git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Theodore Ts'o <tytso@mit.edu>
	Wed, 11 Apr 2018 17:27:52 +0000 (13:27 -0400)
committer	Khalid Elmously <khalid.elmously@canonical.com>
	Wed, 6 Jun 2018 15:49:34 +0000 (11:49 -0400)
commit	725e828bd8c830e299e6b7c609c2ae93a5b49b34
tree	8752788e9f4a62aa8758c1ba0dccc52e70d07969	tree
parent	6d6e4cf8ae2548b2402109d62f90873303447384	commit \| diff

random: fix crng_ready() test

BugLink: http://bugs.launchpad.net/bugs/1773233
commit 43838a23a05fbd13e47d750d3dfd77001536dd33 upstream.

The crng_init variable has three states:

0: The CRNG is not initialized at all
1: The CRNG has a small amount of entropy, hopefully good enough for
   early-boot, non-cryptographical use cases
2: The CRNG is fully initialized and we are sure it is safe for
   cryptographic use cases.

The crng_ready() function should only return true once we are in the
last state.  This addresses CVE-2018-1108.

Reported-by: Jann Horn <jannh@google.com>
Fixes: e192be9d9a30 ("random: replace non-blocking pool...")
Cc: stable@kernel.org # 4.8+
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jann Horn <jannh@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Acked-by: Khalid Elmously <khalid.elmously@canonical.com>
Acked-by: Brad Figg <brad.figg@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>