summaryrefslogtreecommitdiffstats
path: root/src/firstboot
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2018-11-07 19:04:04 +0100
committerLennart Poettering <lennart@poettering.net>2018-11-08 09:44:27 +0100
commit68534345b8af31e8df3d45cf21a832a42af52996 (patch)
tree5cf5830af039c20b6ab7869410dd93754e996478 /src/firstboot
parentrandom-util: change high_quality_required bool parameter into a flags parameter (diff)
downloadsystemd-68534345b8af31e8df3d45cf21a832a42af52996.tar.xz
systemd-68534345b8af31e8df3d45cf21a832a42af52996.zip
random-util: optionally enable blocking getrandom() behaviour
When generating the salt for the firstboot password logic, let's use getrandom() blocking mode, and insist in the very best entropy.
Diffstat (limited to 'src/firstboot')
-rw-r--r--src/firstboot/firstboot.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c
index ee267dcd7f..d8b5893f76 100644
--- a/src/firstboot/firstboot.c
+++ b/src/firstboot/firstboot.c
@@ -647,7 +647,8 @@ static int process_root_password(void) {
if (!arg_root_password)
return 0;
- r = genuine_random_bytes(raw, 16, 0);
+ /* Insist on the best randomness by setting RANDOM_BLOCK, this is about keeping passwords secret after all. */
+ r = genuine_random_bytes(raw, 16, RANDOM_BLOCK);
if (r < 0)
return log_error_errno(r, "Failed to get salt: %m");