[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] crypto/gcrypt: prefer kernel as direct source of entropy
|
From: |
Cristian Rodríguez |
|
Subject: |
[PATCH] crypto/gcrypt: prefer kernel as direct source of entropy |
|
Date: |
Fri, 19 Jan 2024 17:39:40 -0300 |
gcrypt by default uses an userspace RNG, which cannot know
when it is time to discard/invalidate its buffer
(suspend, resume, vm forks, other corner cases)
as a "when to discard" event is unavailable to userspace.
Set GCRYCTL_SET_PREFERRED_RNG_TYPE to GCRY_RNG_TYPE_SYSTEM
which must be done before the first call to gcry_check_version()
Signed-off-by: Cristian Rodríguez <cristian@rodriguez.im>
---
crypto/init.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/crypto/init.c b/crypto/init.c
index fb7f1bff10..0c3fe6a841 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -60,6 +60,7 @@ int qcrypto_init(Error **errp)
#endif
#ifdef CONFIG_GCRYPT
+ gcry_control(GCRYCTL_SET_PREFERRED_RNG_TYPE, GCRY_RNG_TYPE_SYSTEM);
if (!gcry_check_version(NULL)) {
error_setg(errp, "Unable to initialize gcrypt");
return -1;
--
2.43.0
- [PATCH] crypto/gcrypt: prefer kernel as direct source of entropy,
Cristian Rodríguez <=