Re: [PATCH] crypto: sun4i-ss - Remove insecure and unused rng_alg

Next message: kernel test robot: "drivers/mmc/host/wmt-sdmmc.c:241:39: sparse: sparse: incorrect type in assignment (different base types)"
Previous message: syzbot: "[syzbot] [kernel?] KASAN: slab-use-after-free Read in netdev_register_kobject (2)"
In reply to: Eric Biggers: "Re: [PATCH] crypto: sun4i-ss - Remove insecure and unused rng_alg"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Corentin Labbe

Date: Mon Jun 01 2026 - 11:16:20 EST

Le Fri, May 29, 2026 at 12:36:48PM -0700, Eric Biggers a écrit :
> Remove sun4i_ss_rng, as it is insecure and unused:
>
> - It has multiple vulnerabilities. sun4i_ss_prng_seed() is missing
> locking and has a buffer overflow. sun4i_ss_prng_generate() fails to
> fill the entire buffer with cryptographic random bytes, because it
> rounds the destination length down and also doesn't actually wait for
> the hardware to be ready before pulling bytes from it.
>
> - No user of this code is known. It's usable only theoretically via the
> "rng" algorithm type of AF_ALG. But userspace actually just uses the
> actual Linux RNG (/dev/random etc) instead. And rng_algs don't
> contribute entropy to the actual Linux RNG either. (This may have
> been confused with hwrng, which does contribute entropy.)
>
> Fixes: b8ae5c7387ad ("crypto: sun4i-ss - support the Security System PRNG")
> Cc: stable@xxxxxxxxxxxxxxx
> Cc: Corentin Labbe <clabbe.montjoie@xxxxxxxxx>
> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
> ---

Acked-by: Corentin LABBE <clabbe.montjoie@xxxxxxxxx>