From: kernel test robot <lkp@intel.com>
To: oe-kbuild@lists.linux.dev
Cc: lkp@intel.com, Dan Carpenter <error27@gmail.com>
Subject: [dhowells-fs:crypto-krb5 6/21] crypto/krb5/kdf.c:116 crypto_krb5_get_Kc() error: buffer overflow 'buf' 4 <= 4
Date: Thu, 28 Dec 2023 03:00:29 +0800 [thread overview]
Message-ID: <202312280208.kXOfvCcb-lkp@intel.com> (raw)
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
TO: David Howells <dhowells@redhat.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git crypto-krb5
head: ebd44e15422341724b06a3a13590ea80244ebbd6
commit: b468b20c76d24a3eee1e29352769251daae938f9 [6/21] crypto/krb5: Provide infrastructure and key derivation
:::::: branch date: 6 days ago
:::::: commit date: 6 days ago
config: powerpc-randconfig-r071-20231226 (https://download.01.org/0day-ci/archive/20231228/202312280208.kXOfvCcb-lkp@intel.com/config)
compiler: clang version 18.0.0git (https://github.com/llvm/llvm-project d3ef86708241a3bee902615c190dead1638c4e09)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <error27@gmail.com>
| Closes: https://lore.kernel.org/r/202312280208.kXOfvCcb-lkp@intel.com/
smatch warnings:
crypto/krb5/kdf.c:116 crypto_krb5_get_Kc() error: buffer overflow 'buf' 4 <= 4
crypto/krb5/kdf.c:161 crypto_krb5_get_Ke() error: buffer overflow 'buf' 4 <= 4
crypto/krb5/kdf.c:206 crypto_krb5_get_Ki() error: buffer overflow 'buf' 4 <= 4
vim +/buf +116 crypto/krb5/kdf.c
b468b20c76d24a David Howells 2020-09-03 89
b468b20c76d24a David Howells 2020-09-03 90 /**
b468b20c76d24a David Howells 2020-09-03 91 * crypto_krb5_get_Kc - Derive key Kc and install into a hash
b468b20c76d24a David Howells 2020-09-03 92 * @krb5: The encryption type to use
b468b20c76d24a David Howells 2020-09-03 93 * @TK: The base key
b468b20c76d24a David Howells 2020-09-03 94 * @usage: The key usage number
b468b20c76d24a David Howells 2020-09-03 95 * @key: Prepped buffer to store the key into
b468b20c76d24a David Howells 2020-09-03 96 * @_shash: Where to put the hash (or NULL if not wanted)
b468b20c76d24a David Howells 2020-09-03 97 * @gfp: Allocation restrictions
b468b20c76d24a David Howells 2020-09-03 98 *
b468b20c76d24a David Howells 2020-09-03 99 * Derive the Kerberos Kc checksumming key and, optionally, allocate a hash and
b468b20c76d24a David Howells 2020-09-03 100 * install the key into it, returning the hash. The key is stored into the
b468b20c76d24a David Howells 2020-09-03 101 * prepared buffer.
b468b20c76d24a David Howells 2020-09-03 102 */
b468b20c76d24a David Howells 2020-09-03 103 int crypto_krb5_get_Kc(const struct krb5_enctype *krb5,
b468b20c76d24a David Howells 2020-09-03 104 const struct krb5_buffer *TK,
b468b20c76d24a David Howells 2020-09-03 105 u32 usage,
b468b20c76d24a David Howells 2020-09-03 106 struct krb5_buffer *key,
b468b20c76d24a David Howells 2020-09-03 107 struct crypto_shash **_shash,
b468b20c76d24a David Howells 2020-09-03 108 gfp_t gfp)
b468b20c76d24a David Howells 2020-09-03 109 {
b468b20c76d24a David Howells 2020-09-03 110 struct crypto_shash *shash;
b468b20c76d24a David Howells 2020-09-03 111 int ret;
b468b20c76d24a David Howells 2020-09-03 112 u8 buf[CRYPTO_MINALIGN] __aligned(CRYPTO_MINALIGN);
b468b20c76d24a David Howells 2020-09-03 113 struct krb5_buffer usage_constant = { .len = 5, .data = buf };
b468b20c76d24a David Howells 2020-09-03 114
b468b20c76d24a David Howells 2020-09-03 115 *(__be32 *)buf = cpu_to_be32(usage);
b468b20c76d24a David Howells 2020-09-03 @116 buf[4] = KEY_USAGE_SEED_CHECKSUM;
b468b20c76d24a David Howells 2020-09-03 117
