mirror of https://github.com/mirror/busybox.git
seedrng: do not hash in a constant string, it's not adding entropy
function old new delta seedrng_main 906 880 -26 .rodata 104899 104873 -26 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-52) Total: -52 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>pull/59/head
parent
3bfbcb5807
commit
67fd6be0bb
|
@ -169,7 +169,7 @@ int seedrng_main(int argc UNUSED_PARAM, char **argv)
|
|||
uint8_t new_seed[MAX_SEED_LEN];
|
||||
size_t new_seed_len;
|
||||
bool new_seed_creditable;
|
||||
struct timespec timestamp;
|
||||
struct timespec timestamp[2];
|
||||
sha256_ctx_t hash;
|
||||
|
||||
enum {
|
||||
|
@ -197,19 +197,19 @@ int seedrng_main(int argc UNUSED_PARAM, char **argv)
|
|||
* Avoid concurrent runs by taking a blocking lock on the directory.
|
||||
* Not checking for errors. Looking at manpage,
|
||||
* ENOLCK "The kernel ran out of memory for allocating lock records"
|
||||
* seems to be the only one which is likely - and if that happens,
|
||||
* seems to be the only one which is possible - and if that happens,
|
||||
* machine is OOMing (much worse problem than inability to lock...).
|
||||
* Also, typically configured Linux machines do not fail GFP_KERNEL
|
||||
* allocations (they trigger memory reclaim instead).
|
||||
*/
|
||||
flock(dfd, LOCK_EX); /* would block while another copy runs */
|
||||
flock(dfd, LOCK_EX); /* blocks while another instance runs */
|
||||
|
||||
sha256_begin(&hash);
|
||||
sha256_hash(&hash, "SeedRNG v1 Old+New Prefix", 25);
|
||||
clock_gettime(CLOCK_REALTIME, ×tamp);
|
||||
sha256_hash(&hash, ×tamp, sizeof(timestamp));
|
||||
clock_gettime(CLOCK_BOOTTIME, ×tamp);
|
||||
sha256_hash(&hash, ×tamp, sizeof(timestamp));
|
||||
//Hashing in a constant string doesn't add any entropy
|
||||
// sha256_hash(&hash, "SeedRNG v1 Old+New Prefix", 25);
|
||||
clock_gettime(CLOCK_REALTIME, ×tamp[0]);
|
||||
clock_gettime(CLOCK_BOOTTIME, ×tamp[1]);
|
||||
sha256_hash(&hash, timestamp, sizeof(timestamp));
|
||||
|
||||
for (i = 0; i <= 1; i++) {
|
||||
seed_from_file_if_exists(
|
||||
|
|
Loading…
Reference in New Issue