1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
From d2c868c6370bcc0d0a254e641907da2cdf992d62 Mon Sep 17 00:00:00 2001
From: Yashpal Dutta <yashpal.dutta@freescale.com>
Date: Thu, 1 May 2014 06:35:45 +0545
Subject: [PATCH 16/26] Fixed DH keygen pair generator
Upstream-status: Pending
Wrong Padding results into keygen length error
Signed-off-by: Yashpal Dutta <yashpal.dutta@freescale.com>
Tested-by: Cristian Stoica <cristian.stoica@freescale.com>
---
crypto/engine/eng_cryptodev.c | 50 ++++++++++++++++++++++++++++---------------
1 file changed, 33 insertions(+), 17 deletions(-)
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index dab8fea..13d924f 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -3396,44 +3396,60 @@ sw_try:
static int cryptodev_dh_keygen(DH *dh)
{
struct crypt_kop kop;
- int ret = 1, g_len;
- unsigned char *g = NULL;
+ int ret = 1, q_len = 0;
+ unsigned char *q = NULL, *g = NULL, *s = NULL, *w = NULL;
+ BIGNUM *pub_key = NULL, *priv_key = NULL;
+ int generate_new_key = 1;
- if (dh->priv_key == NULL) {
- if ((dh->priv_key=BN_new()) == NULL)
- goto sw_try;
- }
+ if (dh->priv_key)
+ priv_key = dh->priv_key;
- if (dh->pub_key == NULL) {
- if ((dh->pub_key=BN_new()) == NULL)
- goto sw_try;
- }
+ if (dh->pub_key)
+ pub_key = dh->pub_key;
- g_len = BN_num_bytes(dh->p);
+ q_len = BN_num_bytes(dh->p);
/**
* Get generator into a plain buffer. If length is less than
* q_len then add leading padding bytes.
*/
- if (spcf_bn2bin_ex(dh->g, &g, &g_len)) {
+ if (spcf_bn2bin_ex(dh->g, &g, &q_len)) {
+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
+ goto sw_try;
+ }
+
+ if (spcf_bn2bin_ex(dh->p, &q, &q_len)) {
DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
goto sw_try;
}
memset(&kop, 0, sizeof kop);
kop.crk_op = CRK_DH_GENERATE_KEY;
- if (bn2crparam(dh->p, &kop.crk_param[0]))
- goto sw_try;
+ kop.crk_param[0].crp_p = q;
+ kop.crk_param[0].crp_nbits = q_len * 8;
if (!dh->q || bn2crparam(dh->q, &kop.crk_param[1]))
goto sw_try;
kop.crk_param[2].crp_p = g;
- kop.crk_param[2].crp_nbits = g_len * 8;
+ kop.crk_param[2].crp_nbits = q_len * 8;
kop.crk_iparams = 3;
+ s = OPENSSL_malloc (q_len);
+ if (!s) {
+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
+ goto sw_try;
+ }
+
+ w = OPENSSL_malloc (q_len);
+ if (!w) {
+ DSAerr(DH_F_DH_GENERATE_KEY, ERR_R_MALLOC_FAILURE);
+ goto sw_try;
+ }
+
/* pub_key is or prime length while priv key is of length of order */
- if (cryptodev_asym(&kop, BN_num_bytes(dh->p), dh->pub_key,
- BN_num_bytes(dh->q), dh->priv_key))
+ if (cryptodev_asym(&kop, q_len, w, q_len, s))
goto sw_try;
+ dh->pub_key = BN_bin2bn(w, q_len, pub_key);
+ dh->pub_key = BN_bin2bn(s, q_len, priv_key);
return ret;
sw_try:
{
--
2.3.5
|
