The function drbg_generate_long slices the request into 2**16 byte
or smaller chunks. However, the loop, however invokes the random number
generation function with zero bytes when the request size is a multiple
of 2**16 bytes. The fix prevents zero bytes requests.
Signed-off-by: Stephan Mueller <redacted>
---
crypto/drbg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index ff975d9..7894db9 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -1500,7 +1500,7 @@ static int drbg_generate_long(struct drbg_state *drbg,
if (0 >= tmplen)
return tmplen;
len += tmplen;
- } while (slice > 0);
+ } while (slice > 0 && (len < buflen));
return len;
}
--
1.9.3