Am Freitag, 27. Juli 2018, 12:53:35 CEST schrieb Herbert Xu:
Hi Herbert,
> On Fri, Jul 20, 2018 at 07:42:01PM +0200, Stephan Müller wrote:
> > @@ -1747,10 +1733,18 @@ static int drbg_kcapi_sym_ctr(struct drbg_state
> > *drbg,>
> > u8 *outbuf, u32 outlen)
> >
> > {
> >
> > struct scatterlist *sg_in = &drbg->sg_in, *sg_out = &drbg->sg_out;
> >
> > + u32 scratchpad_use = min_t(u32, outlen, DRBG_OUTSCRATCHLEN);
> >
> > int ret;
> >
> > - sg_set_buf(sg_in, inbuf, inlen);
> > - sg_set_buf(sg_out, drbg->outscratchpad, DRBG_OUTSCRATCHLEN);
> > + if (inbuf) {
> > + /* Use caller-provided input buffer */
> > + sg_set_buf(sg_in, inbuf, inlen);
> > + } else {
> > + /* Use scratchpad for in-place operation */
> > + inlen = scratchpad_use;
> > + memset(drbg->outscratchpad, 0, scratchpad_use);
> > + sg_set_buf(sg_in, drbg->outscratchpad, scratchpad_use);
> > + }
>
> What guarantees that inbuf isn't on the stack?
This is guaranteed by the invokers of drbg_kcapi_sym_ctr as there are two
only:
- the one in drbg_ctr_update uses the scratchpad for inbuf
- the one in drbg_ctr_generate uses NULL which implies that the outscratchpad
is used.
Ciao
Stephan
