18 Dec
2020
18 Dec
'20
10:28 a.m.
From: Matthias Brugger mbrugger@suse.com
For now bootp and uuid code use a weak seed for generating random data. U-Boot as support for RNG devices now, so we should change to code to use them if they are present. This will help mitigate issues like seen in CVE-2019-11690.
Changes in v3: - use IS_ENABLED instead of #if - use 4 byte for entropy - use IS_ENABLED instead of #if
Changes in v2: - fix dm_rng_read() parameters - add missing include - fix dm_rng_read() parameters - add missing include file
Matthias Brugger (2): lib: uuid: use RNG device if present net: Use NDRNG device in srand_mac()
lib/uuid.c | 21 ++++++++++++++++++--- net/net_rand.h | 19 ++++++++++++++++++- 2 files changed, 36 insertions(+), 4 deletions(-)
--
2.29.2