diff options
| author | Jason A. Donenfeld <Jason@zx2c4.com> | 2022-01-05 14:36:13 +0100 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2022-01-06 02:09:22 +0900 |
| commit | 06511ba559a6026dd3a41a17c96af364eed93292 (patch) | |
| tree | 008023e0c4739703f5a83811992349ccd4adcc98 /src/random-seed | |
| parent | 9cca5f4cda3f7a3bf9b7154ad0cddba8c7897ea5 (diff) | |
| download | systemd-06511ba559a6026dd3a41a17c96af364eed93292.tar.gz | |
random-seed: cleanup code nits
This incorporates various nits from the post-merge review on #21986.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'src/random-seed')
| -rw-r--r-- | src/random-seed/random-seed.c | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/src/random-seed/random-seed.c b/src/random-seed/random-seed.c index bba8335720..867d55169d 100644 --- a/src/random-seed/random-seed.c +++ b/src/random-seed/random-seed.c @@ -104,11 +104,10 @@ static CreditEntropy may_credit(int seed_fd) { } static int run(int argc, char *argv[]) { + bool read_seed_file, write_seed_file, synchronous, hashed_old_seed = false; _cleanup_close_ int seed_fd = -1, random_fd = -1; - bool read_seed_file, write_seed_file, synchronous; _cleanup_free_ void* buf = NULL; struct sha256_ctx hash_state; - uint8_t hash[32]; size_t buf_size; struct stat st; ssize_t k, l; @@ -214,6 +213,16 @@ static int run(int argc, char *argv[]) { else { CreditEntropy lets_credit; + /* If we're going to later write out a seed file, initialize a hash state with + * the contents of the seed file we just read, so that the new one can't regress + * in entropy. */ + if (write_seed_file) { + sha256_init_ctx(&hash_state); + sha256_process_bytes(&k, sizeof(k), &hash_state); /* Hash length to distinguish from new seed. */ + sha256_process_bytes(buf, k, &hash_state); + hashed_old_seed = true; + } + (void) lseek(seed_fd, 0, SEEK_SET); lets_credit = may_credit(seed_fd); @@ -245,16 +254,6 @@ static int run(int argc, char *argv[]) { if (r < 0) log_error_errno(r, "Failed to write seed to /dev/urandom: %m"); } - /* If we're going to later write out a seed file, initialize a hash state with - * the contents of the seed file we just read, so that the new one can't regress - * in entropy. */ - if (write_seed_file) { - sha256_init_ctx(&hash_state); - if (k < 0) - k = 0; - sha256_process_bytes(&k, sizeof(k), &hash_state); - sha256_process_bytes(buf, k, &hash_state); - } } if (write_seed_file) { @@ -293,11 +292,12 @@ static int run(int argc, char *argv[]) { /* If we previously read in a seed file, then hash the new seed into the old one, * and replace the last 32 bytes of the seed with the hash output, so that the * new seed file can't regress in entropy. */ - if (read_seed_file) { - sha256_process_bytes(&k, sizeof(k), &hash_state); + if (hashed_old_seed) { + uint8_t hash[32]; + sha256_process_bytes(&k, sizeof(k), &hash_state); /* Hash length to distinguish from old seed. */ sha256_process_bytes(buf, k, &hash_state); sha256_finish_ctx(&hash_state, hash); - l = MIN(k, 32); + l = MIN((size_t)k, sizeof(hash)); memcpy((uint8_t *)buf + k - l, hash, l); } |