx(tfm); > + u8 *rndbuf = NULL; > struct dh params; > + int maxsize; > > if (crypto_dh_decode_key(buf, len, ¶ms) < 0) > return -EINVAL; > @@ -91,7 +93,26 @@ static int dh_set_secret(struct crypto_kpp *tfm, const > void *buf, if (dh_set_params(ctx, ¶ms) < 0) > return -EINVAL; > > + if (!params.key || !params.key_size) { > + maxsize = crypto_kpp_maxsize(tfm); > + if (maxsize < 0) { > + dh_clear_params(ctx); > + return maxsize; > + } > + > + rndbuf = kmalloc(maxsize, GFP_KERNEL); > + if (!rndbuf) { > + dh_clear_params(ctx); > + return -ENOMEM; > + } > + > + get_random_bytes(rndbuf, maxsize); Could you please use again the kernel crypto API RNG as mentioned for ECC? > + params.key = rndbuf; > + params.key_size = maxsize; > + } > + > ctx->xa = mpi_read_raw_data(params.key, params.key_size); > + kzfree(rndbuf); > if (!ctx->xa) { > dh_clear_params(ctx); > return -EINVAL; Ciao Stephan