b468b20c76d24a David Howells 2020-09-03 118 key->len = krb5->Kc_len;
b468b20c76d24a David Howells 2020-09-03 119 ret = krb5->profile->calc_Kc(krb5, TK, &usage_constant, key, gfp);
b468b20c76d24a David Howells 2020-09-03 120 if (ret < 0)
b468b20c76d24a David Howells 2020-09-03 121 return ret;
b468b20c76d24a David Howells 2020-09-03 122
b468b20c76d24a David Howells 2020-09-03 123 if (_shash) {
b468b20c76d24a David Howells 2020-09-03 124 shash = crypto_alloc_shash(krb5->cksum_name, 0, 0);
b468b20c76d24a David Howells 2020-09-03 125 if (IS_ERR(shash))
b468b20c76d24a David Howells 2020-09-03 126 return (PTR_ERR(shash) == -ENOENT) ? -ENOPKG : PTR_ERR(shash);
b468b20c76d24a David Howells 2020-09-03 127 *_shash = shash;
b468b20c76d24a David Howells 2020-09-03 128 ret = crypto_shash_setkey(shash, key->data, key->len);
b468b20c76d24a David Howells 2020-09-03 129 }
b468b20c76d24a David Howells 2020-09-03 130
b468b20c76d24a David Howells 2020-09-03 131 return ret;
b468b20c76d24a David Howells 2020-09-03 132 }
b468b20c76d24a David Howells 2020-09-03 133 EXPORT_SYMBOL(crypto_krb5_get_Kc);
b468b20c76d24a David Howells 2020-09-03 134
b468b20c76d24a David Howells 2020-09-03 135 /**
b468b20c76d24a David Howells 2020-09-03 136 * crypto_krb5_get_Ke - Derive key Ke and install into an skcipher
b468b20c76d24a David Howells 2020-09-03 137 * @krb5: The encryption type to use
b468b20c76d24a David Howells 2020-09-03 138 * @TK: The base key
b468b20c76d24a David Howells 2020-09-03 139 * @usage: The key usage number
b468b20c76d24a David Howells 2020-09-03 140 * @key: Prepped buffer to store the key into
b468b20c76d24a David Howells 2020-09-03 141 * @_ci: Where to put the cipher (or NULL if not wanted)
b468b20c76d24a David Howells 2020-09-03 142 * @gfp: Allocation restrictions
b468b20c76d24a David Howells 2020-09-03 143 *
b468b20c76d24a David Howells 2020-09-03 144 * Derive the Kerberos Ke encryption key and, optionally, allocate an skcipher
b468b20c76d24a David Howells 2020-09-03 145 * and install the key into it, returning the cipher. The key is stored into
b468b20c76d24a David Howells 2020-09-03 146 * the prepared buffer.
b468b20c76d24a David Howells 2020-09-03 147 */
b468b20c76d24a David Howells 2020-09-03 148 int crypto_krb5_get_Ke(const struct krb5_enctype *krb5,
b468b20c76d24a David Howells 2020-09-03 149 const struct krb5_buffer *TK,
b468b20c76d24a David Howells 2020-09-03 150 u32 usage,
b468b20c76d24a David Howells 2020-09-03 151 struct krb5_buffer *key,
b468b20c76d24a David Howells 2020-09-03 152 struct crypto_sync_skcipher **_ci,
b468b20c76d24a David Howells 2020-09-03 153 gfp_t gfp)
b468b20c76d24a David Howells 2020-09-03 154 {
b468b20c76d24a David Howells 2020-09-03 155 struct crypto_sync_skcipher *ci;
b468b20c76d24a David Howells 2020-09-03 156 int ret;
b468b20c76d24a David Howells 2020-09-03 157 u8 buf[CRYPTO_MINALIGN] __aligned(CRYPTO_MINALIGN);
b468b20c76d24a David Howells 2020-09-03 158 struct krb5_buffer usage_constant = { .len = 5, .data = buf };
b468b20c76d24a David Howells 2020-09-03 159
b468b20c76d24a David Howells 2020-09-03 160 *(__be32 *)buf = cpu_to_be32(usage);
b468b20c76d24a David Howells 2020-09-03 @161 buf[4] = KEY_USAGE_SEED_ENCRYPTION;
b468b20c76d24a David Howells 2020-09-03 162
b468b20c76d24a David Howells 2020-09-03 163 key->len = krb5->Ke_len;
b468b20c76d24a David Howells 2020-09-03 164 ret = krb5->profile->calc_Ke(krb5, TK, &usage_constant, key, gfp);
b468b20c76d24a David Howells 2020-09-03 165 if (ret < 0)
