lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1434958.1737414722@warthog.procyon.org.uk>
Date: Mon, 20 Jan 2025 23:12:02 +0000
From: David Howells <dhowells@...hat.com>
Cc: dhowells@...hat.com, Simon Horman <horms@...nel.org>,
    Herbert Xu <herbert@...dor.apana.org.au>,
    Chuck Lever <chuck.lever@...cle.com>,
    Trond Myklebust <trond.myklebust@...merspace.com>,
    "David S. Miller" <davem@...emloft.net>,
    Marc Dionne <marc.dionne@...istor.com>,
    Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
    Paolo Abeni <pabeni@...hat.com>, Eric Biggers <ebiggers@...nel.org>,
    Ard Biesheuvel <ardb@...nel.org>, linux-crypto@...r.kernel.org,
    linux-afs@...ts.infradead.org, linux-nfs@...r.kernel.org,
    linux-fsdevel@...r.kernel.org, netdev@...r.kernel.org,
    linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH 03/24] crypto: Add 'krb5enc' hash and cipher AEAD algorithm

David Howells <dhowells@...hat.com> wrote:

> > Sparse complains that the second argument to krb5enc_verify_hash should be
> > a pointer rather than an integer. So perhaps this would be slightly better
> > expressed as (completely untested!):
> > 
> > 	err = krb5enc_verify_hash(req, NULL);
> 
> Actually, no.  It should be "ahreq->result + authsize" and
> krb5enc_verify_hash() shouldn't calculate ihash, but use its hash parameter.

Ah.  That's wrong also.  I'm going to drop the second parameter and just
calculate the hash pointers directly.

David
---
diff --git a/crypto/krb5enc.c b/crypto/krb5enc.c
index 931387a8ee6f..e5cec47e7e42 100644
--- a/crypto/krb5enc.c
+++ b/crypto/krb5enc.c
@@ -230,7 +230,7 @@ static int krb5enc_encrypt(struct aead_request *req)
 	return krb5enc_dispatch_encrypt(req, aead_request_flags(req));
 }
 
-static int krb5enc_verify_hash(struct aead_request *req, void *hash)
+static int krb5enc_verify_hash(struct aead_request *req)
 {
 	struct crypto_aead *krb5enc = crypto_aead_reqtfm(req);
 	struct aead_instance *inst = aead_alg_instance(krb5enc);
@@ -238,11 +238,12 @@ static int krb5enc_verify_hash(struct aead_request *req, void *hash)
 	struct krb5enc_request_ctx *areq_ctx = aead_request_ctx(req);
 	struct ahash_request *ahreq = (void *)(areq_ctx->tail + ictx->reqoff);
 	unsigned int authsize = crypto_aead_authsize(krb5enc);
-	u8 *ihash = ahreq->result + authsize;
+	u8 *calc_hash = areq_ctx->tail;
+	u8 *msg_hash  = areq_ctx->tail + authsize;
 
-	scatterwalk_map_and_copy(ihash, req->src, ahreq->nbytes, authsize, 0);
+	scatterwalk_map_and_copy(msg_hash, req->src, ahreq->nbytes, authsize, 0);
 
-	if (crypto_memneq(ihash, ahreq->result, authsize))
+	if (crypto_memneq(msg_hash, calc_hash, authsize))
 		return -EBADMSG;
 	return 0;
 }
@@ -254,7 +255,7 @@ static void krb5enc_decrypt_hash_done(void *data, int err)
 	if (err)
 		return krb5enc_request_complete(req, err);
 
-	err = krb5enc_verify_hash(req, 0);
+	err = krb5enc_verify_hash(req);
 	krb5enc_request_complete(req, err);
 }
 
@@ -284,7 +285,7 @@ static int krb5enc_dispatch_decrypt_hash(struct aead_request *req)
 	if (err < 0)
 		return err;
 
-	return krb5enc_verify_hash(req, hash);
+	return krb5enc_verify_hash(req);
 }
 
 /*
@@ -352,7 +353,7 @@ static int krb5enc_init_tfm(struct crypto_aead *tfm)
 	crypto_aead_set_reqsize(
 		tfm,
 		sizeof(struct krb5enc_request_ctx) +
-		ictx->reqoff +
+		ictx->reqoff + /* Space for two checksums */
 		umax(sizeof(struct ahash_request) + crypto_ahash_reqsize(auth),
 		     sizeof(struct skcipher_request) + crypto_skcipher_reqsize(enc)));

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