Re: [PATCH 01/18] crypto: dh - remove struct dh's ->q member

From: Hannes Reinecke
Date: Wed Dec 01 2021 - 02:11:26 EST

Next message: Tang Yizhou: "[PATCH v3 0/2] cpufreq: Update function comment and document"
Previous message: Greg KH: "Re: [PATCH] firmware_loader: export sysctl registration"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/1/21 1:48 AM, Nicolai Stange wrote:

The only current user of the DH KPP algorithm, the
keyctl(KEYCTL_DH_COMPUTE) syscall, doesn't set the domain parameter ->q
in struct dh. Remove it and any associated (de)serialization code in
crypto_dh_encode_key() and crypto_dh_decode_key. Adjust the encoded
->secret values in testmgr's DH test vectors accordingly.

Note that the dh-generic implementation would have initialized its
struct dh_ctx's ->q from the decoded struct dh's ->q, if present. If this
struct dh_ctx's ->q would ever have been non-NULL, it would have enabled a
full key validation as specified in NIST SP800-56A in dh_is_pubkey_valid().
However, as outlined above, ->q is always NULL in practice and the full key
validation code is effectively dead. A later patch will make
dh_is_pubkey_valid() to calculate Q from P on the fly, if possible, so
don't remove struct dh_ctx's ->q now, but leave it there until that has
happened.

Signed-off-by: Nicolai Stange <nstange@xxxxxxx>
---
crypto/dh.c | 6 ------
crypto/dh_helper.c | 17 ++++-------------
crypto/testmgr.h | 16 ++++++----------
include/crypto/dh.h | 4 ----
4 files changed, 10 insertions(+), 33 deletions(-)

Reviewed-by: Hannes Reinecke <hare@xxxxxxx>

Cheers,

Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@xxxxxxx +49 911 74053 688
SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), Geschäftsführer: Felix Imendörffer

Next message: Tang Yizhou: "[PATCH v3 0/2] cpufreq: Update function comment and document"
Previous message: Greg KH: "Re: [PATCH] firmware_loader: export sysctl registration"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]