crypto: ansi_cprng - Fix off by one error in non-block size request (CVE-2013-4345)

svn path=/dists/trunk/linux/; revision=20703

debian/changelog

@@ -34,6 +34,8 @@ linux (3.11.5-1) UNRELEASED; urgency=low
   * hwmon: Enable SENSORS_JC42, SENSORS_NCT6775 as modules (Closes: #722062)
   * compiler/gcc4: Add quirk for 'asm goto' miscompilation bug
   * [arm64] Build a linux-libc-dev package (Closes: #695241)
+  * crypto: ansi_cprng - Fix off by one error in non-block size request
+    (CVE-2013-4345)
 
   [ Ian Campbell ]
   * [armhf] Enable CONFIG_PCI for multiplatform flavour.

debian/patches/bugfix/all/crypto-ansi_cprng-Fix-off-by-one-error-in-non-block-.patch

@@ -0,0 +1,44 @@
+From: Neil Horman <nhorman@tuxdriver.com>
+Date: Tue, 17 Sep 2013 08:33:11 -0400
+Subject: crypto: ansi_cprng - Fix off by one error in non-block size request
+Origin: https://git.kernel.org/cgit/linux/kernel/git/herbert/cryptodev-2.6.git/commit?id=714b33d15130cbb5ab426456d4e3de842d6c5b8a
+
+Stephan Mueller reported to me recently a error in random number generation in
+the ansi cprng. If several small requests are made that are less than the
+instances block size, the remainder for loop code doesn't increment
+rand_data_valid in the last iteration, meaning that the last bytes in the
+rand_data buffer gets reused on the subsequent smaller-than-a-block request for
+random data.
+
+The fix is pretty easy, just re-code the for loop to make sure that
+rand_data_valid gets incremented appropriately
+
+Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
+Reported-by: Stephan Mueller <stephan.mueller@atsec.com>
+CC: Stephan Mueller <stephan.mueller@atsec.com>
+CC: Petr Matousek <pmatouse@redhat.com>
+CC: Herbert Xu <herbert@gondor.apana.org.au>
+CC: "David S. Miller" <davem@davemloft.net>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ crypto/ansi_cprng.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c
+index c0bb377..666f196 100644
+--- a/crypto/ansi_cprng.c
++++ b/crypto/ansi_cprng.c
+@@ -230,11 +230,11 @@ remainder:
+ 	 */
+ 	if (byte_count < DEFAULT_BLK_SZ) {
+ empty_rbuf:
+-		for (; ctx->rand_data_valid < DEFAULT_BLK_SZ;
+-			ctx->rand_data_valid++) {
++		while (ctx->rand_data_valid < DEFAULT_BLK_SZ) {
+ 			*ptr = ctx->rand_data[ctx->rand_data_valid];
+ 			ptr++;
+ 			byte_count--;
++			ctx->rand_data_valid++;
+ 			if (byte_count == 0)
+ 				goto done;
+ 		}

debian/patches/series

@@ -77,3 +77,4 @@ bugfix/m68k/ethernat-kconfig.patch
 bugfix/m68k/atari-irqs.patch
 
 bugfix/all/compiler-gcc-4-add-quirk-for-asm-goto-miscompilation-bug.patch
+bugfix/all/crypto-ansi_cprng-Fix-off-by-one-error-in-non-block-.patch