kernel/linux.git/crypto/dh.c, branch v7.1-rc5Linux kernel stable tree (mirror)https://git.radix-linux.su/kernel/linux.git/atom?h=v7.1-rc52026-04-03T00:56:11+00:00crypto: dh - Use crypto_stdrng_get_bytes()2026-04-03T00:56:11+00:00Eric Biggersebiggers@kernel.org2026-03-26T00:14:58+00:00urn:sha1:9e9ff291c9776c109a198eab5b5ac3828abf8507
Replace the sequence of crypto_get_default_rng(),
crypto_rng_get_bytes(), and crypto_put_default_rng() with the equivalent
helper function crypto_stdrng_get_bytes().
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Revert "crypto: run initcalls for generic implementations earlier"2025-05-05T10:20:44+00:00Herbert Xuherbert@gondor.apana.org.au2025-04-30T08:17:02+00:00urn:sha1:ef93f1562803cd7bb8159e3abedaf7f47dce4e35
This reverts commit c4741b23059794bd99beef0f700103b0d983b3fd.
Crypto API self-tests no longer run at registration time and now
occur either at late_initcall or upon the first use.
Therefore the premise of the above commit no longer exists. Revert
it and subsequent additions of subsys_initcall and arch_initcall.
Note that lib/crypto calls will stay at subsys_initcall (or rather
downgraded from arch_initcall) because they may need to occur
before Crypto API registration.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: dh - Check mpi_rshift errors2024-08-17T05:55:50+00:00Herbert Xuherbert@gondor.apana.org.au2024-08-10T06:20:59+00:00urn:sha1:560efa7fca4f4f5bd390e54d43cd2cd1831c60cd
Now that mpi_rshift can return errors, check them.
Fixes: 35d2bf20683f ("crypto: dh - calculate Q from P for the full public key verification")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: dh - Make public key test FIPS-only2024-03-01T10:35:40+00:00Herbert Xuherbert@gondor.apana.org.au2024-02-21T05:19:15+00:00urn:sha1:f66a211e8c5d9b1b0531364c1b16874b0499e0d2
The function dh_is_pubkey_valid was added to for FIPS but it was
only partially conditional to fips_enabled.
In particular, the first test in the function relies on the last
test to work properly, but the last test is only run in FIPS mode.
Fix this inconsistency by making the whole function conditional
on fips_enabled.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: api - Use data directly in completion function2023-02-13T10:35:14+00:00Herbert Xuherbert@gondor.apana.org.au2023-02-08T05:58:44+00:00urn:sha1:255e48eb17684157336bd6dd98d22c1b2d9e3f43
This patch does the final flag day conversion of all completion
functions which are now all contained in the Crypto API.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: dh - Use helper to set reqsize2022-12-02T10:12:40+00:00Herbert Xuherbert@gondor.apana.org.au2022-11-22T10:06:56+00:00urn:sha1:cb99fc0dd1f6985e8b6ade93e3d69f5e33930539
The value of reqsize must only be changed through the helper.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: add __init/__exit annotations to init/exit funcs2022-09-24T08:14:43+00:00Xiu Jianfengxiujianfeng@huawei.com2022-09-15T03:36:15+00:00urn:sha1:33837be33367172d66d1f2bd6964cc41448e6e7c
Add missing __init/__exit annotations to init/exit funcs.
Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: dh - Remove the unused function dh_safe_prime_dh_alg()2022-03-14T02:45:45+00:00Jiapeng Chongjiapeng.chong@linux.alibaba.com2022-03-08T07:55:37+00:00urn:sha1:c6ded03bcac9dde5bc7b4a1121efa050a28118b0
Fix the following W=1 kernel warnings:
crypto/dh.c:311:31: warning: unused function 'dh_safe_prime_dh_alg'
[-Wunused-function]
Reported-by: Abaci Robot <abaci@linux.alibaba.com>
Signed-off-by: Jiapeng Chong <jiapeng.chong@linux.alibaba.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: dh - calculate Q from P for the full public key verification2022-03-02T22:47:52+00:00Nicolai Stangenstange@suse.de2022-02-21T12:11:01+00:00urn:sha1:35d2bf20683f60288441844ab19ce671075643e6
As the ->q in struct dh_ctx gets never set anywhere, the code in
dh_is_pubkey_valid() for doing the full public key validation in accordance
to SP800-56Arev3 is effectively dead.
However, for safe-prime groups Q = (P - 1)/2 by definition and
as the safe-prime groups are the only possible groups in FIPS mode (via
those ffdheXYZ() templates), this enables dh_is_pubkey_valid() to calculate
Q on the fly for these.
Implement this.
With this change, the last code accessing struct dh_ctx's ->q is now gone.
Remove this member from struct dh_ctx.
Signed-off-by: Nicolai Stange <nstange@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: dh - allow for passing NULL to the ffdheXYZ(dh)s' ->set_secret()2022-03-02T22:47:51+00:00Nicolai Stangenstange@suse.de2022-02-21T12:10:57+00:00urn:sha1:c8e8236cf71f1e808120804339d2c23dc304f9cd
Ephemeral key generation can be requested from any of the ffdheXYZ(dh)
variants' common ->set_secret() by passing it an (encoded) struct dh
with the key parameter being unset, i.e. with ->key_size == 0. As the
whole purpose of the ffdheXYZ(dh) templates is to fill in the group
parameters as appropriate, they expect ->p and ->g to be unset in any
input struct dh as well. This means that a user would have to encode an
all-zeroes struct dh instance via crypto_dh_encode_key() when requesting
ephemeral key generation from a ffdheXYZ(dh) instance, which is kind of
pointless.
Make dh_safe_prime_set_secret() to decode a struct dh from the supplied
buffer only if the latter is non-NULL and initialize it with all zeroes
otherwise.
That is, it is now possible to call
crypto_kpp_set_secret(tfm, NULL, 0);
on any ffdheXYZ(dh) tfm for requesting ephemeral key generation.
Signed-off-by: Nicolai Stange <nstange@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>