crypto: rng - ensure that the RNG is ready before using
Otherwise, we might be seeding the RNG using bad randomness, which is dangerous. The one use of this function from within the kernel -- not from userspace -- is being removed (keys/big_key), so that call site isn't relevant in assessing this. Cc: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
parent
8a1012d3f2
commit
c2176f0098
|
@ -43,12 +43,14 @@ int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed, unsigned int slen)
|
|||
if (!buf)
|
||||
return -ENOMEM;
|
||||
|
||||
get_random_bytes(buf, slen);
|
||||
err = get_random_bytes_wait(buf, slen);
|
||||
if (err)
|
||||
goto out;
|
||||
seed = buf;
|
||||
}
|
||||
|
||||
err = crypto_rng_alg(tfm)->seed(tfm, seed, slen);
|
||||
|
||||
out:
|
||||
kzfree(buf);
|
||||
return err;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue