random: fix crng_ready() test - wireguard-linux - WireGuard for the Linux kernel

diff options

author	Theodore Ts'o <tytso@mit.edu>	2018-04-11 13:27:52 -0400
committer	Theodore Ts'o <tytso@mit.edu>	2018-04-14 11:58:26 -0400
commit	43838a23a05fbd13e47d750d3dfd77001536dd33 (patch)
tree	cfdb6b48fe4054cbf9fe50b3847f871233db125d /net/unix/af_unix.c
parent	drivers/char/random.c: remove unused dont_count_entropy (diff)
download	wireguard-linux-43838a23a05fbd13e47d750d3dfd77001536dd33.tar.xz wireguard-linux-43838a23a05fbd13e47d750d3dfd77001536dd33.zip

random: fix crng_ready() test

The crng_init variable has three states: 0: The CRNG is not initialized at all 1: The CRNG has a small amount of entropy, hopefully good enough for early-boot, non-cryptographical use cases 2: The CRNG is fully initialized and we are sure it is safe for cryptographic use cases. The crng_ready() function should only return true once we are in the last state. This addresses CVE-2018-1108. Reported-by: Jann Horn <jannh@google.com> Fixes: e192be9d9a30 ("random: replace non-blocking pool...") Cc: stable@kernel.org # 4.8+ Signed-off-by: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Jann Horn <jannh@google.com>

Diffstat (limited to 'net/unix/af_unix.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: