Home Home > GIT Browse > linux-next
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTorsten Duwe <duwe@suse.de>2019-12-18 16:01:37 +0100
committerTorsten Duwe <duwe@suse.de>2019-12-18 16:05:52 +0100
commit8162e252ce4e8fcd34f57e7ea8776e99e341fe4d (patch)
tree00489f82efd76bb041c6d260e68f7fab66a70197
parenta30af001ad0d4a7d632d94946f704ea84d53e8ac (diff)
patches.kabi/kABI-add-_q-suffix-to-exports-that-take-struct-dh.patch:rpm-4.12.14-150.47--sle15-updatesrpm-4.12.14-150.47
Make sure the FIPS pubkey check is only executed in FIPS mode.
-rw-r--r--patches.kabi/kABI-add-_q-suffix-to-exports-that-take-struct-dh.patch47
1 files changed, 31 insertions, 16 deletions
diff --git a/patches.kabi/kABI-add-_q-suffix-to-exports-that-take-struct-dh.patch b/patches.kabi/kABI-add-_q-suffix-to-exports-that-take-struct-dh.patch
index 9174e15c33..d083734beb 100644
--- a/patches.kabi/kABI-add-_q-suffix-to-exports-that-take-struct-dh.patch
+++ b/patches.kabi/kABI-add-_q-suffix-to-exports-that-take-struct-dh.patch
@@ -7,18 +7,13 @@ References: bsc#1155331
Patch-mainline: never, kABI
Also provide the old API with exports without suffix.
+Make sure the FIPS pubkey check is only executed in FIPS mode.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
----
- crypto/dh_helper.c | 53 +++++++++++++++++++++++++++++++++++++++++++++
- include/crypto/dh.h | 25 +++++++++++++++++++++
- 2 files changed, 78 insertions(+)
-diff --git a/crypto/dh_helper.c b/crypto/dh_helper.c
-index 14539904416e..cea667d370cc 100644
--- a/crypto/dh_helper.c
+++ b/crypto/dh_helper.c
-@@ -109,3 +109,56 @@ int crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *params)
+@@ -118,3 +118,56 @@ int crypto_dh_decode_key(const char *buf
return 0;
}
EXPORT_SYMBOL_GPL(crypto_dh_decode_key);
@@ -75,15 +70,12 @@ index 14539904416e..cea667d370cc 100644
+ return ret;
+}
+EXPORT_SYMBOL_GPL(crypto_dh_decode_key);
-diff --git a/include/crypto/dh.h b/include/crypto/dh.h
-index 6b424ad3482e..5ad8690a3a9e 100644
--- a/include/crypto/dh.h
+++ b/include/crypto/dh.h
-@@ -13,6 +13,31 @@
- #ifndef _CRYPTO_DH_
+@@ -14,6 +14,31 @@
#define _CRYPTO_DH_
-+/**
+ /**
+ * struct dh - define a DH private key for old API without Q parameter
+ *
+ * @key: Private DH key
@@ -108,9 +100,32 @@ index 6b424ad3482e..5ad8690a3a9e 100644
+#define crypto_dh_encode_key crypto_dh_encode_key_q
+#define crypto_dh_decode_key crypto_dh_decode_key_q
+
- /**
++/**
* DOC: DH Helper Functions
*
---
-2.23.0
-
+ * To use DH with the KPP cipher API, the following data structure and
+--- a/crypto/dh.c
++++ b/crypto/dh.c
+@@ -13,6 +13,7 @@
+ #include <crypto/internal/kpp.h>
+ #include <crypto/kpp.h>
+ #include <crypto/dh.h>
++#include <linux/fips.h>
+ #include <linux/mpi.h>
+
+ struct dh_ctx {
+@@ -175,9 +176,11 @@ static int dh_compute_value(struct kpp_r
+ ret = -EINVAL;
+ goto err_free_val;
+ }
+- ret = dh_is_pubkey_valid(ctx, base);
+- if (ret)
+- goto err_free_base;
++ if (fips_enabled) {
++ ret = dh_is_pubkey_valid(ctx, base);
++ if (ret)
++ goto err_free_base;
++ }
+ } else {
+ base = ctx->g;
+ }