summaryrefslogtreecommitdiffstats
path: root/security/keys/dh.c
diff options
context:
space:
mode:
authorStephan Mueller <smueller@chronox.de>2016-05-26 23:38:12 +0200
committerJames Morris <james.l.morris@oracle.com>2016-06-03 16:14:34 +1000
commit4693fc734d675c5518ea9bd4c9623db45bc37402 (patch)
tree54dcf2388f5868c5d5a8ab4faf3b64a8e2fa4f79 /security/keys/dh.c
parent4340fa55298d17049e71c7a34e04647379c269f3 (diff)
downloadlinux-4693fc734d675c5518ea9bd4c9623db45bc37402.tar.gz
linux-4693fc734d675c5518ea9bd4c9623db45bc37402.tar.bz2
linux-4693fc734d675c5518ea9bd4c9623db45bc37402.zip
KEYS: Add placeholder for KDF usage with DH
The values computed during Diffie-Hellman key exchange are often used in combination with key derivation functions to create cryptographic keys. Add a placeholder for a later implementation to configure a key derivation function that will transform the Diffie-Hellman result returned by the KEYCTL_DH_COMPUTE command. [This patch was stripped down from a patch produced by Mat Martineau that had a bug in the compat code - so for the moment Stephan's patch simply requires that the placeholder argument must be NULL] Original-signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security/keys/dh.c')
-rw-r--r--security/keys/dh.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/security/keys/dh.c b/security/keys/dh.c
index 880505a4b9f1..531ed2ec132f 100644
--- a/security/keys/dh.c
+++ b/security/keys/dh.c
@@ -78,7 +78,8 @@ error:
}
long keyctl_dh_compute(struct keyctl_dh_params __user *params,
- char __user *buffer, size_t buflen)
+ char __user *buffer, size_t buflen,
+ void __user *reserved)
{
long ret;
MPI base, private, prime, result;
@@ -97,6 +98,11 @@ long keyctl_dh_compute(struct keyctl_dh_params __user *params,
goto out;
}
+ if (reserved) {
+ ret = -EINVAL;
+ goto out;
+ }
+
keylen = mpi_from_key(pcopy.prime, buflen, &prime);
if (keylen < 0 || !prime) {
/* buflen == 0 may be used to query the required buffer size,