Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTorsten Duwe <duwe@suse.de>2019-12-18 16:01:37 +0100
committerTorsten Duwe <duwe@suse.de>2019-12-18 16:05:52 +0100
commite5768a40c507f25468e6eaec7f139253461c8d48 (patch)
tree367d502787e2fd52ed65f709c3a789cbce80474c
parent353586249d5f535755593fb4aff04491b3425b83 (diff)
patches.kabi/kABI-add-_q-suffix-to-exports-that-take-struct-dh.patch:rpm-4.12.14-150.47--sle15-updatesrpm-4.12.14-150.47
Make sure the FIPS pubkey check is only executed in FIPS mode. suse-commit: 8162e252ce4e8fcd34f57e7ea8776e99e341fe4d
-rw-r--r--crypto/dh.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/crypto/dh.c b/crypto/dh.c
index 9b10bf7a957f..7424aafa8b5d 100644
--- a/crypto/dh.c
+++ b/crypto/dh.c
@@ -13,6 +13,7 @@
#include <crypto/internal/kpp.h>
#include <crypto/kpp.h>
#include <crypto/dh.h>
+#include <linux/fips.h>
#include <linux/mpi.h>
struct dh_ctx {
@@ -175,9 +176,11 @@ static int dh_compute_value(struct kpp_request *req)
ret = -EINVAL;
goto err_free_val;
}
- ret = dh_is_pubkey_valid(ctx, base);
- if (ret)
- goto err_free_base;
+ if (fips_enabled) {
+ ret = dh_is_pubkey_valid(ctx, base);
+ if (ret)
+ goto err_free_base;
+ }
} else {
base = ctx->g;
}