diff options
| author | Sergey Shtylyov <s.shtylyov@omp.ru> | 2025-12-17 23:21:44 +0300 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2025-12-29 08:48:35 +0800 |
| commit | 6acd394367ab145b1cc26e66aac3bb40b968e893 (patch) | |
| tree | 174482f945c2a07ecc735875300c3968093f9579 | |
| parent | eb6449aa7b32259a8b59e0c9602b32dcaf1fba58 (diff) | |
crypto: drbg - make drbg_fips_continuous_test() return bool
Currently, drbg_fips_continuous_test() only returns 0 and -EAGAIN, so an
early return from the *do*/*while* loop in drbg_get_random_bytes() just
isn't possible. Make drbg_fips_continuous_test() return bool instead of
*int* (using true instead of 0 and false instead of -EAGAIN). This way,
we can further simplify drbg_get_random_bytes()...
Found by Linux Verification Center (linuxtesting.org) with the Svace static
analysis tool.
Suggested-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| -rw-r--r-- | crypto/drbg.c | 28 |
1 files changed, 11 insertions, 17 deletions
diff --git a/crypto/drbg.c b/crypto/drbg.c index ab7da601a87f..72d1d130dcc8 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c @@ -226,38 +226,37 @@ static inline unsigned short drbg_sec_strength(drbg_flag_t flags) * @entropy buffer of seed data to be checked * * return: - * 0 on success - * -EAGAIN on when the CTRNG is not yet primed - * < 0 on error + * %true on success + * %false when the CTRNG is not yet primed */ -static int drbg_fips_continuous_test(struct drbg_state *drbg, - const unsigned char *entropy) +static bool drbg_fips_continuous_test(struct drbg_state *drbg, + const unsigned char *entropy) { unsigned short entropylen = drbg_sec_strength(drbg->core->flags); if (!IS_ENABLED(CONFIG_CRYPTO_FIPS)) - return 0; + return true; /* skip test if we test the overall system */ if (list_empty(&drbg->test_data.list)) - return 0; + return true; /* only perform test in FIPS mode */ if (!fips_enabled) - return 0; + return true; if (!drbg->fips_primed) { /* Priming of FIPS test */ memcpy(drbg->prev, entropy, entropylen); drbg->fips_primed = true; /* priming: another round is needed */ - return -EAGAIN; + return false; } if (!memcmp(drbg->prev, entropy, entropylen)) panic("DRBG continuous self test failed\n"); memcpy(drbg->prev, entropy, entropylen); /* the test shall pass when the two values are not equal */ - return 0; + return true; } /****************************************************************** @@ -847,14 +846,9 @@ static inline int drbg_get_random_bytes(struct drbg_state *drbg, unsigned char *entropy, unsigned int entropylen) { - int ret; - - do { + do get_random_bytes(entropy, entropylen); - ret = drbg_fips_continuous_test(drbg, entropy); - if (ret && ret != -EAGAIN) - return ret; - } while (ret); + while (!drbg_fips_continuous_test(drbg, entropy)); return 0; } |