Message ID | 18729386.1pHbKfYFYP@positron.chronox.de (mailing list archive) |
---|---|
State | Accepted |
Delegated to: | Herbert Xu |
Headers | show |
On Fri, Nov 18, 2016 at 12:27:56PM +0100, Stephan Mueller wrote: > The CTR DRBG segments the number of random bytes to be generated into > 128 byte blocks. The current code misses the advancement of the output > buffer pointer when the requestor asks for more than 128 bytes of data. > In this case, the next 128 byte block of random numbers is copied to > the beginning of the output buffer again. This implies that only the > first 128 bytes of the output buffer would ever be filled. > > The patch adds the advancement of the buffer pointer to fill the entire > buffer. > > Signed-off-by: Stephan Mueller <smueller@chronox.de> Patch applied. Thanks.
diff --git a/crypto/drbg.c b/crypto/drbg.c index fb33f7d..9a95b61 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c @@ -1766,6 +1766,7 @@ static int drbg_kcapi_sym_ctr(struct drbg_state *drbg, init_completion(&drbg->ctr_completion); outlen -= cryptlen; + outbuf += cryptlen; } return 0;
The CTR DRBG segments the number of random bytes to be generated into 128 byte blocks. The current code misses the advancement of the output buffer pointer when the requestor asks for more than 128 bytes of data. In this case, the next 128 byte block of random numbers is copied to the beginning of the output buffer again. This implies that only the first 128 bytes of the output buffer would ever be filled. The patch adds the advancement of the buffer pointer to fill the entire buffer. Signed-off-by: Stephan Mueller <smueller@chronox.de> --- crypto/drbg.c | 1 + 1 file changed, 1 insertion(+)