Commit f66a211e authored by Herbert Xu's avatar Herbert Xu
Browse files

crypto: dh - Make public key test FIPS-only 



The function dh_is_pubkey_valid was added to for FIPS but it was
only partially conditional to fips_enabled.

In particular, the first test in the function relies on the last
test to work properly, but the last test is only run in FIPS mode.

Fix this inconsistency by making the whole function conditional
on fips_enabled.

Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent a24e3b58

crypto/dh.c

+29 −28
Original line number Diff line number Diff line
@@ -106,6 +106,12 @@ static int dh_set_secret(struct crypto_kpp *tfm, const void *buf, 
 */

static int dh_is_pubkey_valid(struct dh_ctx *ctx, MPI y)

{

	MPI val, q;

	int ret;



	if (!fips_enabled)

		return 0;



	if (unlikely(!ctx->p))

		return -EINVAL;
@@ -125,10 +131,6 @@ static int dh_is_pubkey_valid(struct dh_ctx *ctx, MPI y) 
	 *

	 * For the safe-prime groups q = (p - 1)/2.

	 */

	if (fips_enabled) {

		MPI val, q;

		int ret;



	val = mpi_alloc(0);

	if (!val)

		return -ENOMEM;
@@ -158,7 +160,6 @@ static int dh_is_pubkey_valid(struct dh_ctx *ctx, MPI y) 


	if (ret != 0)

		return -EINVAL;

	}



	return 0;

}