From: Jeffrey E Altman <jaltman@auristor.com>
To: David Howells <dhowells@redhat.com>, netdev@vger.kernel.org
Cc: Hyunwoo Kim <imv4bel@gmail.com>,
Marc Dionne <marc.dionne@auristor.com>,
Jakub Kicinski <kuba@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>, Simon Horman <horms@kernel.org>,
linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org,
Herbert Xu <herbert@gondor.apana.org.au>,
Chuck Lever <chuck.lever@oracle.com>,
linux-nfs@vger.kernel.org, linux-crypto@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [PATCH net v2 2/4] crypto/krb5, rxrpc: Fix lack of pre-decrypt/pre-verify length checks
Date: Wed, 13 May 2026 10:33:23 -0400 [thread overview]
Message-ID: <56373df4-52f5-4ad4-a129-a3dc9f626e97@auristor.com> (raw)
In-Reply-To: <20260513131941.1439155-3-dhowells@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 8427 bytes --]
On 5/13/2026 9:19 AM, David Howells wrote:
> Change the krb5 crypto library to provide facilities to precheck the length
> of the message about to be decrypted or verified.
>
> Fix AF_RXRPC to make use of this to validate DATA packets secured with
> RxGK.
>
> Fixes: 9d1d2b59341f ("rxrpc: rxgk: Implement the yfs-rxgk security class (GSSAPI)")
> Closes: https://sashiko.dev/#/patchset/20260511160753.607296-1-dhowells%40redhat.com
> Signed-off-by: David Howells <dhowells@redhat.com>
> cc: Marc Dionne <marc.dionne@auristor.com>
> cc: Jeffrey Altman <jaltman@auristor.com>
> cc: Herbert Xu <herbert@gondor.apana.org.au>
> cc: "David S. Miller" <davem@davemloft.net>
> cc: Eric Dumazet <edumazet@google.com>
> cc: Jakub Kicinski <kuba@kernel.org>
> cc: Paolo Abeni <pabeni@redhat.com>
> cc: Simon Horman <horms@kernel.org>
> cc: Chuck Lever <chuck.lever@oracle.com>
> cc: netdev@vger.kernel.org
> cc: linux-afs@lists.infradead.org
> cc: linux-nfs@vger.kernel.org
> cc: linux-crypto@vger.kernel.org
> cc: stable@vger.kernel.org
> ---
> Documentation/crypto/krb5.rst | 17 ++++++++---
> crypto/krb5/krb5_api.c | 54 +++++++++++++++++++++++++++++++----
> include/crypto/krb5.h | 9 ++++--
> include/trace/events/rxrpc.h | 1 +
> net/rxrpc/rxgk.c | 11 +++++--
> 5 files changed, 77 insertions(+), 15 deletions(-)
>
> diff --git a/Documentation/crypto/krb5.rst b/Documentation/crypto/krb5.rst
> index beffa0133446..f62e07ac6811 100644
> --- a/Documentation/crypto/krb5.rst
> +++ b/Documentation/crypto/krb5.rst
> @@ -158,13 +158,22 @@ returned.
> When a message has been received, the location and size of the data with the
> message can be determined by calling::
>
> - void crypto_krb5_where_is_the_data(const struct krb5_enctype *krb5,
> - enum krb5_crypto_mode mode,
> - size_t *_offset, size_t *_len);
> + int crypto_krb5_where_is_the_data(const struct krb5_enctype *krb5,
> + enum krb5_crypto_mode mode,
> + size_t *_offset, size_t *_len);
>
> The caller provides the offset and length of the message to the function, which
> then alters those values to indicate the region containing the data (plus any
> -padding). It is up to the caller to determine how much padding there is.
> +padding). It is up to the caller to determine how much padding there is. The
> +function returns an error if the length is too small or if the mode is
> +unsupported. An additional function::
> +
> + int crypto_krb5_check_data_len(const struct krb5_enctype *krb5,
> + enum krb5_crypto_mode mode,
> + size_t len, size_t min_content);
> +
> +is provided to just do a basic check that the decrypted/verified message would
> +have a sufficient minimum payload.
>
> Preparation Functions
> ---------------------
> diff --git a/crypto/krb5/krb5_api.c b/crypto/krb5/krb5_api.c
> index 23026d4206c8..c7ea40f900a7 100644
> --- a/crypto/krb5/krb5_api.c
> +++ b/crypto/krb5/krb5_api.c
> @@ -134,27 +134,69 @@ EXPORT_SYMBOL(crypto_krb5_how_much_data);
> * Find the offset and size of the data in a secure message so that this
> * information can be used in the metadata buffer which will get added to the
> * digest by crypto_krb5_verify_mic().
> + *
> + * Return: 0 if successful, -EBADMSG if the message is too short or -EINVAL if
> + * the mode is unsupported.
> */
> -void crypto_krb5_where_is_the_data(const struct krb5_enctype *krb5,
> - enum krb5_crypto_mode mode,
> - size_t *_offset, size_t *_len)
> +int crypto_krb5_where_is_the_data(const struct krb5_enctype *krb5,
> + enum krb5_crypto_mode mode,
> + size_t *_offset, size_t *_len)
> {
> switch (mode) {
> case KRB5_CHECKSUM_MODE:
> + if (*_len < krb5->cksum_len)
> + return -EBADMSG;
> *_offset += krb5->cksum_len;
> *_len -= krb5->cksum_len;
> - return;
> + return 0;
> case KRB5_ENCRYPT_MODE:
> + if (*_len < krb5->conf_len + krb5->cksum_len)
> + return -EBADMSG;
> *_offset += krb5->conf_len;
> *_len -= krb5->conf_len + krb5->cksum_len;
> - return;
> + return 0;
> default:
> WARN_ON_ONCE(1);
> - return;
> + return -EINVAL;
> }
> }
> EXPORT_SYMBOL(crypto_krb5_where_is_the_data);
>
> +/**
> + * crypto_krb5_check_data_len - Check a message is big enough
> + * @krb5: The encoding to use.
> + * @mode: Mode of operation.
> + * @len: The length of the secure blob.
> + * @min_content: Minimum length of the content inside the blob.
> + *
> + * Check that a message is large enough to hold whatever bits the encryption
> + * type wants to glue on (nonce, checksum) plus a minimum amount of content.
> + *
> + * Return: 0 if successful, -EBADMSG if the message is too short or -EINVAL if
> + * the mode is unsupported.
> + */
> +int crypto_krb5_check_data_len(const struct krb5_enctype *krb5,
> + enum krb5_crypto_mode mode,
> + size_t len, size_t min_content)
> +{
> + switch (mode) {
> + case KRB5_CHECKSUM_MODE:
> + if (len < krb5->cksum_len ||
> + len - krb5->cksum_len < min_content)
> + return -EBADMSG;
> + return 0;
> + case KRB5_ENCRYPT_MODE:
> + if (len < krb5->conf_len + krb5->cksum_len ||
> + len - (krb5->conf_len + krb5->cksum_len) < min_content)
> + return -EBADMSG;
> + return 0;
> + default:
> + WARN_ON_ONCE(1);
> + return -EINVAL;
> + }
> +}
> +EXPORT_SYMBOL(crypto_krb5_check_data_len);
> +
> /*
> * Prepare the encryption with derived key data.
> */
> diff --git a/include/crypto/krb5.h b/include/crypto/krb5.h
> index 71dd38f59be1..aac3ecf88467 100644
> --- a/include/crypto/krb5.h
> +++ b/include/crypto/krb5.h
> @@ -121,9 +121,12 @@ size_t crypto_krb5_how_much_buffer(const struct krb5_enctype *krb5,
> size_t crypto_krb5_how_much_data(const struct krb5_enctype *krb5,
> enum krb5_crypto_mode mode,
> size_t *_buffer_size, size_t *_offset);
> -void crypto_krb5_where_is_the_data(const struct krb5_enctype *krb5,
> - enum krb5_crypto_mode mode,
> - size_t *_offset, size_t *_len);
> +int crypto_krb5_where_is_the_data(const struct krb5_enctype *krb5,
> + enum krb5_crypto_mode mode,
> + size_t *_offset, size_t *_len);
> +int crypto_krb5_check_data_len(const struct krb5_enctype *krb5,
> + enum krb5_crypto_mode mode,
> + size_t len, size_t min_content);
> struct crypto_aead *crypto_krb5_prepare_encryption(const struct krb5_enctype *krb5,
> const struct krb5_buffer *TK,
> u32 usage, gfp_t gfp);
> diff --git a/include/trace/events/rxrpc.h b/include/trace/events/rxrpc.h
> index 573f2df3a2c9..704a10de6670 100644
> --- a/include/trace/events/rxrpc.h
> +++ b/include/trace/events/rxrpc.h
> @@ -71,6 +71,7 @@
> EM(rxkad_abort_resp_unknown_tkt, "rxkad-resp-unknown-tkt") \
> EM(rxkad_abort_resp_version, "rxkad-resp-version") \
> /* RxGK security errors */ \
> + EM(rxgk_abort_1_short_header, "rxgk1-short-hdr") \
> EM(rxgk_abort_1_verify_mic_eproto, "rxgk1-vfy-mic-eproto") \
> EM(rxgk_abort_2_decrypt_eproto, "rxgk2-dec-eproto") \
> EM(rxgk_abort_2_short_data, "rxgk2-short-data") \
> diff --git a/net/rxrpc/rxgk.c b/net/rxrpc/rxgk.c
> index 0d5e654da918..41180263e527 100644
> --- a/net/rxrpc/rxgk.c
> +++ b/net/rxrpc/rxgk.c
> @@ -480,8 +480,10 @@ static int rxgk_verify_packet_integrity(struct rxrpc_call *call,
>
> _enter("");
>
> - crypto_krb5_where_is_the_data(gk->krb5, KRB5_CHECKSUM_MODE,
> - &data_offset, &data_len);
> + if (crypto_krb5_where_is_the_data(gk->krb5, KRB5_CHECKSUM_MODE,
> + &data_offset, &data_len) < 0)
> + return rxrpc_abort_eproto(call, skb, RXKADSEALEDINCON,
> + rxgk_abort_1_short_header);
>
> hdr = kzalloc_obj(*hdr, GFP_NOFS);
> if (!hdr)
> @@ -529,6 +531,11 @@ static int rxgk_verify_packet_encrypted(struct rxrpc_call *call,
>
> _enter("");
>
> + if (crypto_krb5_check_data_len(gk->krb5, KRB5_ENCRYPT_MODE,
> + len, sizeof(*hdr)) < 0)
> + return rxrpc_abort_eproto(call, skb, RXKADSEALEDINCON,
> + rxgk_abort_2_short_header);
> +
> ret = rxgk_decrypt_skb(gk->krb5, gk->rx_enc, skb, &offset, &len, &ac);
> if (ret < 0) {
> if (ret != -ENOMEM)
Reviewed-by: Jeffrey Altman <jaltman@auristor.com>
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4467 bytes --]
next prev parent reply other threads:[~2026-05-13 14:33 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-13 13:19 [PATCH net v2 0/4] rxrpc: Better fix for DATA/RESPONSE decrypt vs splice() David Howells
2026-05-13 13:19 ` [PATCH net v2 1/4] rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present David Howells
2026-05-13 13:19 ` [PATCH net v2 2/4] crypto/krb5, rxrpc: Fix lack of pre-decrypt/pre-verify length checks David Howells
2026-05-13 14:33 ` Jeffrey E Altman [this message]
2026-05-13 13:19 ` [PATCH net v2 3/4] rxrpc: Fix DATA decrypt vs splice() by copying data to buffer in recvmsg David Howells
2026-05-13 15:06 ` Jeffrey E Altman
2026-05-13 13:19 ` [PATCH net v2 4/4] rxrpc: Fix RESPONSE packet verification to extract skb to a linear buffer David Howells
2026-05-13 15:04 ` Jeffrey E Altman
2026-05-13 15:25 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56373df4-52f5-4ad4-a129-a3dc9f626e97@auristor.com \
--to=jaltman@auristor.com \
--cc=chuck.lever@oracle.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=edumazet@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=horms@kernel.org \
--cc=imv4bel@gmail.com \
--cc=kuba@kernel.org \
--cc=linux-afs@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=marc.dionne@auristor.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox