On Tue, 20 Sept 2022 at 18:28, Lennart Poettering
<lennart@xxxxxxxxxxxxxx> wrote:
>
> On Mo, 19.09.22 18:09, Ard Biesheuvel (ardb@xxxxxxxxxx) wrote:
>
> Heya!
>
> Looks excellent!
>
> I was wondering though, shouldn't the memory the seed data is stored
> in be zeroed out when you dispose of it, just for safety?
>
> > + if (rng) {
> > + const int sz = EFI_RANDOM_SEED_SIZE;
> > + u8 bits[EFI_RANDOM_SEED_SIZE];
> >
> > - if (status == EFI_UNSUPPORTED)
> > - /*
> > - * Use whatever algorithm we have available if the raw algorithm
> > - * is not implemented.
> > - */
> > - status = efi_call_proto(rng, get_rng, NULL,
> > - EFI_RANDOM_SEED_SIZE, seed->bits);
> > + status = efi_call_proto(rng, get_rng, &rng_algo_raw, sz, bits);
> > + if (status == EFI_UNSUPPORTED)
> > + /*
> > + * Use whatever algorithm we have available if the raw algorithm
> > + * is not implemented.
> > + */
> > + status = efi_call_proto(rng, get_rng, NULL, sz, bits);
> >
> > + if (status == EFI_SUCCESS) {
> > + blake2s_update(&state, (void *)&sz, sizeof(sz));
> > + blake2s_update(&state, bits, sz);
> So, here, shouldn't bitſ[] be zeroed out?
>
> > - seed->size = EFI_RANDOM_SEED_SIZE;
> > + blake2s_final(&state, seed->bits);
>
> And here, shouldn't the state struct be zeroed out? (or does
> blake2s_final() do that implicitly?
>
Yes, Jason pointed that out as well. (Twice, actually :-))
> Looks excellent otherwise!
>
> Will-be-used-by: systemd
> Reviewed-by: Lennart Poettering <mzxreary@xxxxxxxxxxxx>
Thanks, much appreciated.
