keys: SP800-56A - preserve leading zeros for shared secret

The shared secret that is to be processed shall be the unchanged result of the DH mathematical primitive. The leading zeros shall be preserved. In addition, the kernel memory that is used as input to the KDF is zeroized to ensure that no leaks exist. Reported-by: Eric Biggers <ebiggers3@gmail.com> Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: David Howells <dhowells@redhat.com>
author: Stephan Mueller <smueller@chronox.de> 2017-05-01 16:45:22 +0200
committer: David Howells <dhowells@redhat.com> 2017-05-03 18:03:54 +0100
commit: 6ed917a92219210ab805c02ea68610f3c1137159 (patch)
tree: b4d08887fd3a0f256353b3cadbe92e34b7ef45e5 /security
parent: a6394d3d62a86f1d2c2d8259eea2a61547594554 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/security/keys/dh.c b/security/keys/dh.c
index 1c1cac677041..2ee200a6fe17 100644
--- a/security/keys/dh.c
+++ b/security/keys/dh.c
@@ -306,7 +306,7 @@ long __keyctl_dh_compute(struct keyctl_dh_params __user *params,
 	}
 
 	/* allocate space for DH shared secret and SP800-56A otherinfo */
-	kbuf = kmalloc(kdfcopy ? (resultlen + kdfcopy->otherinfolen) : resultlen,
+	kbuf = kzalloc(kdfcopy ? (resultlen + kdfcopy->otherinfolen) : resultlen,
 		       GFP_KERNEL);
 	if (!kbuf) {
 		ret = -ENOMEM;
@@ -328,7 +328,7 @@ long __keyctl_dh_compute(struct keyctl_dh_params __user *params,
 	if (ret)
 		goto error5;
 
-	ret = mpi_read_buffer(result, kbuf, resultlen, &nbytes, NULL);
+	ret = mpi_read_buffer(result, kbuf, resultlen, &nbytes, NULL, false);
 	if (ret != 0)
 		goto error5;
author	Stephan Mueller <smueller@chronox.de>	2017-05-01 16:45:22 +0200
committer	David Howells <dhowells@redhat.com>	2017-05-03 18:03:54 +0100
commit	6ed917a92219210ab805c02ea68610f3c1137159 (patch)
tree	b4d08887fd3a0f256353b3cadbe92e34b7ef45e5 /security
parent	a6394d3d62a86f1d2c2d8259eea2a61547594554 (diff)