Re: [kernel-hardening] [PATCH v4 05/13] crypto/rng: ensure that the RNG is ready before using
On Thu, Jun 8, 2017 at 2:41 AM, Theodore Ts'owrote: > The use in keys/big_key is _being_ removed, so this commit is > dependent on that commit landing, correct? (Order matters, because > otherwise we don't want to potentially screw up doing a kernel bisect > and causing their kernel to deadlock during the boot while they are > trying to track down an unreleated problem.) Yes. It's actually landing with get_random_bytes, to avoid a dependency problem when merging. After these both lands, I'll submit a third changing that over to get_random_bytes_wait in the right place.
Re: [kernel-hardening] [PATCH v4 05/13] crypto/rng: ensure that the RNG is ready before using
On Tue, Jun 06, 2017 at 07:47:56PM +0200, Jason A. Donenfeld wrote: > Otherwise, we might be seeding the RNG using bad randomness, which is > dangerous. The one use of this function from within the kernel -- not > from userspace -- is being removed (keys/big_key), so that call site > isn't relevant in assessing this. The use in keys/big_key is _being_ removed, so this commit is dependent on that commit landing, correct? (Order matters, because otherwise we don't want to potentially screw up doing a kernel bisect and causing their kernel to deadlock during the boot while they are trying to track down an unreleated problem.) - Ted
[PATCH v4 05/13] crypto/rng: ensure that the RNG is ready before using
Otherwise, we might be seeding the RNG using bad randomness, which is dangerous. The one use of this function from within the kernel -- not from userspace -- is being removed (keys/big_key), so that call site isn't relevant in assessing this. Cc: Herbert XuSigned-off-by: Jason A. Donenfeld --- crypto/rng.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/crypto/rng.c b/crypto/rng.c index f46dac5288b9..e042437e64b4 100644 --- a/crypto/rng.c +++ b/crypto/rng.c @@ -48,12 +48,14 @@ int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed, unsigned int slen) if (!buf) return -ENOMEM; - get_random_bytes(buf, slen); + err = get_random_bytes_wait(buf, slen); + if (err) + goto out; seed = buf; } err = crypto_rng_alg(tfm)->seed(tfm, seed, slen); - +out: kzfree(buf); return err; } -- 2.13.0