Commit 72a9e727 authored Jun 08, 2023 by Nicolai Stange Committed by Yongqiang Liu Jun 08, 2023

crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors

stable inclusion
from stable-v4.19.283
commit f1943e5703861f89f4376596e3d28d0dd52c5ead
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I7BZ5U


CVE: NA

--------------------------------

[ Upstream commit 559edd47 ]

Now that drbg_prepare_hrng() doesn't do anything but to instantiate a
jitterentropy crypto_rng instance, it looks a little odd to have the
related error handling at its only caller, drbg_instantiate().

Move the handling of jitterentropy allocation failures from
drbg_instantiate() close to the allocation itself in drbg_prepare_hrng().

There is no change in behaviour.

Signed-off-by: Nicolai Stange <nstange@suse.de>
Reviewed-by: Stephan Müller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stable-dep-of: 686cd976 ("crypto: drbg - Only fail when jent is unavailable in FIPS mode")
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Yongqiang Liu <liuyongqiang13@huawei.com>

parent e773dd0e

crypto/drbg.c

+8 −8

Original line number	Diff line number	Diff line
		@@ -1425,6 +1425,14 @@ static int drbg_prepare_hrng(struct drbg_state *drbg)
		}

		drbg->jent = crypto_alloc_rng("jitterentropy_rng", 0, 0);
		if (IS_ERR(drbg->jent)) {
		const int err = PTR_ERR(drbg->jent);

		drbg->jent = NULL;
		if (fips_enabled \|\| err != -ENOENT)
		return err;
		pr_info("DRBG: Continuing without Jitter RNG\n");
		}

		/*
		* Require frequent reseeds until the seed source is fully
		@@ -1486,14 +1494,6 @@ static int drbg_instantiate(struct drbg_state drbg, struct drbg_string pers,
		if (ret)
		goto free_everything;

		if (IS_ERR(drbg->jent)) {
		ret = PTR_ERR(drbg->jent);
		drbg->jent = NULL;
		if (fips_enabled \|\| ret != -ENOENT)
		goto free_everything;
		pr_info("DRBG: Continuing without Jitter RNG\n");
		}

		reseed = false;
		}