4.8-stable review patch. If anyone has any objections, please let me know.
------------------
From: Artem Savkov <asav...@redhat.com>
commit 31e6ec4519c0fe0ee4a2f6ba3ab278e9506b9500 upstream.
Since BIG_KEYS can't be compiled as module it requires one of the "stdrng"
providers to be compiled into kernel. Otherwise big_key_crypto_init() fails
on crypto_alloc_rng step and next dereference of big_key_skcipher (e.g. in
big_key_preparse()) results in a NULL pointer dereference.
Fixes: 13100a72f40f5748a04017e0ab3df4cf27c809ef ('Security: Keys: Big keys
stored encrypted')
Signed-off-by: Artem Savkov <asav...@redhat.com>
Signed-off-by: David Howells <dhowe...@redhat.com>
cc: Stephan Mueller <smuel...@chronox.de>
cc: Kirill Marinushkin <k.marinush...@gmail.com>
Signed-off-by: James Morris <james.l.mor...@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
---
security/keys/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/security/keys/Kconfig
+++ b/security/keys/Kconfig
@@ -41,7 +41,7 @@ config BIG_KEYS
bool "Large payload keys"
depends on KEYS
depends on TMPFS
- select CRYPTO
+ depends on (CRYPTO_ANSI_CPRNG = y || CRYPTO_DRBG = y)
select CRYPTO_AES
select CRYPTO_ECB
select CRYPTO_RNG
