crypto: drbg - Fix ineffective sanity check

Fix drbg_healthcheck_sanity() to correctly check the return value of
drbg_generate().  drbg_generate() returns 0 on success, or a negative
errno value on failure.  drbg_healthcheck_sanity() incorrectly assumed
that it returned a positive value on success.

This didn't make the sanity check fail, but it made it ineffective.

Fixes: cde001e4c3c3 ("crypto: rng - RNGs must return 0 in success case")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/crypto/drbg.c b/crypto/drbg.c
index de4c69032155ed6323ca182307b663aee6c337a5..f23b431bd4902a7ef4aace411a6343a713d98184 100644 (file)
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -1737,7 +1737,6 @@ static int drbg_kcapi_seed(struct crypto_rng *tfm,
  */
 static inline int __init drbg_healthcheck_sanity(void)
 {
-       int len = 0;
 #define OUTBUFLEN 16
        unsigned char buf[OUTBUFLEN];
        struct drbg_state *drbg = NULL;
@@ -1782,11 +1781,11 @@ static inline int __init drbg_healthcheck_sanity(void)
        max_request_bytes = drbg_max_request_bytes(drbg);
        drbg_string_fill(&addtl, buf, max_addtllen + 1);
        /* overflow addtllen with additional info string */
-       len = drbg_generate(drbg, buf, OUTBUFLEN, &addtl);
-       BUG_ON(0 < len);
+       ret = drbg_generate(drbg, buf, OUTBUFLEN, &addtl);
+       BUG_ON(ret == 0);
        /* overflow max_bits */
-       len = drbg_generate(drbg, buf, (max_request_bytes + 1), NULL);
-       BUG_ON(0 < len);
+       ret = drbg_generate(drbg, buf, max_request_bytes + 1, NULL);
+       BUG_ON(ret == 0);
 
        /* overflow max addtllen with personalization string */
        ret = drbg_seed(drbg, &addtl, false);