[PATCH net-next] crypto/krb5: Fix change to use SG miter to use offset
Herbert Xu
herbert at gondor.apana.org.au
Mon Apr 28 04:19:54 PDT 2025
On Mon, Apr 28, 2025 at 11:22:06AM +0100, David Howells wrote:
> [Note: Nothing in linus/master uses the krb5lib, though the bug is there,
> but it is used by AF_RXRPC's RxGK implementation in net-next, so can it go
> through the net-next tree rather than directly to Linus or through
> crypto?]
Sure I'm happy for this to go through net-next.
> The recent patch to make the rfc3961 simplified code use sg_miter rather
> than manually walking the scatterlist to hash the contents of a buffer
> described by that scatterlist failed to take the starting offset into
> account.
>
> This is indicated by the selftests reporting:
>
> krb5: Running aes128-cts-hmac-sha256-128 mic
> krb5: !!! TESTFAIL crypto/krb5/selftest.c:446
> krb5: MIC mismatch
>
> Fix this by calling sg_miter_skip() before doing the loop to advance by the
> offset.
>
> This only affects packet signing modes and not full encryption in RxGK
> because, for full encryption, the message digest is handled inside the
> authenc and krb5enc drivers.
>
> Fixes: da6f9bf40ac2 ("crypto: krb5 - Use SG miter instead of doing it by hand")
> Reported-by: Marc Dionne <marc.dionne at auristor.com>
> Signed-off-by: David Howells <dhowells at redhat.com>
> cc: Herbert Xu <herbert at gondor.apana.org.au>
> cc: "David S. Miller" <davem at davemloft.net>
> cc: Chuck Lever <chuck.lever at oracle.com>
> cc: Eric Dumazet <edumazet at google.com>
> cc: Jakub Kicinski <kuba at kernel.org>
> cc: Paolo Abeni <pabeni at redhat.com>
> cc: Simon Horman <horms at kernel.org>
> cc: linux-afs at lists.infradead.org
> cc: linux-nfs at vger.kernel.org
> cc: linux-crypto at vger.kernel.org
> cc: netdev at vger.kernel.org
> ---
> crypto/krb5/rfc3961_simplified.c | 1 +
> 1 file changed, 1 insertion(+)
Acked-by: Herbert Xu <herbert at gondor.apana.org.au>
Thanks,
--
Email: Herbert Xu <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
More information about the linux-afs
mailing list