summaryrefslogtreecommitdiff
path: root/src/boot/bootctl-random-seed.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2022-12-20 11:53:37 +0100
committerLennart Poettering <lennart@poettering.net>2023-01-04 15:18:10 +0100
commita16c65f3c4c93e24eda9cf7f14d5da4062c6ca10 (patch)
tree9392786a0877654168fbd41171535e81e064e461 /src/boot/bootctl-random-seed.c
parent114172fbe75b247883dd873cafb9209e4a2bd778 (diff)
downloadsystemd-a16c65f3c4c93e24eda9cf7f14d5da4062c6ca10.tar.gz
sha256: add helper than hashes a buffer *and* its size
We use this pattern all the time in order to thward extension attacks, add a helper to make it shorter.
Diffstat (limited to 'src/boot/bootctl-random-seed.c')
-rw-r--r--src/boot/bootctl-random-seed.c6
1 files changed, 2 insertions, 4 deletions
diff --git a/src/boot/bootctl-random-seed.c b/src/boot/bootctl-random-seed.c
index ab02aa087b..1f33b5b71b 100644
--- a/src/boot/bootctl-random-seed.c
+++ b/src/boot/bootctl-random-seed.c
@@ -43,8 +43,7 @@ int install_random_seed(const char *esp) {
return log_error_errno(r, "Failed to acquire random seed: %m");
sha256_init_ctx(&hash_state);
- sha256_process_bytes(&(const size_t) { sizeof(buffer) }, sizeof(size_t), &hash_state);
- sha256_process_bytes(buffer, sizeof(buffer), &hash_state);
+ sha256_process_bytes_and_size(buffer, sizeof(buffer), &hash_state);
fd = openat(loader_dir_fd, "random-seed", O_NOFOLLOW|O_CLOEXEC|O_RDONLY|O_NOCTTY);
if (fd < 0) {
@@ -62,8 +61,7 @@ int install_random_seed(const char *esp) {
if (n < 0)
return log_error_errno(errno, "Failed to read old random seed file: %m");
- sha256_process_bytes(&n, sizeof(n), &hash_state);
- sha256_process_bytes(buffer, n, &hash_state);
+ sha256_process_bytes_and_size(buffer, n, &hash_state);
fd = safe_close(fd);
refreshed = n > 0;
View Lorry Controller Status