summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorStephan Mueller <smueller@chronox.de>2015-03-06 08:26:31 +0100
committerHerbert Xu <herbert@gondor.apana.org.au>2015-03-09 21:06:18 +1100
commitcde001e4c3c3625c60b68a83eb1f1c2572dee07a (patch)
tree6b0a069f9fdfa36c3741164564ea163f9cb69820 /crypto
parent4842234f83bfce83c93f84f5972a956ef2c87805 (diff)
downloadlinux-stable-cde001e4c3c3625c60b68a83eb1f1c2572dee07a.tar.gz
linux-stable-cde001e4c3c3625c60b68a83eb1f1c2572dee07a.tar.bz2
linux-stable-cde001e4c3c3625c60b68a83eb1f1c2572dee07a.zip
crypto: rng - RNGs must return 0 in success case
Change the RNGs to always return 0 in success case. This patch ensures that seqiv.c works with RNGs other than krng. seqiv expects that any return code other than 0 is an error. Without the patch, rfc4106(gcm(aes)) will not work when using a DRBG or an ANSI X9.31 RNG. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/ansi_cprng.c6
-rw-r--r--crypto/drbg.c7
2 files changed, 11 insertions, 2 deletions
diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c
index 6f5bebc9bf01..765fe7609348 100644
--- a/crypto/ansi_cprng.c
+++ b/crypto/ansi_cprng.c
@@ -210,7 +210,11 @@ static int get_prng_bytes(char *buf, size_t nbytes, struct prng_context *ctx,
byte_count = DEFAULT_BLK_SZ;
}
- err = byte_count;
+ /*
+ * Return 0 in case of success as mandated by the kernel
+ * crypto API interface definition.
+ */
+ err = 0;
dbgprint(KERN_CRIT "getting %d random bytes for context %p\n",
byte_count, ctx);
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 56c1d7ec3d9e..b69409cb7e6a 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -1280,7 +1280,7 @@ static void drbg_restore_shadow(struct drbg_state *drbg,
* as defined in SP800-90A. The additional input is mixed into
* the state in addition to the pulled entropy.
*
- * return: generated number of bytes
+ * return: 0 when all bytes are generated; < 0 in case of an error
*/
static int drbg_generate(struct drbg_state *drbg,
unsigned char *buf, unsigned int buflen,
@@ -1419,6 +1419,11 @@ static int drbg_generate(struct drbg_state *drbg,
}
#endif
+ /*
+ * All operations were successful, return 0 as mandated by
+ * the kernel crypto API interface.
+ */
+ len = 0;
err:
shadow->d_ops->crypto_fini(shadow);
drbg_restore_shadow(drbg, &shadow);