security/keys: make BIG_KEYS dependent on stdrng.
diff mbox

Message ID 1473079079-22465-1-git-send-email-asavkov@redhat.com
State New
Headers show

Commit Message

Artem Savkov Sept. 5, 2016, 12:37 p.m. UTC
Since BIG_KEYS can't be compiled as module it requires one of the "stdrng"
providers to be compiled into kernel. Otherwise big_key_crypto_init() fails
on crypto_alloc_rng step and next dereference of big_key_skcipher (e.g. in
big_key_preparse()) results in a NULL pointer dereference.

Signed-off-by: Artem Savkov <asavkov@redhat.com>
---
 security/keys/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

David Howells Sept. 6, 2016, 12:58 p.m. UTC | #1
Artem Savkov <asavkov@redhat.com> wrote:

> -	select CRYPTO
> +	depends on (CRYPTO_ANSI_CPRNG = y || CRYPTO_DRBG = y)

Should those be "==" not "="?

David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Artem Savkov Sept. 6, 2016, 1:06 p.m. UTC | #2
On Tue, Sep 06, 2016 at 01:58:49PM +0100, David Howells wrote:
> Artem Savkov <asavkov@redhat.com> wrote:
> 
> > -	select CRYPTO
> > +	depends on (CRYPTO_ANSI_CPRNG = y || CRYPTO_DRBG = y)
> 
> Should those be "==" not "="?

Accodring to Documentation/kbuild/kconfig-language.txt (line 173) it is
"=" and I can only see "=" being used in existing Kconfigs.

Patch
diff mbox

diff --git a/security/keys/Kconfig b/security/keys/Kconfig
index f826e87..d942c7c 100644
--- a/security/keys/Kconfig
+++ b/security/keys/Kconfig
@@ -41,7 +41,7 @@  config BIG_KEYS
 	bool "Large payload keys"
 	depends on KEYS
 	depends on TMPFS
-	select CRYPTO
+	depends on (CRYPTO_ANSI_CPRNG = y || CRYPTO_DRBG = y)
 	select CRYPTO_AES
 	select CRYPTO_ECB
 	select CRYPTO_RNG