All of
 help / color / mirror / Atom feed
From: James Morris <>
To: Linus Torvalds <>
Subject: [GIT PULL] Keys keyctl placeholder
Date: Fri, 3 Jun 2016 15:57:36 +1000 (AEST)	[thread overview]
Message-ID: <> (raw)

David Howells has asked that this be accepted before -rc2:

"Could you pass this along to Linus as soon as possible, please?  This 
alters a new keyctl function added in the current merge window to allow 
for a future extension planned for the next merge window."

Please pull.

The following changes since commit 4340fa55298d17049e71c7a34e04647379c269f3:

  Merge tag 'for-linus' of git:// (2016-06-02 15:08:06 -0700)

are available in the git repository at:

  git:// for-linus

Stephan Mueller (1):
      KEYS: Add placeholder for KDF usage with DH

 Documentation/security/keys.txt |    5 ++++-
 security/keys/compat.c          |    2 +-
 security/keys/dh.c              |    8 +++++++-
 security/keys/internal.h        |    5 +++--
 security/keys/keyctl.c          |    4 ++--
 5 files changed, 17 insertions(+), 7 deletions(-)

commit 4693fc734d675c5518ea9bd4c9623db45bc37402
Author: Stephan Mueller <>
Date:   Thu May 26 23:38:12 2016 +0200

    KEYS: Add placeholder for KDF usage with DH
    The values computed during Diffie-Hellman key exchange are often used
    in combination with key derivation functions to create cryptographic
    keys.  Add a placeholder for a later implementation to configure a
    key derivation function that will transform the Diffie-Hellman
    result returned by the KEYCTL_DH_COMPUTE command.
    [This patch was stripped down from a patch produced by Mat Martineau that
     had a bug in the compat code - so for the moment Stephan's patch simply
     requires that the placeholder argument must be NULL]
    Original-signed-off-by: Mat Martineau <>
    Signed-off-by: Stephan Mueller <>
    Signed-off-by: David Howells <>
    Signed-off-by: James Morris <>

diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
index 20d0571..3849814 100644
--- a/Documentation/security/keys.txt
+++ b/Documentation/security/keys.txt
@@ -826,7 +826,8 @@ The keyctl syscall functions are:
  (*) Compute a Diffie-Hellman shared secret or public key
        long keyctl(KEYCTL_DH_COMPUTE, struct keyctl_dh_params *params,
-		   char *buffer, size_t buflen);
+		   char *buffer, size_t buflen,
+		   void *reserved);
      The params struct contains serial numbers for three keys:
@@ -843,6 +844,8 @@ The keyctl syscall functions are:
      public key.  If the base is the remote public key, the result is
      the shared secret.
+     The reserved argument must be set to NULL.
      The buffer length must be at least the length of the prime, or zero.
      If the buffer length is nonzero, the length of the result is
diff --git a/security/keys/compat.c b/security/keys/compat.c
index c8783b3..36c80bf 100644
--- a/security/keys/compat.c
+++ b/security/keys/compat.c
@@ -134,7 +134,7 @@ COMPAT_SYSCALL_DEFINE5(keyctl, u32, option,
 		return keyctl_dh_compute(compat_ptr(arg2), compat_ptr(arg3),
-					 arg4);
+					 arg4, compat_ptr(arg5));
 		return -EOPNOTSUPP;
diff --git a/security/keys/dh.c b/security/keys/dh.c
index 880505a..531ed2e 100644
--- a/security/keys/dh.c
+++ b/security/keys/dh.c
@@ -78,7 +78,8 @@ error:
 long keyctl_dh_compute(struct keyctl_dh_params __user *params,
-		       char __user *buffer, size_t buflen)
+		       char __user *buffer, size_t buflen,
+		       void __user *reserved)
 	long ret;
 	MPI base, private, prime, result;
@@ -97,6 +98,11 @@ long keyctl_dh_compute(struct keyctl_dh_params __user *params,
 		goto out;
+	if (reserved) {
+		ret = -EINVAL;
+		goto out;
+	}
 	keylen = mpi_from_key(, buflen, &prime);
 	if (keylen < 0 || !prime) {
 		/* buflen == 0 may be used to query the required buffer size,
diff --git a/security/keys/internal.h b/security/keys/internal.h
index 8ec7a52..a705a7d 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -260,10 +260,11 @@ static inline long keyctl_get_persistent(uid_t uid, key_serial_t destring)
 extern long keyctl_dh_compute(struct keyctl_dh_params __user *, char __user *,
-			      size_t);
+			      size_t, void __user *);
 static inline long keyctl_dh_compute(struct keyctl_dh_params __user *params,
-				     char __user *buffer, size_t buflen)
+				     char __user *buffer, size_t buflen,
+				     void __user *reserved)
 	return -EOPNOTSUPP;
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 3b135a0..d580ad0 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -1688,8 +1688,8 @@ SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3,
 		return keyctl_dh_compute((struct keyctl_dh_params __user *) arg2,
-					 (char __user *) arg3,
-					 (size_t) arg4);
+					 (char __user *) arg3, (size_t) arg4,
+					 (void __user *) arg5);
 		return -EOPNOTSUPP;

                 reply	other threads:[~2016-06-03  5:57 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \
    --subject='Re: [GIT PULL] Keys keyctl placeholder' \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.