[PATCH 01/38] crypto: drbg - Fix returning success on failure in CTR_DRBG

Next message: Eric Biggers: "[PATCH 00/38] Fix and simplify the NIST DRBG implementation"
Previous message: Pawel Laszczak: "RE: [PATCH] usb: cdnsp: add support for eUSB2v2 port"
In reply to: Eric Biggers: "[PATCH 00/38] Fix and simplify the NIST DRBG implementation"
Next in thread: Eric Biggers: "[PATCH 02/38] crypto: drbg - Fix misaligned writes in CTR_DRBG and HASH_DRBG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Biggers

Date: Mon Apr 20 2026 - 02:37:06 EST

drbg_ctr_generate() sometimes returns success when it fails, leaving the
output buffer uninitialized. Fix it.

Fixes: cde001e4c3c3 ("crypto: rng - RNGs must return 0 in success case")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
---
crypto/drbg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/drbg.c b/crypto/drbg.c
index 9204e6edb426..e4eb78ed222b 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -375,11 +375,11 @@ static int drbg_ctr_generate(struct drbg_state *drbg,

/* 10.2.1.5.2 step 2 */
if (addtl && !list_empty(addtl)) {
ret = drbg_ctr_update(drbg, addtl, 2);
if (ret)
- return 0;
+ return ret;
}

/* 10.2.1.5.2 step 4.1 */
ret = drbg_kcapi_sym_ctr(drbg, NULL, 0, buf, len);
if (ret)

base-commit: c1f49dea2b8f335813d3b348fd39117fb8efb428
--
2.53.0