lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aA9kWu9eViN17ZBs@gondor.apana.org.au>
Date: Mon, 28 Apr 2025 19:19:54 +0800
From: Herbert Xu <herbert@...dor.apana.org.au>
To: David Howells <dhowells@...hat.com>
Cc: netdev@...r.kernel.org, Marc Dionne <marc.dionne@...istor.com>,
	Jakub Kicinski <kuba@...nel.org>,
	"David S. Miller" <davem@...emloft.net>,
	Chuck Lever <chuck.lever@...cle.com>,
	Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>,
	Simon Horman <horms@...nel.org>, linux-afs@...ts.infradead.org,
	linux-nfs@...r.kernel.org, linux-crypto@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next] crypto/krb5: Fix change to use SG miter to use
 offset

On Mon, Apr 28, 2025 at 11:22:06AM +0100, David Howells wrote:
> [Note: Nothing in linus/master uses the krb5lib, though the bug is there,
>  but it is used by AF_RXRPC's RxGK implementation in net-next, so can it go
>  through the net-next tree rather than directly to Linus or through
>  crypto?]

Sure I'm happy for this to go through net-next.

> The recent patch to make the rfc3961 simplified code use sg_miter rather
> than manually walking the scatterlist to hash the contents of a buffer
> described by that scatterlist failed to take the starting offset into
> account.
> 
> This is indicated by the selftests reporting:
> 
>     krb5: Running aes128-cts-hmac-sha256-128 mic
>     krb5: !!! TESTFAIL crypto/krb5/selftest.c:446
>     krb5: MIC mismatch
> 
> Fix this by calling sg_miter_skip() before doing the loop to advance by the
> offset.
> 
> This only affects packet signing modes and not full encryption in RxGK
> because, for full encryption, the message digest is handled inside the
> authenc and krb5enc drivers.
> 
> Fixes: da6f9bf40ac2 ("crypto: krb5 - Use SG miter instead of doing it by hand")
> Reported-by: Marc Dionne <marc.dionne@...istor.com>
> Signed-off-by: David Howells <dhowells@...hat.com>
> cc: Herbert Xu <herbert@...dor.apana.org.au>
> cc: "David S. Miller" <davem@...emloft.net>
> cc: Chuck Lever <chuck.lever@...cle.com>
> cc: Eric Dumazet <edumazet@...gle.com>
> cc: Jakub Kicinski <kuba@...nel.org>
> cc: Paolo Abeni <pabeni@...hat.com>
> cc: Simon Horman <horms@...nel.org>
> cc: linux-afs@...ts.infradead.org
> cc: linux-nfs@...r.kernel.org
> cc: linux-crypto@...r.kernel.org
> cc: netdev@...r.kernel.org
> ---
>  crypto/krb5/rfc3961_simplified.c |    1 +
>  1 file changed, 1 insertion(+)

Acked-by: Herbert Xu <herbert@...dor.apana.org.au>

Thanks,
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