Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2414338pxb;
        Sun, 24 Jan 2021 06:12:47 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxrOaSuVbkxeSAet0Y/SOcyr2AedWoHeQLpsXtYKjaoAwnrUP/i8gBBhSGaRgx46G5oWWzI
X-Received: by 2002:a05:6402:1549:: with SMTP id p9mr493596edx.387.1611497566958;
        Sun, 24 Jan 2021 06:12:46 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1611497566; cv=none;
        d=google.com; s=arc-20160816;
        b=bzLnR/aqcjA3FK0UFuMwssGqiro3iprz5OZhO/Sf/rvjCp/SeiVDza+N80jaxmG7c0
         NTi1DttbYPobnKl8ccvk75ymkcJOhQdGDJ2gBrQk0wg+RWnLn2+jicqcIKBKYEiNCWjF
         VLMUs062473cLngJp9H0JofGdZSU4b1Kuc9Aj+2zouU6I3jannBm5dFEKovbQeixtVQZ
         Gx1f4XPACEsHIuAaoQLBpZA6vkzGPpR2C/A5n7V3eEnWYkaI9kp5CT0FIKdZeclrpqFv
         tKp73RbmvcxtgbgOdJJcdSC6zu3Cb0DwjV3lvupHVbkJfOKbFFmO18jFSdI/AoBnyo7b
         hdbQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=Fyc0rzVotIOUtUm7++3lcJ+qWnVjlyTyBLMUYptLgRk=;
        b=asqypP4OqfDk5TXpjtuyPnWY0cNpdzem7uC+Q62NdeidZlbl3Qh5rFsgclWzVfQy6r
         c5j8Y7q60nEeZH2HMHjCJ6+FNwu8WDJdcUUG++058mGfVblYPXhgEGlVhtivNAzw0ZHj
         v9FgMtsitBn4rn1LbiuYYlJIzZi7ce4mfCE03ZwLK0OCHNHsMBVLuKrK7Solb9t7Yt3I
         HIQpKKXlWtn/Jj+f1udqQeiTfZGrlNrsYx9bbGBJpL3V0aVTY2JBaYQyrTy8tWAxxIqB
         RP4nTa/gdr1Gtp2OVB8uaMoDhyZL/I2EqWCEhL/CKac0AZJpQncQJs66OJaKFH9n++4K
         Ca2w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chronox.de header.s=strato-dkim-0002 header.b=R5qniK8G;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id g14si6279324edu.487.2021.01.24.06.12.23;
        Sun, 24 Jan 2021 06:12:46 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chronox.de header.s=strato-dkim-0002 header.b=R5qniK8G;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1725984AbhAXOK5 (ORCPT <rfc822;liunan257@gmail.com> + 99 others);
        Sun, 24 Jan 2021 09:10:57 -0500
Received: from mo4-p02-ob.smtp.rzone.de ([85.215.255.83]:21964 "EHLO
        mo4-p02-ob.smtp.rzone.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725838AbhAXOJi (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 24 Jan 2021 09:09:38 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1611497205;
        s=strato-dkim-0002; d=chronox.de;
        h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:From:
        Subject:Sender;
        bh=Fyc0rzVotIOUtUm7++3lcJ+qWnVjlyTyBLMUYptLgRk=;
        b=R5qniK8GEUCy+q1km8pHfRA3ZfmLr+g/RtQOxgxGrUG31E+a94HlTLQqPa4PhbvdVO
        8IMgkD+SnbP85DqsK8rVCbHQGfM/w94dkKzhFk4vS9qZPYFJr5EoUaJFgL9czZxAOtUN
        osKIQlZgsxcuRzuZoMdb/F1Tav/te7zODIapdp/9sJV0NhTaDRbqNAQF1poFrc0WbKqI
        l4jR88czOkLizwOT2XCKtSF4hjGPX65aEN3X3xTiM2dcgPL2HbqmVUSS4MABFKtXJQef
        WJYNluT5SXZsO2JRx8meWbgDBk7Q1XrcikwhafslEFpFJqm05wKiRtMEI+GHiusp+vnY
        d6ag==
X-RZG-AUTH: ":P2ERcEykfu11Y98lp/T7+hdri+uKZK8TKWEqNyiHySGSa9k9xmwdNnzGHXPZI/ScIzb9"
X-RZG-CLASS-ID: mo00
Received: from positron.chronox.de
        by smtp.strato.de (RZmta 47.12.1 DYNA|AUTH)
        with ESMTPSA id Z04c46x0OE6jeiX
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits))
        (Client did not present a certificate);
        Sun, 24 Jan 2021 15:06:45 +0100 (CET)
From:   Stephan =?ISO-8859-1?Q?M=FCller?= <smueller@chronox.de>
To:     herbert@gondor.apana.org.au
Cc:     ebiggers@kernel.org, Jarkko Sakkinen <jarkko@kernel.org>,
        mathew.j.martineau@linux.intel.com, dhowells@redhat.com,
        linux-crypto@vger.kernel.org, linux-fscrypt@vger.kernel.org,
        linux-kernel@vger.kernel.org, keyrings@vger.kernel.org,
        simo@redhat.com
Subject: [PATCH v2 4/7] security: DH - remove dead code for zero padding
Date:   Sun, 24 Jan 2021 15:03:50 +0100
Message-ID: <2129848.iZASKD2KPV@positron.chronox.de>
In-Reply-To: <1772794.tdWV9SEqCh@positron.chronox.de>
References: <1772794.tdWV9SEqCh@positron.chronox.de>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Remove the specific code that adds a zero padding that was intended
to be invoked when the DH operation result was smaller than the
modulus. However, this cannot occur any more these days because the
function mpi_write_to_sgl is used in the code path that calculates the
shared secret in dh_compute_value. This MPI service function guarantees
that leading zeros are introduced as needed to ensure the resulting data
is exactly as long as the modulus. This implies that the specific code
to add zero padding is dead code which can be safely removed.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
 security/keys/dh.c | 25 ++++---------------------
 1 file changed, 4 insertions(+), 21 deletions(-)

