diff options
| -rw-r--r-- | src/basic/random-util.c | 17 | ||||
| -rw-r--r-- | src/core/efi-random.c | 7 | ||||
| -rw-r--r-- | src/core/main.c | 9 | ||||
| -rw-r--r-- | src/shared/pkcs11-util.c | 7 |
4 files changed, 17 insertions, 23 deletions
diff --git a/src/basic/random-util.c b/src/basic/random-util.c index c8c34a2034..c831f06dac 100644 --- a/src/basic/random-util.c +++ b/src/basic/random-util.c @@ -452,10 +452,21 @@ size_t random_pool_size(void) { } int random_write_entropy(int fd, const void *seed, size_t size, bool credit) { + _cleanup_close_ int opened_fd = -1; int r; - assert(fd >= 0); - assert(seed && size > 0); + assert(seed || size == 0); + + if (size == 0) + return 0; + + if (fd < 0) { + opened_fd = open("/dev/urandom", O_WRONLY|O_CLOEXEC|O_NOCTTY); + if (opened_fd < 0) + return -errno; + + fd = opened_fd; + } if (credit) { _cleanup_free_ struct rand_pool_info *info = NULL; @@ -481,5 +492,5 @@ int random_write_entropy(int fd, const void *seed, size_t size, bool credit) { return r; } - return 0; + return 1; } diff --git a/src/core/efi-random.c b/src/core/efi-random.c index 2bc74fab98..94e138b35b 100644 --- a/src/core/efi-random.c +++ b/src/core/efi-random.c @@ -43,7 +43,6 @@ static void lock_down_efi_variables(void) { int efi_take_random_seed(void) { _cleanup_free_ void *value = NULL; - _cleanup_close_ int random_fd = -1; size_t size; int r; @@ -77,17 +76,13 @@ int efi_take_random_seed(void) { if (size == 0) return log_warning_errno(SYNTHETIC_ERRNO(EINVAL), "Random seed passed from boot loader has zero size? Ignoring."); - random_fd = open("/dev/urandom", O_WRONLY|O_CLOEXEC|O_NOCTTY); - if (random_fd < 0) - return log_warning_errno(errno, "Failed to open /dev/urandom for writing, ignoring: %m"); - /* Before we use the seed, let's mark it as used, so that we never credit it twice. Also, it's a nice * way to let users known that we successfully acquired entropy from the boot laoder. */ r = touch("/run/systemd/efi-random-seed-taken"); if (r < 0) return log_warning_errno(r, "Unable to mark EFI random seed as used, not using it: %m"); - r = random_write_entropy(random_fd, value, size, true); + r = random_write_entropy(-1, value, size, true); if (r < 0) return log_warning_errno(errno, "Failed to credit entropy, ignoring: %m"); diff --git a/src/core/main.c b/src/core/main.c index 9cb6afcd82..ef4d03750f 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1605,7 +1605,6 @@ static void apply_clock_update(void) { } static void cmdline_take_random_seed(void) { - _cleanup_close_ int random_fd = -1; size_t suggested; int r; @@ -1622,13 +1621,7 @@ static void cmdline_take_random_seed(void) { log_warning("Random seed specified on kernel command line has size %zu, but %zu bytes required to fill entropy pool.", arg_random_seed_size, suggested); - random_fd = open("/dev/urandom", O_WRONLY|O_CLOEXEC|O_NOCTTY); - if (random_fd < 0) { - log_warning_errno(errno, "Failed to open /dev/urandom for writing, ignoring: %m"); - return; - } - - r = random_write_entropy(random_fd, arg_random_seed, arg_random_seed_size, true); + r = random_write_entropy(-1, arg_random_seed, arg_random_seed_size, true); if (r < 0) { log_warning_errno(r, "Failed to credit entropy specified on kernel command line, ignoring: %m"); return; diff --git a/src/shared/pkcs11-util.c b/src/shared/pkcs11-util.c index e74f0be260..078a86ec32 100644 --- a/src/shared/pkcs11-util.c +++ b/src/shared/pkcs11-util.c @@ -671,7 +671,6 @@ int pkcs11_token_acquire_rng( CK_SESSION_HANDLE session) { _cleanup_free_ void *buffer = NULL; - _cleanup_close_ int fd = -1; size_t rps; CK_RV rv; int r; @@ -696,11 +695,7 @@ int pkcs11_token_acquire_rng( return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Failed to generate RNG data on security token: %s", p11_kit_strerror(rv)); - fd = open("/dev/urandom", O_WRONLY|O_CLOEXEC|O_NOCTTY); - if (fd < 0) - return log_debug_errno(errno, "Failed to open /dev/urandom for writing: %m"); - - r = loop_write(fd, buffer, rps, false); + r = random_write_entropy(-1, buffer, rps, false); if (r < 0) return log_debug_errno(r, "Failed to write PKCS#11 acquired random data to /dev/urandom: %m"); |