From: Zhushuai Yin <yinzhushuai@huawei.com> When the high-order bit of the returned shared secret key is 0, the high-order bit of the DH shared secret key return value is not padded with 0, and the returned size is also the value without the high-order bit, which does not match the expected result of the software calculation. Signed-off-by: Zhushuai Yin <yinzhushuai@huawei.com> Signed-off-by: JiangShui Yang <yangjiangshui@h-partners.com> --- src/uadk_dh.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/uadk_dh.c b/src/uadk_dh.c index 8fa6b4b..fcdc5cd 100644 --- a/src/uadk_dh.c +++ b/src/uadk_dh.c @@ -887,6 +887,7 @@ static int uadk_e_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, const BIGNUM *p = NULL; const BIGNUM *g = NULL; const BIGNUM *q = NULL; + __u16 len; int ret; if (!dh || !key || !pub_key || !DH_get0_priv_key(dh)) @@ -918,8 +919,11 @@ static int uadk_e_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, goto free_data; } - memcpy(key, dh_sess->req.pri, dh_sess->req.pri_bytes); - ret = dh_sess->req.pri_bytes; + len = dh_sess->req.pri_bytes < dh_sess->key_size ? + dh_sess->req.pri_bytes : dh_sess->key_size; + memset(key, 0, dh_sess->key_size - len); + memcpy(key + dh_sess->key_size - len, dh_sess->req.pri, len); + ret = dh_sess->key_size; dh_free_eng_session(dh_sess); return ret; -- 2.43.0