diff options
author | Lennart Poettering <lennart@poettering.net> | 2018-11-07 19:04:04 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2018-11-08 09:44:27 +0100 |
commit | 68534345b8af31e8df3d45cf21a832a42af52996 (patch) | |
tree | 5cf5830af039c20b6ab7869410dd93754e996478 /src/firstboot | |
parent | random-util: change high_quality_required bool parameter into a flags parameter (diff) | |
download | systemd-68534345b8af31e8df3d45cf21a832a42af52996.tar.xz systemd-68534345b8af31e8df3d45cf21a832a42af52996.zip |
random-util: optionally enable blocking getrandom() behaviour
When generating the salt for the firstboot password logic, let's use
getrandom() blocking mode, and insist in the very best entropy.
Diffstat (limited to 'src/firstboot')
-rw-r--r-- | src/firstboot/firstboot.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c index ee267dcd7f..d8b5893f76 100644 --- a/src/firstboot/firstboot.c +++ b/src/firstboot/firstboot.c @@ -647,7 +647,8 @@ static int process_root_password(void) { if (!arg_root_password) return 0; - r = genuine_random_bytes(raw, 16, 0); + /* Insist on the best randomness by setting RANDOM_BLOCK, this is about keeping passwords secret after all. */ + r = genuine_random_bytes(raw, 16, RANDOM_BLOCK); if (r < 0) return log_error_errno(r, "Failed to get salt: %m"); |