b468b20c76d24a David Howells 2020-09-03 166 return ret;
b468b20c76d24a David Howells 2020-09-03 167
b468b20c76d24a David Howells 2020-09-03 168 if (_ci) {
b468b20c76d24a David Howells 2020-09-03 169 ci = crypto_alloc_sync_skcipher(krb5->encrypt_name, 0, 0);
b468b20c76d24a David Howells 2020-09-03 170 if (IS_ERR(ci))
b468b20c76d24a David Howells 2020-09-03 171 return (PTR_ERR(ci) == -ENOENT) ? -ENOPKG : PTR_ERR(ci);
b468b20c76d24a David Howells 2020-09-03 172 *_ci = ci;
b468b20c76d24a David Howells 2020-09-03 173 ret = crypto_sync_skcipher_setkey(ci, key->data, key->len);
b468b20c76d24a David Howells 2020-09-03 174 }
b468b20c76d24a David Howells 2020-09-03 175
b468b20c76d24a David Howells 2020-09-03 176 return ret;
b468b20c76d24a David Howells 2020-09-03 177 }
b468b20c76d24a David Howells 2020-09-03 178 EXPORT_SYMBOL(crypto_krb5_get_Ke);
b468b20c76d24a David Howells 2020-09-03 179
b468b20c76d24a David Howells 2020-09-03 180 /**
b468b20c76d24a David Howells 2020-09-03 181 * crypto_krb5_get_Ki - Derive key Ki and install into a hash
b468b20c76d24a David Howells 2020-09-03 182 * @krb5: The encryption type to use
b468b20c76d24a David Howells 2020-09-03 183 * @TK: The base key
b468b20c76d24a David Howells 2020-09-03 184 * @usage: The key usage number
b468b20c76d24a David Howells 2020-09-03 185 * @key: Prepped buffer to store the key into
b468b20c76d24a David Howells 2020-09-03 186 * @_shash: Where to put the hash (or NULL if not wanted)
b468b20c76d24a David Howells 2020-09-03 187 * @gfp: Allocation restrictions
b468b20c76d24a David Howells 2020-09-03 188 *
b468b20c76d24a David Howells 2020-09-03 189 * Derive the Kerberos Ki integrity checksum key and, optionally, allocate a
b468b20c76d24a David Howells 2020-09-03 190 * hash and install the key into it, returning the hash. The key is stored
b468b20c76d24a David Howells 2020-09-03 191 * into the prepared buffer.
b468b20c76d24a David Howells 2020-09-03 192 */
b468b20c76d24a David Howells 2020-09-03 193 int crypto_krb5_get_Ki(const struct krb5_enctype *krb5,
b468b20c76d24a David Howells 2020-09-03 194 const struct krb5_buffer *TK,
b468b20c76d24a David Howells 2020-09-03 195 u32 usage,
b468b20c76d24a David Howells 2020-09-03 196 struct krb5_buffer *key,
b468b20c76d24a David Howells 2020-09-03 197 struct crypto_shash **_shash,
b468b20c76d24a David Howells 2020-09-03 198 gfp_t gfp)
b468b20c76d24a David Howells 2020-09-03 199 {
b468b20c76d24a David Howells 2020-09-03 200 struct crypto_shash *shash;
b468b20c76d24a David Howells 2020-09-03 201 int ret;
b468b20c76d24a David Howells 2020-09-03 202 u8 buf[CRYPTO_MINALIGN] __aligned(CRYPTO_MINALIGN);
b468b20c76d24a David Howells 2020-09-03 203 struct krb5_buffer usage_constant = { .len = 5, .data = buf };
b468b20c76d24a David Howells 2020-09-03 204
b468b20c76d24a David Howells 2020-09-03 205 *(__be32 *)buf = cpu_to_be32(usage);
b468b20c76d24a David Howells 2020-09-03 @206 buf[4] = KEY_USAGE_SEED_INTEGRITY;
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next reply other threads:[~2023-12-27 19:01 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-27 19:00 kernel test robot [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-01-03 15:00 [dhowells-fs:crypto-krb5 6/21] crypto/krb5/kdf.c:116 crypto_krb5_get_Kc() error: buffer overflow 'buf' 4 <= 4 Dan Carpenter
2024-01-18 13:15 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202312280208.kXOfvCcb-lkp@intel.com \
--to=lkp@intel.com \
--cc=error27@gmail.com \
--cc=oe-kbuild@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.