diff options
Diffstat (limited to 'crypto/dh.c')
-rw-r--r-- | crypto/dh.c | 57 |
1 files changed, 29 insertions, 28 deletions
diff --git a/crypto/dh.c b/crypto/dh.c index 0fcad279e6..68d11d66c0 100644 --- a/crypto/dh.c +++ b/crypto/dh.c @@ -106,6 +106,12 @@ err_clear_ctx: */ static int dh_is_pubkey_valid(struct dh_ctx *ctx, MPI y) { + MPI val, q; + int ret; + + if (!fips_enabled) + return 0; + if (unlikely(!ctx->p)) return -EINVAL; @@ -125,40 +131,35 @@ static int dh_is_pubkey_valid(struct dh_ctx *ctx, MPI y) * * For the safe-prime groups q = (p - 1)/2. */ - if (fips_enabled) { - MPI val, q; - int ret; + val = mpi_alloc(0); + if (!val) + return -ENOMEM; - val = mpi_alloc(0); - if (!val) - return -ENOMEM; + q = mpi_alloc(mpi_get_nlimbs(ctx->p)); + if (!q) { + mpi_free(val); + return -ENOMEM; + } - q = mpi_alloc(mpi_get_nlimbs(ctx->p)); - if (!q) { - mpi_free(val); - return -ENOMEM; - } + /* + * ->p is odd, so no need to explicitly subtract one + * from it before shifting to the right. + */ + mpi_rshift(q, ctx->p, 1); - /* - * ->p is odd, so no need to explicitly subtract one - * from it before shifting to the right. - */ - mpi_rshift(q, ctx->p, 1); - - ret = mpi_powm(val, y, q, ctx->p); - mpi_free(q); - if (ret) { - mpi_free(val); - return ret; - } + ret = mpi_powm(val, y, q, ctx->p); + mpi_free(q); + if (ret) { + mpi_free(val); + return ret; + } - ret = mpi_cmp_ui(val, 1); + ret = mpi_cmp_ui(val, 1); - mpi_free(val); + mpi_free(val); - if (ret != 0) - return -EINVAL; - } + if (ret != 0) + return -EINVAL; return 0; } |