From acbba60c5da46c9d6a91796f3d110f59cfa66ebc Mon Sep 17 00:00:00 2001
From: Stephan Müller <smueller@chronox.de>
Date: Sun, 7 Jun 2020 15:20:26 +0200
Subject: crypto: drbg - always try to free Jitter RNG instance

commit f4d7cabd9661612f3019866664addbc463854102 upstream.

The Jitter RNG is unconditionally allocated as a seed source follwoing
the patch ffb82d3279a8. Thus, the instance must always be deallocated.

Reported-by: syzbot+2e635807decef724a1fa@syzkaller.appspotmail.com
Fixes: ffb82d3279a8 ("crypto: drbg - always seeded with SP800-90B ...")
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 crypto/drbg.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/crypto/drbg.c b/crypto/drbg.c
index 28871b08..b2b256a1 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -1647,10 +1647,12 @@ static int drbg_uninstantiate(struct drbg_state *drbg)
 	if (drbg->random_ready.notifier_call) {
 		unregister_random_ready_notifier(&drbg->random_ready);
 		cancel_work_sync(&drbg->seed_work);
-		crypto_free_rng(drbg->jent);
-		drbg->jent = NULL;
 	}
 
+	if (!IS_ERR_OR_NULL(drbg->jent))
+		crypto_free_rng(drbg->jent);
+	drbg->jent = NULL;
+
 	if (drbg->d_ops)
 		drbg->d_ops->crypto_fini(drbg);
 	drbg_dealloc_state(drbg);
-- 
cgit v1.2.3