lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aN5JwxZFeAnZXA8n@gondor.apana.org.au>
Date: Thu, 2 Oct 2025 17:45:39 +0800
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Dave Sun <sunyiqixm@...il.com>
Cc: davem@...emloft.net, linux-crypto@...r.kernel.org,
	linux-kernel@...r.kernel.org, Elena Petrova <lenaptr@...gle.com>,
	Stephan Müller <smueller@...onox.de>,
	Eric Biggers <ebiggers@...gle.com>
Subject: [PATCH] crypto: rng - Ensure set_ent is always present

On Tue, Sep 30, 2025 at 11:28:24AM +0800, Dave Sun wrote:
> When CONFIG_CRYPTO_USER_API_RNG_CAVP is enable,
> algif_type_rng->setentropy = rng_setentropy.
> If we setsockopt on a af_alg socket binding a rng
> algorithm with ALG_SET_DRBG_ENTROPY opt, kernel will
> run to ->set_ent in rng_setentropy.
> 
> Since struct rng_alg like jent_alg dose not set set_ent
> which default value is 0, null-ptr-dereference will happen.
> 
> Check ->set_ent before call it.
> 
> Signed-off-by: Yiqi Sun <sunyiqixm@...il.com>
> ---
>  crypto/algif_rng.c | 3 +++
>  1 file changed, 3 insertions(+)

Thanks for the report.  I'd prefer to make set_ent always present:

---8<---
Ensure that set_ent is always set since only drbg provides it.

Fixes: 77ebdabe8de7 ("crypto: af_alg - add extra parameters for DRBG interface")
Reported-by: Yiqi Sun <sunyiqixm@...il.com>
Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au>

diff --git a/crypto/rng.c b/crypto/rng.c
index b8ae6ebc091d..ee1768c5a400 100644
--- a/crypto/rng.c
+++ b/crypto/rng.c
@@ -168,6 +168,11 @@ int crypto_del_default_rng(void)
 EXPORT_SYMBOL_GPL(crypto_del_default_rng);
 #endif
 
+static void rng_default_set_ent(struct crypto_rng *tfm, const u8 *data,
+				unsigned int len)
+{
+}
+
 int crypto_register_rng(struct rng_alg *alg)
 {
 	struct crypto_alg *base = &alg->base;
@@ -179,6 +184,9 @@ int crypto_register_rng(struct rng_alg *alg)
 	base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK;
 	base->cra_flags |= CRYPTO_ALG_TYPE_RNG;
 
+	if (!alg->set_ent)
+		alg->set_ent = rng_default_set_ent;
+
 	return crypto_register_alg(base);
 }
 EXPORT_SYMBOL_GPL(crypto_register_rng);
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