Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / cc7535a0208a10ce56eaea687b36d3f4ddef9a74
commitcc7535a0208a10ce56eaea687b36d3f4ddef9a74[log] [tgz]
authorJason A. Donenfeld <Jason@zx2c4.com>Tue Feb 08 13:00:11 2022 +0100
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Sat Jun 25 11:45:07 2022 +0200
tree3e97a47a5d210c66e2d720dc116cb45201dfa5b8
parent4e575837e4348cc5f9f0892615e1c414af399380 [diff]
random: do not xor RDRAND when writing into /dev/random

commit 91c2afca290ed3034841c8c8532e69ed9e16cf34 upstream.

Continuing the reasoning of "random: ensure early RDSEED goes through
mixer on init", we don't want RDRAND interacting with anything without
going through the mixer function, as a backdoored CPU could presumably
cancel out data during an xor, which it'd have a harder time doing when
being forced through a cryptographic hash function. There's actually no
need at all to be calling RDRAND in write_pool(), because before we
extract from the pool, we always do so with 32 bytes of RDSEED hashed in
at that stage. Xoring at this stage is needless and introduces a minor
liability.

Cc: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Dominik Brodowski <linux@dominikbrodowski.net>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: 3e97a47a5d210c66e2d720dc116cb45201dfa5b8
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README
  35. REPORTING-BUGS