diff options
| author | Eric Biggers <ebiggers@kernel.org> | 2026-04-19 23:33:47 -0700 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2026-05-07 16:09:59 +0800 |
| commit | 040ad83b0e8aa065fd2fc641cacba8491a8b186d (patch) | |
| tree | 904dd0a531c0f87ea341d78486215abd691dd924 /crypto | |
| parent | ddc4dedb9ba3c8eecbc8c050fffd46d1b7e75c21 (diff) | |
| download | linux-next-history-040ad83b0e8aa065fd2fc641cacba8491a8b186d.tar.gz | |
crypto: drbg - Fix ineffective sanity check
Fix drbg_healthcheck_sanity() to correctly check the return value of
drbg_generate(). drbg_generate() returns 0 on success, or a negative
errno value on failure. drbg_healthcheck_sanity() incorrectly assumed
that it returned a positive value on success.
This didn't make the sanity check fail, but it made it ineffective.
Fixes: cde001e4c3c3 ("crypto: rng - RNGs must return 0 in success case")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/drbg.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/crypto/drbg.c b/crypto/drbg.c index de4c69032155e..f23b431bd4902 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c @@ -1737,7 +1737,6 @@ static int drbg_kcapi_seed(struct crypto_rng *tfm, */ static inline int __init drbg_healthcheck_sanity(void) { - int len = 0; #define OUTBUFLEN 16 unsigned char buf[OUTBUFLEN]; struct drbg_state *drbg = NULL; @@ -1782,11 +1781,11 @@ static inline int __init drbg_healthcheck_sanity(void) max_request_bytes = drbg_max_request_bytes(drbg); drbg_string_fill(&addtl, buf, max_addtllen + 1); /* overflow addtllen with additional info string */ - len = drbg_generate(drbg, buf, OUTBUFLEN, &addtl); - BUG_ON(0 < len); + ret = drbg_generate(drbg, buf, OUTBUFLEN, &addtl); + BUG_ON(ret == 0); /* overflow max_bits */ - len = drbg_generate(drbg, buf, (max_request_bytes + 1), NULL); - BUG_ON(0 < len); + ret = drbg_generate(drbg, buf, max_request_bytes + 1, NULL); + BUG_ON(ret == 0); /* overflow max addtllen with personalization string */ ret = drbg_seed(drbg, &addtl, false); |