From patchwork Thu Apr 20 05:46:31 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 9689491 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id AD2BE6038D for ; Thu, 20 Apr 2017 05:49:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A02A428447 for ; Thu, 20 Apr 2017 05:49:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 94E8D28468; Thu, 20 Apr 2017 05:49:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E74872844C for ; Thu, 20 Apr 2017 05:49:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S938743AbdDTFs7 (ORCPT ); Thu, 20 Apr 2017 01:48:59 -0400 Received: from mail-oi0-f66.google.com ([209.85.218.66]:33455 "EHLO mail-oi0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S938756AbdDTFsW (ORCPT ); Thu, 20 Apr 2017 01:48:22 -0400 Received: by mail-oi0-f66.google.com with SMTP id a189so5945743oib.0; Wed, 19 Apr 2017 22:48:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=n5OY1Tr+rBEGyFS6EVzt9IiG6YcAniTfEV7/9PlrZoY=; b=IPrLEFiCcJhiQbVRjq/kzZTxYGu7Wr5/MQXvFP100FeumLFfTZEhBaQuyXRTp1lrla SDlid0PvHcEBqaC7gWepv2wK7CrXz0aOck3zWFOza9TsQ29P93TvmP7YJ23GxRvUhhbp fgMPUHGSsJfUP6+aje8s3BjKIHoYN2+2SuVbyj593/7BmK9MywkCxa6gJ28Vdw6qH1Rc bPKCDrzJRR0YbELf+ZzAb00DrHiHNcasFDVHy1JgZcv8a974Z9TqXGVLs3JiC/Ug+7DR er/2EcGSUt+jiNtWLIaeIh7fa8emzhi5pEcLscYn6k2MRQA1ilnorqRUhS95N6KMhoi7 YNMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=n5OY1Tr+rBEGyFS6EVzt9IiG6YcAniTfEV7/9PlrZoY=; b=cF+pe8jJKZJM3MYRao1HMIJ82PrQ6HoytVdbVo86CYhdQCBcQb/ObQlT50cSRJegq9 r/ukw11Hsk6mn1FpNmBp5x3Ijd/b9z6owcbaVD3sX9fQhHjpDSlOj6n5hvl1HyJFlQTA /QlRzqM/yMutqM8ff7aeZGxlfoRdel1oRlfP6yTvOG00395ypAWQU3KPzs1dCATmntpI M/1Y8eXUPfRxPjFj2tYLoOT8w0o03O8rZkvuvEywBRZtfIPLRMA3INaG9mHzLyjY1H4m b+3TciHdgxBhpyLrX66uqazKjOc9efj6N/AE49nS9Od/4Rr/sKSsQjmxdOUYAcukQ4o3 NVbw== X-Gm-Message-State: AN3rC/6l0xKY1yq5XJwz77NWEs1eC9Q9zjRvDKzqY3cqu6H/gWM6VU0L a2vUwIuBugM78w== X-Received: by 10.98.100.3 with SMTP id y3mr6497071pfb.194.1492667301314; Wed, 19 Apr 2017 22:48:21 -0700 (PDT) Received: from localhost.localdomain (c-73-239-167-150.hsd1.wa.comcast.net. [73.239.167.150]) by smtp.gmail.com with ESMTPSA id d83sm7686230pfe.40.2017.04.19.22.48.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Apr 2017 22:48:20 -0700 (PDT) From: Eric Biggers To: keyrings@vger.kernel.org Cc: linux-crypto@vger.kernel.org, Stephan Mueller , David Howells , Herbert Xu , mathew.j.martineau@linux.intel.com, Eric Biggers Subject: [PATCH 3/5] KEYS: DH: don't feed uninitialized result memory into KDF Date: Wed, 19 Apr 2017 22:46:31 -0700 Message-Id: <20170420054633.14572-4-ebiggers3@gmail.com> X-Mailer: git-send-email 2.12.2 In-Reply-To: <20170420054633.14572-1-ebiggers3@gmail.com> References: <20170420054633.14572-1-ebiggers3@gmail.com> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers The result of the Diffie-Hellman computation may be shorter than the input prime number. Only calculate the KDF over the actual result; don't include additional uninitialized memory. Signed-off-by: Eric Biggers --- security/keys/dh.c | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/security/keys/dh.c b/security/keys/dh.c index 1c1cac677041..a3a8607107f5 100644 --- a/security/keys/dh.c +++ b/security/keys/dh.c @@ -313,17 +313,6 @@ long __keyctl_dh_compute(struct keyctl_dh_params __user *params, goto error4; } - /* - * Concatenate SP800-56A otherinfo past DH shared secret -- the - * input to the KDF is (DH shared secret || otherinfo) - */ - if (kdfcopy && - copy_from_user(kbuf + resultlen, kdfcopy->otherinfo, - kdfcopy->otherinfolen) != 0) { - ret = -EFAULT; - goto error5; - } - ret = do_dh(result, base, private, prime); if (ret) goto error5; @@ -333,8 +322,17 @@ long __keyctl_dh_compute(struct keyctl_dh_params __user *params, goto error5; if (kdfcopy) { + /* + * Concatenate SP800-56A otherinfo past DH shared secret -- the + * input to the KDF is (DH shared secret || otherinfo) + */ + if (copy_from_user(kbuf + nbytes, kdfcopy->otherinfo, + kdfcopy->otherinfolen) != 0) { + ret = -EFAULT; + goto error5; + } ret = keyctl_dh_compute_kdf(sdesc, buffer, buflen, kbuf, - resultlen + kdfcopy->otherinfolen); + nbytes + kdfcopy->otherinfolen); } else { ret = nbytes; if (copy_to_user(buffer, kbuf, nbytes) != 0)