diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2022-05-03 12:48:50 +0200 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2022-05-03 12:48:50 +0200 |
| commit | 67fd6be0bb925839f4e6564dba741f9889b2fac8 (patch) | |
| tree | 0a16097ac89f6fe67f6e0e3b7c4b5b60e5389138 | |
| parent | 3bfbcb5807ec43b6470bd7bb3e3ca0375ed16544 (diff) | |
| download | busybox-w32-67fd6be0bb925839f4e6564dba741f9889b2fac8.tar.gz busybox-w32-67fd6be0bb925839f4e6564dba741f9889b2fac8.tar.bz2 busybox-w32-67fd6be0bb925839f4e6564dba741f9889b2fac8.zip | |
seedrng: do not hash in a constant string, it's not adding entropy
function old new delta
seedrng_main 906 880 -26
.rodata 104899 104873 -26
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-52) Total: -52 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | miscutils/seedrng.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/miscutils/seedrng.c b/miscutils/seedrng.c index 4f2441abc..967741dc7 100644 --- a/miscutils/seedrng.c +++ b/miscutils/seedrng.c | |||
| @@ -169,7 +169,7 @@ int seedrng_main(int argc UNUSED_PARAM, char **argv) | |||
| 169 | uint8_t new_seed[MAX_SEED_LEN]; | 169 | uint8_t new_seed[MAX_SEED_LEN]; |
| 170 | size_t new_seed_len; | 170 | size_t new_seed_len; |
| 171 | bool new_seed_creditable; | 171 | bool new_seed_creditable; |
| 172 | struct timespec timestamp; | 172 | struct timespec timestamp[2]; |
| 173 | sha256_ctx_t hash; | 173 | sha256_ctx_t hash; |
| 174 | 174 | ||
| 175 | enum { | 175 | enum { |
| @@ -197,19 +197,19 @@ int seedrng_main(int argc UNUSED_PARAM, char **argv) | |||
| 197 | * Avoid concurrent runs by taking a blocking lock on the directory. | 197 | * Avoid concurrent runs by taking a blocking lock on the directory. |
| 198 | * Not checking for errors. Looking at manpage, | 198 | * Not checking for errors. Looking at manpage, |
| 199 | * ENOLCK "The kernel ran out of memory for allocating lock records" | 199 | * ENOLCK "The kernel ran out of memory for allocating lock records" |
| 200 | * seems to be the only one which is likely - and if that happens, | 200 | * seems to be the only one which is possible - and if that happens, |
| 201 | * machine is OOMing (much worse problem than inability to lock...). | 201 | * machine is OOMing (much worse problem than inability to lock...). |
| 202 | * Also, typically configured Linux machines do not fail GFP_KERNEL | 202 | * Also, typically configured Linux machines do not fail GFP_KERNEL |
| 203 | * allocations (they trigger memory reclaim instead). | 203 | * allocations (they trigger memory reclaim instead). |
| 204 | */ | 204 | */ |
| 205 | flock(dfd, LOCK_EX); /* would block while another copy runs */ | 205 | flock(dfd, LOCK_EX); /* blocks while another instance runs */ |
| 206 | 206 | ||
| 207 | sha256_begin(&hash); | 207 | sha256_begin(&hash); |
| 208 | sha256_hash(&hash, "SeedRNG v1 Old+New Prefix", 25); | 208 | //Hashing in a constant string doesn't add any entropy |
| 209 | clock_gettime(CLOCK_REALTIME, ×tamp); | 209 | // sha256_hash(&hash, "SeedRNG v1 Old+New Prefix", 25); |
| 210 | sha256_hash(&hash, ×tamp, sizeof(timestamp)); | 210 | clock_gettime(CLOCK_REALTIME, ×tamp[0]); |
| 211 | clock_gettime(CLOCK_BOOTTIME, ×tamp); | 211 | clock_gettime(CLOCK_BOOTTIME, ×tamp[1]); |
| 212 | sha256_hash(&hash, ×tamp, sizeof(timestamp)); | 212 | sha256_hash(&hash, timestamp, sizeof(timestamp)); |
| 213 | 213 | ||
| 214 | for (i = 0; i <= 1; i++) { | 214 | for (i = 0; i <= 1; i++) { |
| 215 | seed_from_file_if_exists( | 215 | seed_from_file_if_exists( |