diff options
| -rw-r--r-- | drivers/char/random.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/drivers/char/random.c b/drivers/char/random.c index 8b09d608c802..7035739d1924 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -320,6 +320,13 @@ static void crng_reseed(void) * the resultant ChaCha state to the user, along with the second * half of the block containing 32 bytes of random data that may * be used; random_data_len may not be greater than 32. + * + * The returned ChaCha state contains within it a copy of the old + * key value, at index 4, so the state should always be zeroed out + * immediately after using in order to maintain forward secrecy. + * If the state cannot be erased in a timely manner, then it is + * safer to set the random_data parameter to &chacha_state[4] so + * that this function overwrites it before returning. */ static void crng_fast_key_erasure(u8 key[CHACHA_KEY_SIZE], u32 chacha_state[CHACHA_STATE_WORDS], |