git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Eric Biggers <ebiggers@kernel.org>
	Mon, 20 Apr 2026 06:33:48 +0000 (23:33 -0700)
committer	Herbert Xu <herbert@gondor.apana.org.au>
	Thu, 7 May 2026 08:09:59 +0000 (16:09 +0800)
commit	6f49f00c981bbb9ef602966f19bfdbef46b681d2
tree	7c832fe2a5001860f5ab64b8b507447c4e38aa38	tree \| snapshot
parent	040ad83b0e8aa065fd2fc641cacba8491a8b186d	commit \| diff

crypto: drbg - Fix drbg_max_addtl() on 64-bit kernels

On 64-bit kernels, drbg_max_addtl() returns 2**35 bytes.  That's too
large, for two reasons:

1. SP800-90A says the maximum limit is 2**35 *bits*, not 2**35 bytes.
   So the implemented limit has confused bits and bytes.

2. When drbg_kcapi_hash() calls crypto_shash_update() on the additional
   information string, the length is implicitly cast to 'unsigned int'.
   That truncates the additional information string to U32_MAX bytes.

Fix the maximum additional information string length to always be
U32_MAX - 1, causing an error to be returned for any longer lengths.

Fixes: 541af946fe13 ("crypto: drbg - SP800-90A Deterministic Random Bit Generator")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>