From patchwork Fri Jul 7 13:18:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Weili Qian X-Patchwork-Id: 13304891 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E4D31EB64D9 for ; Fri, 7 Jul 2023 13:20:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231460AbjGGNUu (ORCPT ); Fri, 7 Jul 2023 09:20:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46554 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229661AbjGGNUt (ORCPT ); Fri, 7 Jul 2023 09:20:49 -0400 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A269F1FC9; Fri, 7 Jul 2023 06:20:47 -0700 (PDT) Received: from kwepemm600009.china.huawei.com (unknown [172.30.72.54]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4QyDTN1LY9zMqNw; Fri, 7 Jul 2023 21:17:28 +0800 (CST) Received: from localhost.localdomain (10.69.192.56) by kwepemm600009.china.huawei.com (7.193.23.164) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Fri, 7 Jul 2023 21:20:42 +0800 From: Weili Qian To: CC: , , Subject: [PATCH] crypto: hisilicon/hpre - ensure private key less than n Date: Fri, 7 Jul 2023 21:18:19 +0800 Message-ID: <20230707131819.50016-1-qianweili@huawei.com> X-Mailer: git-send-email 2.33.0 MIME-Version: 1.0 X-Originating-IP: [10.69.192.56] X-ClientProxiedBy: dggems701-chm.china.huawei.com (10.3.19.178) To kwepemm600009.china.huawei.com (7.193.23.164) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The private key of the curve key size generated by stdrng, which maybe not less than n. Therefore, the private key with the curve key size minus 1 is generated to ensure that the private key is less than n. Signed-off-by: Weili Qian --- drivers/crypto/hisilicon/hpre/hpre_crypto.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/hisilicon/hpre/hpre_crypto.c b/drivers/crypto/hisilicon/hpre/hpre_crypto.c index 8ede77310dc5..9a1c61be32cc 100644 --- a/drivers/crypto/hisilicon/hpre/hpre_crypto.c +++ b/drivers/crypto/hisilicon/hpre/hpre_crypto.c @@ -1392,9 +1392,9 @@ static int hpre_ecdh_set_secret(struct crypto_kpp *tfm, const void *buf, unsigned int len) { struct hpre_ctx *ctx = kpp_tfm_ctx(tfm); + unsigned int sz, sz_shift, curve_sz; struct device *dev = ctx->dev; char key[HPRE_ECC_MAX_KSZ]; - unsigned int sz, sz_shift; struct ecdh params; int ret; @@ -1406,7 +1406,13 @@ static int hpre_ecdh_set_secret(struct crypto_kpp *tfm, const void *buf, /* Use stdrng to generate private key */ if (!params.key || !params.key_size) { params.key = key; - params.key_size = hpre_ecdh_get_curvesz(ctx->curve_id); + curve_sz = hpre_ecdh_get_curvesz(ctx->curve_id); + if (!curve_sz) { + dev_err(dev, "Invalid curve size!\n"); + return -EINVAL; + } + + params.key_size = curve_sz - 1; ret = ecdh_gen_privkey(ctx, ¶ms); if (ret) return ret;