After the generation of a local public key, SP800-56A rev 3 section 5.6.2.1.3 mandates a validation of that key with a full validation compliant to section 5.6.2.3.1. Only if the full validation passes, the key is allowed to be used. Signed-off-by: Stephan Mueller <smueller@xxxxxxxxxx> --- crypto/dh.c | 59 ++++++++++++++++++++++++++++++----------------------- 1 file changed, 34 insertions(+), 25 deletions(-) diff --git a/crypto/dh.c b/crypto/dh.c index f84fd50ec79b..cd4f32092e5c 100644 --- a/crypto/dh.c +++ b/crypto/dh.c @@ -180,32 +180,41 @@ static int dh_compute_value(struct kpp_request *req) if (ret) goto err_free_base; - /* SP800-56A rev3 5.7.1.1 check: Validation of shared secret */ - if (fips_enabled && req->src) { - MPI pone; - - /* z <= 1 */ - if (mpi_cmp_ui(val, 1) < 1) { - ret = -EBADMSG; - goto err_free_base; - } - - /* z == p - 1 */ - pone = mpi_alloc(0); - - if (!pone) { - ret = -ENOMEM; - goto err_free_base; + if (fips_enabled) { + /* SP800-56A rev3 5.7.1.1 check: Validation of shared secret */ + if (req->src) { + MPI pone; + + /* z <= 1 */ + if (mpi_cmp_ui(val, 1) < 1) { + ret = -EBADMSG; + goto err_free_base; + } + + /* z == p - 1 */ + pone = mpi_alloc(0); + + if (!pone) { + ret = -ENOMEM; + goto err_free_base; + } + + ret = mpi_sub_ui(pone, ctx->p, 1); + if (!ret && !mpi_cmp(pone, val)) + ret = -EBADMSG; + + mpi_free(pone); + + if (ret) + goto err_free_base; + + /* SP800-56A rev 3 5.6.2.1.3 key check */ + } else { + if (dh_is_pubkey_valid(ctx, val)) { + ret = -EAGAIN; + goto err_free_val; + } } - - ret = mpi_sub_ui(pone, ctx->p, 1); - if (!ret && !mpi_cmp(pone, val)) - ret = -EBADMSG; - - mpi_free(pone); - - if (ret) - goto err_free_base; } ret = mpi_write_to_sgl(val, req->dst, req->dst_len, &sign); -- 2.26.2