On Sun, Sep 17, 2017 at 8:04 AM, Eric Biggers wrote:
> This should jump to 'err_enckey', otherwise it will leak 'enckey'.
Yikes, good catch, thanks!
>
> Otherwise the changes all look good; after fixing the above, feel free to add
> my
> Reviewed-by.
Ack.
> Yes, AES-GCM is the right choice he
Hi Jason,
On Sat, Sep 16, 2017 at 03:05:33PM +0200, Jason A. Donenfeld wrote:
> -
> - ret = big_key_gen_enckey(enckey);
> - if (ret)
> - goto err_enckey;
> + ret = get_random_bytes_wait(enckey, ENC_KEY_SIZE);
> + if (unlikely(ret)
This started out as just replacing the use of crypto/rng with
get_random_bytes_wait, so that we wouldn't use bad randomness at boot time.
But, upon looking further, it appears that there were even deeper
underlying cryptographic problems, and that this seems to have been
committed with very little
3 matches
Mail list logo
