From 67fd6be0bb925839f4e6564dba741f9889b2fac8 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Tue, 3 May 2022 12:48:50 +0200 Subject: seedrng: do not hash in a constant string, it's not adding entropy function old new delta seedrng_main 906 880 -26 .rodata 104899 104873 -26 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-52) Total: -52 bytes Signed-off-by: Denys Vlasenko --- miscutils/seedrng.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'miscutils') diff --git a/miscutils/seedrng.c b/miscutils/seedrng.c index 4f2441a..967741d 100644 --- a/miscutils/seedrng.c +++ b/miscutils/seedrng.c @@ -169,7 +169,7 @@ int seedrng_main(int argc UNUSED_PARAM, char **argv) uint8_t new_seed[MAX_SEED_LEN]; size_t new_seed_len; bool new_seed_creditable; - struct timespec timestamp; + struct timespec timestamp[2]; sha256_ctx_t hash; enum { @@ -197,19 +197,19 @@ int seedrng_main(int argc UNUSED_PARAM, char **argv) * Avoid concurrent runs by taking a blocking lock on the directory. * Not checking for errors. Looking at manpage, * ENOLCK "The kernel ran out of memory for allocating lock records" - * seems to be the only one which is likely - and if that happens, + * seems to be the only one which is possible - and if that happens, * machine is OOMing (much worse problem than inability to lock...). * Also, typically configured Linux machines do not fail GFP_KERNEL * allocations (they trigger memory reclaim instead). */ - flock(dfd, LOCK_EX); /* would block while another copy runs */ + flock(dfd, LOCK_EX); /* blocks while another instance runs */ sha256_begin(&hash); - sha256_hash(&hash, "SeedRNG v1 Old+New Prefix", 25); - clock_gettime(CLOCK_REALTIME, ×tamp); - sha256_hash(&hash, ×tamp, sizeof(timestamp)); - clock_gettime(CLOCK_BOOTTIME, ×tamp); - sha256_hash(&hash, ×tamp, sizeof(timestamp)); +//Hashing in a constant string doesn't add any entropy +// sha256_hash(&hash, "SeedRNG v1 Old+New Prefix", 25); + clock_gettime(CLOCK_REALTIME, ×tamp[0]); + clock_gettime(CLOCK_BOOTTIME, ×tamp[1]); + sha256_hash(&hash, timestamp, sizeof(timestamp)); for (i = 0; i <= 1; i++) { seed_from_file_if_exists( -- cgit v1.1