diff options
author | Stephan Mueller <smueller@chronox.de> | 2017-05-01 16:45:22 +0200 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2017-05-03 18:03:54 +0100 |
commit | 6ed917a92219210ab805c02ea68610f3c1137159 (patch) | |
tree | b4d08887fd3a0f256353b3cadbe92e34b7ef45e5 /security | |
parent | a6394d3d62a86f1d2c2d8259eea2a61547594554 (diff) |
keys: SP800-56A - preserve leading zeros for shared secret
The shared secret that is to be processed shall be the unchanged result
of the DH mathematical primitive. The leading zeros shall be preserved.
In addition, the kernel memory that is used as input to the KDF is
zeroized to ensure that no leaks exist.
Reported-by: Eric Biggers <ebiggers3@gmail.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/keys/dh.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/security/keys/dh.c b/security/keys/dh.c index 1c1cac677041..2ee200a6fe17 100644 --- a/security/keys/dh.c +++ b/security/keys/dh.c @@ -306,7 +306,7 @@ long __keyctl_dh_compute(struct keyctl_dh_params __user *params, } /* allocate space for DH shared secret and SP800-56A otherinfo */ - kbuf = kmalloc(kdfcopy ? (resultlen + kdfcopy->otherinfolen) : resultlen, + kbuf = kzalloc(kdfcopy ? (resultlen + kdfcopy->otherinfolen) : resultlen, GFP_KERNEL); if (!kbuf) { ret = -ENOMEM; @@ -328,7 +328,7 @@ long __keyctl_dh_compute(struct keyctl_dh_params __user *params, if (ret) goto error5; - ret = mpi_read_buffer(result, kbuf, resultlen, &nbytes, NULL); + ret = mpi_read_buffer(result, kbuf, resultlen, &nbytes, NULL, false); if (ret != 0) goto error5; |