diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2022-05-01 00:17:58 +0300 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2022-05-01 00:17:58 +0300 |
| commit | 464875411926d4085e3496f94551e532676d2e9d (patch) | |
| tree | a5b0fb3cd79462e5ca9c090adedbd3c174cd3859 /util-linux | |
| parent | 267178c62851a2e0fa3825bb49a67e362f41d4c0 (diff) | |
seedrng: re-add fsync after unlink, and explain its purpose
function old new delta
seedrng_main 1003 1022 +19
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'util-linux')
| -rw-r--r-- | util-linux/seedrng.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/util-linux/seedrng.c b/util-linux/seedrng.c index 74bf633a7..b79ce6627 100644 --- a/util-linux/seedrng.c +++ b/util-linux/seedrng.c @@ -128,7 +128,7 @@ static void seed_rng(uint8_t *seed, size_t len, bool credit) close(random_fd); } -static void seed_from_file_if_exists(const char *filename, bool credit, sha256_ctx_t *hash) +static void seed_from_file_if_exists(const char *filename, int dfd, bool credit, sha256_ctx_t *hash) { uint8_t seed[MAX_SEED_LEN]; ssize_t seed_len; @@ -141,6 +141,16 @@ static void seed_from_file_if_exists(const char *filename, bool credit, sha256_c } xunlink(filename); if (seed_len != 0) { + /* We are going to use this data to seed the RNG: + * we believe it to genuinely containing entropy. + * If this just-unlinked file survives + * (e.g. if machine crashes _right now_) + * and we reuse it after reboot, this assumption + * would be violated. Fsync the directory to + * make sure file is gone: + */ + fsync(dfd); + sha256_hash(hash, &seed_len, sizeof(seed_len)); sha256_hash(hash, seed, seed_len); printf("Seeding %u bits %s crediting\n", @@ -193,6 +203,7 @@ int seedrng_main(int argc UNUSED_PARAM, char *argv[]) for (int i = 1; i < 3; ++i) { seed_from_file_if_exists(i == 1 ? NON_CREDITABLE_SEED_NAME : CREDITABLE_SEED_NAME, + dfd, i == 1 ? false : !skip_credit, &hash); } |