diff --git a/security/keys/dh.c b/security/keys/dh.c
index 1abfa70ed6e1..56e12dae4534 100644
--- a/security/keys/dh.c
+++ b/security/keys/dh.c
@@ -141,7 +141,7 @@ static void kdf_dealloc(struct kdf_sdesc *sdesc)
  * 'dlen' must be a multiple of the digest size.
  */
 static int kdf_ctr(struct kdf_sdesc *sdesc, const u8 *src, unsigned int slen,
-		   u8 *dst, unsigned int dlen, unsigned int zlen)
+		   u8 *dst, unsigned int dlen)
 {
 	struct shash_desc *desc = &sdesc->shash;
 	unsigned int h = crypto_shash_digestsize(desc->tfm);
@@ -158,22 +158,6 @@ static int kdf_ctr(struct kdf_sdesc *sdesc, const u8 *src, unsigned int slen,
 		if (err)
 			goto err;
 
-		if (zlen && h) {
-			u8 tmpbuffer[32];
-			size_t chunk = min_t(size_t, zlen, sizeof(tmpbuffer));
-			memset(tmpbuffer, 0, chunk);
-
-			do {
-				err = crypto_shash_update(desc, tmpbuffer,
-							  chunk);
-				if (err)
-					goto err;
-
-				zlen -= chunk;
-				chunk = min_t(size_t, zlen, sizeof(tmpbuffer));
-			} while (zlen);
-		}
-
 		if (src && slen) {
 			err = crypto_shash_update(desc, src, slen);
 			if (err)
@@ -198,7 +182,7 @@ static int kdf_ctr(struct kdf_sdesc *sdesc, const u8 *src, unsigned int slen,
 
 static int keyctl_dh_compute_kdf(struct kdf_sdesc *sdesc,
 				 char __user *buffer, size_t buflen,
-				 uint8_t *kbuf, size_t kbuflen, size_t lzero)
+				 uint8_t *kbuf, size_t kbuflen)
 {
 	uint8_t *outbuf = NULL;
 	int ret;
@@ -211,7 +195,7 @@ static int keyctl_dh_compute_kdf(struct kdf_sdesc *sdesc,
 		goto err;
 	}
 
-	ret = kdf_ctr(sdesc, kbuf, kbuflen, outbuf, outbuf_len, lzero);
+	ret = kdf_ctr(sdesc, kbuf, kbuflen, outbuf, outbuf_len);
 	if (ret)
 		goto err;
 
@@ -384,8 +368,7 @@ long __keyctl_dh_compute(struct keyctl_dh_params __user *params,
 		}
 
 		ret = keyctl_dh_compute_kdf(sdesc, buffer, buflen, outbuf,
-					    req->dst_len + kdfcopy->otherinfolen,
-					    outlen - req->dst_len);
+					    req->dst_len + kdfcopy->otherinfolen);
 	} else if (copy_to_user(buffer, outbuf, req->dst_len) == 0) {
 		ret = req->dst_len;
 	} else {
-- 
2.26.2