diff options
author | Lennart Poettering <lennart@poettering.net> | 2022-12-20 11:53:37 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2023-01-04 15:18:10 +0100 |
commit | a16c65f3c4c93e24eda9cf7f14d5da4062c6ca10 (patch) | |
tree | 9392786a0877654168fbd41171535e81e064e461 /src/boot | |
parent | 114172fbe75b247883dd873cafb9209e4a2bd778 (diff) | |
download | systemd-a16c65f3c4c93e24eda9cf7f14d5da4062c6ca10.tar.gz |
sha256: add helper than hashes a buffer *and* its size
We use this pattern all the time in order to thward extension attacks,
add a helper to make it shorter.
Diffstat (limited to 'src/boot')
-rw-r--r-- | src/boot/bootctl-random-seed.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/src/boot/bootctl-random-seed.c b/src/boot/bootctl-random-seed.c index ab02aa087b..1f33b5b71b 100644 --- a/src/boot/bootctl-random-seed.c +++ b/src/boot/bootctl-random-seed.c @@ -43,8 +43,7 @@ int install_random_seed(const char *esp) { return log_error_errno(r, "Failed to acquire random seed: %m"); sha256_init_ctx(&hash_state); - sha256_process_bytes(&(const size_t) { sizeof(buffer) }, sizeof(size_t), &hash_state); - sha256_process_bytes(buffer, sizeof(buffer), &hash_state); + sha256_process_bytes_and_size(buffer, sizeof(buffer), &hash_state); fd = openat(loader_dir_fd, "random-seed", O_NOFOLLOW|O_CLOEXEC|O_RDONLY|O_NOCTTY); if (fd < 0) { @@ -62,8 +61,7 @@ int install_random_seed(const char *esp) { if (n < 0) return log_error_errno(errno, "Failed to read old random seed file: %m"); - sha256_process_bytes(&n, sizeof(n), &hash_state); - sha256_process_bytes(buffer, n, &hash_state); + sha256_process_bytes_and_size(buffer, n, &hash_state); fd = safe_close(fd); refreshed = n > 0; |