Skip to content

Commit

Permalink
crypto: rng - ensure that the RNG is ready before using
Browse files Browse the repository at this point in the history 
Otherwise, we might be seeding the RNG using bad randomness, which is
dangerous. The one use of this function from within the kernel -- not
from userspace -- is being removed (keys/big_key), so that call site
isn't relevant in assessing this.

Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
  • Loading branch information
Jason A. Donenfeld authored and Herbert Xu committed Jul 28, 2017
1 parent 8a1012d commit c2176f0
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions crypto/rng.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,12 +43,14 @@ int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed, unsigned int slen)
if (!buf)
return -ENOMEM;

get_random_bytes(buf, slen);
err = get_random_bytes_wait(buf, slen);
if (err)
goto out;
seed = buf;
}

err = crypto_rng_alg(tfm)->seed(tfm, seed, slen);

out:
kzfree(buf);
return err;
}
Expand Down

0 comments on commit c2176f0

Please sign in to comment.