On Thu, Apr 20, 2017 at 03:27:17PM +0200, Stephan Müller wrote:
> Am Donnerstag, 20. April 2017, 07:46:31 CEST schrieb Eric Biggers:
> Hi Eric,
> > From: Eric Biggers <ebigg...@google.com>
> > The result of the Diffie-Hellman computation may be shorter than the
> > input prime number. Only calculate the KDF over the actual result;
> > don't include additional uninitialized memory.
> Thank you for catching that (and all the rest). But I think this patch is not
> correct. If the DH operation results in a shorter value, the trailing part
> must be set to null and the KDF calculated over the entire prime length.
> Thus, if the DH result is shorter than the prime, the memory should look like
> DH result || 0x00 <as often as needed to make it prime length> || otherinfo.
> Thus, instead of this patch, I would think that the kmalloc call should be
> changed to a kzalloc.
Is this in the standard? And is it the user-specified length of the prime
number, or the length after stripping leading zeroes? Also, note that the
numbers are being represented in big endian format; is that required, or just
coincidental? With big endian numbers leading zeroes go at the beginning, not
the end, otherwise their value will be changed...
By the way: do we really need this in the kernel at all, given that it's just
doing some math on data which userspace has access to?