Reviewed-by: Marcelo Henrique Cerri <marcelo.cerri@xxxxxxxxxxxxx> Tested-by: Marcelo Henrique Cerri <marcelo.cerri@xxxxxxxxxxxxx> On Sun, Jul 12, 2020 at 06:40:57PM +0200, Stephan Müller wrote: > After the generation of a local public key, SP800-56A rev 3 section > 5.6.2.1.3 mandates a validation of that key with a full validation > compliant to section 5.6.2.3.1. > > Only if the full validation passes, the key is allowed to be used. > > Signed-off-by: Stephan Mueller <smueller@xxxxxxxxxx> > --- > crypto/dh.c | 59 ++++++++++++++++++++++++++++++----------------------- > 1 file changed, 34 insertions(+), 25 deletions(-) > > diff --git a/crypto/dh.c b/crypto/dh.c > index f84fd50ec79b..cd4f32092e5c 100644 > --- a/crypto/dh.c > +++ b/crypto/dh.c > @@ -180,32 +180,41 @@ static int dh_compute_value(struct kpp_request *req) > if (ret) > goto err_free_base; > > - /* SP800-56A rev3 5.7.1.1 check: Validation of shared secret */ > - if (fips_enabled && req->src) { > - MPI pone; > - > - /* z <= 1 */ > - if (mpi_cmp_ui(val, 1) < 1) { > - ret = -EBADMSG; > - goto err_free_base; > - } > - > - /* z == p - 1 */ > - pone = mpi_alloc(0); > - > - if (!pone) { > - ret = -ENOMEM; > - goto err_free_base; > + if (fips_enabled) { > + /* SP800-56A rev3 5.7.1.1 check: Validation of shared secret */ > + if (req->src) { > + MPI pone; > + > + /* z <= 1 */ > + if (mpi_cmp_ui(val, 1) < 1) { > + ret = -EBADMSG; > + goto err_free_base; > + } > + > + /* z == p - 1 */ > + pone = mpi_alloc(0); > + > + if (!pone) { > + ret = -ENOMEM; > + goto err_free_base; > + } > + > + ret = mpi_sub_ui(pone, ctx->p, 1); > + if (!ret && !mpi_cmp(pone, val)) > + ret = -EBADMSG; > + > + mpi_free(pone); > + > + if (ret) > + goto err_free_base; > + > + /* SP800-56A rev 3 5.6.2.1.3 key check */ > + } else { > + if (dh_is_pubkey_valid(ctx, val)) { > + ret = -EAGAIN; > + goto err_free_val; > + } > } > - > - ret = mpi_sub_ui(pone, ctx->p, 1); > - if (!ret && !mpi_cmp(pone, val)) > - ret = -EBADMSG; > - > - mpi_free(pone); > - > - if (ret) > - goto err_free_base; > } > > ret = mpi_write_to_sgl(val, req->dst, req->dst_len, &sign); > -- > 2.26.2 > > > > -- Regards, Marcelo
Attachment:
signature.asc
Description: PGP signature