diff options
author | Lennart Poettering <lennart@poettering.net> | 2022-12-20 11:53:37 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2023-01-04 15:18:10 +0100 |
commit | a16c65f3c4c93e24eda9cf7f14d5da4062c6ca10 (patch) | |
tree | 9392786a0877654168fbd41171535e81e064e461 /src/random-seed | |
parent | 114172fbe75b247883dd873cafb9209e4a2bd778 (diff) | |
download | systemd-a16c65f3c4c93e24eda9cf7f14d5da4062c6ca10.tar.gz |
sha256: add helper than hashes a buffer *and* its size
We use this pattern all the time in order to thward extension attacks,
add a helper to make it shorter.
Diffstat (limited to 'src/random-seed')
-rw-r--r-- | src/random-seed/random-seed.c | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/src/random-seed/random-seed.c b/src/random-seed/random-seed.c index 90890e33f2..a50fdc12ae 100644 --- a/src/random-seed/random-seed.c +++ b/src/random-seed/random-seed.c @@ -194,8 +194,7 @@ static int load_seed_file( return log_oom(); sha256_init_ctx(hash_state); - sha256_process_bytes(&k, sizeof(k), hash_state); /* Hash length to distinguish from new seed. */ - sha256_process_bytes(buf, k, hash_state); + sha256_process_bytes_and_size(buf, k, hash_state); /* Hash with length to distinguish from new seed. */ *ret_hash_state = hash_state; } @@ -288,8 +287,7 @@ static int save_seed_file( if (hash_state) { uint8_t hash[SHA256_DIGEST_SIZE]; - sha256_process_bytes(&k, sizeof(k), hash_state); /* Hash length to distinguish from old seed. */ - sha256_process_bytes(buf, k, hash_state); + sha256_process_bytes_and_size(buf, k, hash_state); /* Hash with length to distinguish from old seed. */ sha256_finish_ctx(hash_state, hash); l = MIN((size_t)k, sizeof(hash)); memcpy((uint8_t *)buf + k - l, hash, l); @@ -370,8 +368,7 @@ static int refresh_boot_seed(void) { /* Hash the old seed in so that we never regress in entropy. */ sha256_init_ctx(&hash_state); - sha256_process_bytes(&n, sizeof(n), &hash_state); - sha256_process_bytes(seed_file_bytes, n, &hash_state); + sha256_process_bytes_and_size(seed_file_bytes, n, &hash_state); /* We're doing this opportunistically, so if the seeding dance before didn't manage to initialize the * RNG, there's no point in doing it here. Secondly, getrandom(GRND_NONBLOCK) has been around longer @@ -392,8 +389,7 @@ static int refresh_boot_seed(void) { assert(n == sizeof(buffer)); /* Hash the new seed into the state containing the old one to generate our final seed. */ - sha256_process_bytes(&n, sizeof(n), &hash_state); - sha256_process_bytes(buffer, n, &hash_state); + sha256_process_bytes_and_size(buffer, n, &hash_state); sha256_finish_ctx(&hash_state, buffer); if (lseek(seed_fd, 0, SEEK_SET) < 0) |