Received: by 2002:a25:824b:0:0:0:0:0 with SMTP id d11csp2332471ybn; Thu, 26 Sep 2019 10:17:15 -0700 (PDT) X-Google-Smtp-Source: APXvYqzHKa8HGyZyyuDJeS1Pi2QHMhpMiVvjyIaHyyP1rjSx6vo9SkSPMHM3WVuKhhEhL4PQUokz X-Received: by 2002:aa7:d803:: with SMTP id v3mr4933217edq.146.1569518235846; Thu, 26 Sep 2019 10:17:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569518235; cv=none; d=google.com; s=arc-20160816; b=EWQzGcy5QqppOZyevsvQFzmuSj6OB/GgOhz9uOWILeHQwp8dw2q96PGC6/Ojzhk1gU MrQ2pYMbx7ilFk3BEBI6rp28Hs/gLIH2Rq1u5S5nw+tXltIswxXu3BrFu8gbMErlJJtY iby+7mnczlP/fb5SaE2e/3yqVi9VmXZeSe8BnI1NxNEZNrhK4LO4MdkYdfGxvn4u3/Mn OHXHLYLG5jTBPaXP0KSXdyel9LssYDLNttQNXbbd7gwaS8hRiut30+3E6Mkq2YiJWp0W SLkLI5jHclf1y8RkTiqGUV/6aIXqoKl9S0kt0gjZcZeMATqjwn9XQUtwyhdrLVV+cxSy rl6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=lTLL7zjwvleM4za5ecLR6jVPm2UTwDiPUOpjiR2FDUQ=; b=gNcsdMK6CV3i81iXQRqyfRgWdrkid7RpAvDpBvcqYmjQL2LYBRjbzIDJSu69WWwh7I Lq1OQsFBqNl0eup3i8wnssoXSqvICRVpwp9Qv7qXmPTZQTcagMGhezNgn2YrCOpy2iLs HBTZjBS8pslYGrsAnzigcmxc+aX/ZIzn66wQHrxKQRRnS585dnejIjiaPqCaWqD/y5RI 4O+48onFTunXzi0z56GoWZtX/2RD+tv2NfwqwYFaQ/ayqZxCp6NExRdnV8OPuQSwmwQO o4bq5HmGJ5bUNGzzLnfaTttMOAVbCORBkMoPAwMbd+cPUUKtlS2AwgW+RPGgAGnrTHEt uRhA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v14si1997933ede.424.2019.09.26.10.16.43; Thu, 26 Sep 2019 10:17:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727557AbfIZRQR (ORCPT + 99 others); Thu, 26 Sep 2019 13:16:17 -0400 Received: from mga18.intel.com ([134.134.136.126]:63648 "EHLO mga18.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727512AbfIZRQR (ORCPT ); Thu, 26 Sep 2019 13:16:17 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Sep 2019 10:16:15 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,552,1559545200"; d="scan'208";a="219475012" Received: from schneian-mobl1.ger.corp.intel.com (HELO localhost) ([10.249.39.17]) by fmsmga002.fm.intel.com with ESMTP; 26 Sep 2019 10:16:12 -0700 From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: Jarkko Sakkinen , stable@vger.kernel.org, David Howells , Herbert Xu , "David S. Miller" , keyrings@vger.kernel.org (open list:ASYMMETRIC KEYS), linux-crypto@vger.kernel.org (open list:CRYPTO API), linux-kernel@vger.kernel.org (open list) Subject: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes() Date: Thu, 26 Sep 2019 20:16:01 +0300 Message-Id: <20190926171601.30404-1-jarkko.sakkinen@linux.intel.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Only the kernel random pool should be used for generating random numbers. TPM contributes to that pool among the other sources of entropy. In here it is not, agreed, absolutely critical because TPM is what is trusted anyway but in order to remove tpm_get_random() we need to first remove all the call sites. Cc: stable@vger.kernel.org Fixes: 0c36264aa1d5 ("KEYS: asym_tpm: Add loadkey2 and flushspecific [ver #2]") Signed-off-by: Jarkko Sakkinen --- crypto/asymmetric_keys/asym_tpm.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/crypto/asymmetric_keys/asym_tpm.c b/crypto/asymmetric_keys/asym_tpm.c index 76d2ce3a1b5b..c14b8d186e93 100644 --- a/crypto/asymmetric_keys/asym_tpm.c +++ b/crypto/asymmetric_keys/asym_tpm.c @@ -6,6 +6,7 @@ #include #include #include +#include #include #include #include @@ -54,11 +55,7 @@ static int tpm_loadkey2(struct tpm_buf *tb, } /* generate odd nonce */ - ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE); - if (ret < 0) { - pr_info("tpm_get_random failed (%d)\n", ret); - return ret; - } + get_random_bytes(nonceodd, TPM_NONCE_SIZE); /* calculate authorization HMAC value */ ret = TSS_authhmac(authdata, keyauth, SHA1_DIGEST_SIZE, enonce, -- 2.20.1