diff options
| author | Mark Brown <broonie@kernel.org> | 2023-07-17 08:12:31 +0300 |
|---|---|---|
| committer | Mark Brown <broonie@kernel.org> | 2023-07-17 08:12:31 +0300 |
| commit | 0791faebfe750292a8a842b64795a390ca4a3b51 (patch) | |
| tree | 0e6095a5a0130398b0693bddfdc421c41eebda7c /crypto/rsa.c | |
| parent | e8bf1741c14eb8e4a4e1364d45aeeab66660ab9b (diff) | |
| parent | fdf0eaf11452d72945af31804e2a1048ee1b574c (diff) | |
| download | linux-0791faebfe750292a8a842b64795a390ca4a3b51.tar.xz | |
ASoC: Merge v6.5-rc2
Get a similar baseline to my other branches, and fixes for people using
the branch.
Diffstat (limited to 'crypto/rsa.c')
| -rw-r--r-- | crypto/rsa.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/crypto/rsa.c b/crypto/rsa.c index c50f2d2a4d06..c79613cdce6e 100644 --- a/crypto/rsa.c +++ b/crypto/rsa.c @@ -205,6 +205,32 @@ static int rsa_check_key_length(unsigned int len) return -EINVAL; } +static int rsa_check_exponent_fips(MPI e) +{ + MPI e_max = NULL; + + /* check if odd */ + if (!mpi_test_bit(e, 0)) { + return -EINVAL; + } + + /* check if 2^16 < e < 2^256. */ + if (mpi_cmp_ui(e, 65536) <= 0) { + return -EINVAL; + } + + e_max = mpi_alloc(0); + mpi_set_bit(e_max, 256); + + if (mpi_cmp(e, e_max) >= 0) { + mpi_free(e_max); + return -EINVAL; + } + + mpi_free(e_max); + return 0; +} + static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsigned int keylen) { @@ -232,6 +258,11 @@ static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, return -EINVAL; } + if (fips_enabled && rsa_check_exponent_fips(mpi_key->e)) { + rsa_free_mpi_key(mpi_key); + return -EINVAL; + } + return 0; err: @@ -290,6 +321,11 @@ static int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key, return -EINVAL; } + if (fips_enabled && rsa_check_exponent_fips(mpi_key->e)) { + rsa_free_mpi_key(mpi_key); + return -EINVAL; + } + return 0; err: |