aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2016-06-05 14:02:00 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2016-06-05 14:02:00 -0400
commitd834502e2fca9380a1579fecd134ef94c063b662 (patch)
tree5f180e522792facbe222c3c28b69df8003c93304
parenteedf265aa003b4781de24cfed40a655a664457e6 (diff)
parent4693fc734d675c5518ea9bd4c9623db45bc37402 (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull key handling update from James Morris: "This alters a new keyctl function added in the current merge window to allow for a future extension planned for the next merge window" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: KEYS: Add placeholder for KDF usage with DH
Diffstat
-rw-r--r--Documentation/security/keys.txt5
-rw-r--r--security/keys/compat.c2
-rw-r--r--security/keys/dh.c8
-rw-r--r--security/keys/internal.h5
-rw-r--r--security/keys/keyctl.c4
5 files changed, 17 insertions, 7 deletions
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
index 20d05719bceb..3849814bfe6d 100644
--- a/Documentation/security/keys.txt
+++ b/Documentation/security/keys.txt
@@ -826,7 +826,8 @@ The keyctl syscall functions are:
826 (*) Compute a Diffie-Hellman shared secret or public key 826 (*) Compute a Diffie-Hellman shared secret or public key
827 827
828 long keyctl(KEYCTL_DH_COMPUTE, struct keyctl_dh_params *params, 828 long keyctl(KEYCTL_DH_COMPUTE, struct keyctl_dh_params *params,
829 char *buffer, size_t buflen); 829 char *buffer, size_t buflen,
830 void *reserved);
830 831
831 The params struct contains serial numbers for three keys: 832 The params struct contains serial numbers for three keys:
832 833
@@ -843,6 +844,8 @@ The keyctl syscall functions are:
843 public key. If the base is the remote public key, the result is 844 public key. If the base is the remote public key, the result is
844 the shared secret. 845 the shared secret.
845 846
847 The reserved argument must be set to NULL.
848
846 The buffer length must be at least the length of the prime, or zero. 849 The buffer length must be at least the length of the prime, or zero.
847 850
848 If the buffer length is nonzero, the length of the result is 851 If the buffer length is nonzero, the length of the result is
diff --git a/security/keys/compat.c b/security/keys/compat.c
index c8783b3b628c..36c80bf5b89c 100644
--- a/security/keys/compat.c
+++ b/security/keys/compat.c
@@ -134,7 +134,7 @@ COMPAT_SYSCALL_DEFINE5(keyctl, u32, option,
134 134
135 case KEYCTL_DH_COMPUTE: 135 case KEYCTL_DH_COMPUTE:
136 return keyctl_dh_compute(compat_ptr(arg2), compat_ptr(arg3), 136 return keyctl_dh_compute(compat_ptr(arg2), compat_ptr(arg3),
137 arg4); 137 arg4, compat_ptr(arg5));
138 138
139 default: 139 default:
140 return -EOPNOTSUPP; 140 return -EOPNOTSUPP;
diff --git a/security/keys/dh.c b/security/keys/dh.c
index 880505a4b9f1..531ed2ec132f 100644
--- a/security/keys/dh.c
+++ b/security/keys/dh.c
@@ -78,7 +78,8 @@ error:
78} 78}
79 79
80long keyctl_dh_compute(struct keyctl_dh_params __user *params, 80long keyctl_dh_compute(struct keyctl_dh_params __user *params,
81 char __user *buffer, size_t buflen) 81 char __user *buffer, size_t buflen,
82 void __user *reserved)
82{ 83{
83 long ret; 84 long ret;
84 MPI base, private, prime, result; 85 MPI base, private, prime, result;
@@ -97,6 +98,11 @@ long keyctl_dh_compute(struct keyctl_dh_params __user *params,
97 goto out; 98 goto out;
98 } 99 }
99 100
101 if (reserved) {
102 ret = -EINVAL;
103 goto out;
104 }
105
100 keylen = mpi_from_key(pcopy.prime, buflen, &prime); 106 keylen = mpi_from_key(pcopy.prime, buflen, &prime);
101 if (keylen < 0 || !prime) { 107 if (keylen < 0 || !prime) {
102 /* buflen == 0 may be used to query the required buffer size, 108 /* buflen == 0 may be used to query the required buffer size,
diff --git a/security/keys/internal.h b/security/keys/internal.h
index 8ec7a528365d..a705a7d92ad7 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -260,10 +260,11 @@ static inline long keyctl_get_persistent(uid_t uid, key_serial_t destring)
260 260
261#ifdef CONFIG_KEY_DH_OPERATIONS 261#ifdef CONFIG_KEY_DH_OPERATIONS
262extern long keyctl_dh_compute(struct keyctl_dh_params __user *, char __user *, 262extern long keyctl_dh_compute(struct keyctl_dh_params __user *, char __user *,
263 size_t); 263 size_t, void __user *);
264#else 264#else
265static inline long keyctl_dh_compute(struct keyctl_dh_params __user *params, 265static inline long keyctl_dh_compute(struct keyctl_dh_params __user *params,
266 char __user *buffer, size_t buflen) 266 char __user *buffer, size_t buflen,
267 void __user *reserved)
267{ 268{
268 return -EOPNOTSUPP; 269 return -EOPNOTSUPP;
269} 270}
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 3b135a0af344..d580ad06b792 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -1688,8 +1688,8 @@ SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3,
1688 1688
1689 case KEYCTL_DH_COMPUTE: 1689 case KEYCTL_DH_COMPUTE:
1690 return keyctl_dh_compute((struct keyctl_dh_params __user *) arg2, 1690 return keyctl_dh_compute((struct keyctl_dh_params __user *) arg2,
1691 (char __user *) arg3, 1691 (char __user *) arg3, (size_t) arg4,
1692 (size_t) arg4); 1692 (void __user *) arg5);
1693 1693
1694 default: 1694 default:
1695 return -EOPNOTSUPP; 1695 return -EOPNOTSUPP;
generated by cgit v1.2.2 (git 2.25.0) at 2026-01-02 16:42:17 -0500