The kernel's get_random_bytes provides random numbers suitable for crypto
purposes, while in barebox, we need to use get_crypto_bytes for that.
This footgun needs to be fixed, but until we do, let's make sure crypto
code doesn't use a badly seeded PRNG.
Fortunately crypto_ecdh_shared_secret is currently unused and this
doesn't affect any upstream users.
Signed-off-by: Ahmad Fatoum <a.fat...@pengutronix.de>
---
crypto/ecc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/ecc.c b/crypto/ecc.c
index d91948bddbde..b90fe0e74809 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -1621,7 +1621,7 @@ int crypto_ecdh_shared_secret(unsigned int curve_id,
unsigned int ndigits,
nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT;
- get_random_bytes(rand_z, nbytes);
+ get_crypto_bytes(rand_z, nbytes);
pk = ecc_alloc_point(ndigits);
if (!pk) {
--
2.39.5
