On Thu, Sep 04, 2014 at 01:50:32AM +0200, Stephan Mueller wrote: > Am Donnerstag, 4. September 2014, 07:21:29 schrieb Herbert Xu: > > Hi Herbert, > > > On Wed, Sep 03, 2014 at 03:33:16AM +0200, Stephan Mueller wrote: > > > Am Montag, 1. September 2014, 07:11:20 schrieb Stephan Mueller: > > > > > > Hi Herbert, > > > > > > may I ask for consideration of this patch as this covers an oops FIPS > > > mode? > > > > > > In addition, may I ask for guidance on how to fix the 32 bit code path in > > > Linus' tree as asked on 28.8? To quote: "Thus, the fix in > > > b9347aff91ce4789619168539f08202d8d6a1177 works. However, this > > > patch is based on 05c81ccd9087d238c10b234eadb55632742e5518. So, if we want > > > to fix Linus' tree with minimal impact, either these two patches are > > > pushed to Linus or I have to port > > > b9347aff91ce4789619168539f08202d8d6a1177 to the current Linus tree." > > > > I will take care of this. > > Thank you. Here is the patch I will add for 3.17: commit fb38ab4cd05e11184fd2c3ef916fa106ecc505fc Author: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Date: Fri Sep 5 15:52:28 2014 +0800 crypto: drbg - backport "fix maximum value checks on 32 bit systems" This is a backport of commit b9347aff91ce4789619168539f08202d8d6a1177. This backport is needed as without it the code will crash on 32-bit systems. The maximum values for additional input string or generated blocks is larger than 1<<32. To ensure a sensible value on 32 bit systems, return SIZE_MAX on 32 bit systems. This value is lower than the maximum allowed values defined in SP800-90A. The standard allow lower maximum values, but not larger values. SIZE_MAX - 1 is used for drbg_max_addtl to allow drbg_healthcheck_sanity to check the enforcement of the variable without wrapping. Reported-by: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx> Reported-by: kbuild test robot <fengguang.wu@xxxxxxxxx> Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> diff --git a/include/crypto/drbg.h b/include/crypto/drbg.h index 831d786..882675e 100644 --- a/include/crypto/drbg.h +++ b/include/crypto/drbg.h @@ -162,12 +162,25 @@ static inline size_t drbg_max_request_bytes(struct drbg_state *drbg) static inline size_t drbg_max_addtl(struct drbg_state *drbg) { +#if (__BITS_PER_LONG == 32) + /* + * SP800-90A allows smaller maximum numbers to be returned -- we + * return SIZE_MAX - 1 to allow the verification of the enforcement + * of this value in drbg_healthcheck_sanity. + */ + return (SIZE_MAX - 1); +#else return (1UL<<(drbg->core->max_addtllen)); +#endif } static inline size_t drbg_max_requests(struct drbg_state *drbg) { +#if (__BITS_PER_LONG == 32) + return SIZE_MAX; +#else return (1UL<<(drbg->core->max_req)); +#endif } /* Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-next" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html