On Mo, 19.09.22 18:09, Ard Biesheuvel (ardb@xxxxxxxxxx) wrote:
Heya!
Looks excellent!
I was wondering though, shouldn't the memory the seed data is stored
in be zeroed out when you dispose of it, just for safety?
> + if (rng) {
> + const int sz = EFI_RANDOM_SEED_SIZE;
> + u8 bits[EFI_RANDOM_SEED_SIZE];
>
> - if (status == EFI_UNSUPPORTED)
> - /*
> - * Use whatever algorithm we have available if the raw algorithm
> - * is not implemented.
> - */
> - status = efi_call_proto(rng, get_rng, NULL,
> - EFI_RANDOM_SEED_SIZE, seed->bits);
> + status = efi_call_proto(rng, get_rng, &rng_algo_raw, sz, bits);
> + if (status == EFI_UNSUPPORTED)
> + /*
> + * Use whatever algorithm we have available if the raw algorithm
> + * is not implemented.
> + */
> + status = efi_call_proto(rng, get_rng, NULL, sz, bits);
>
> + if (status == EFI_SUCCESS) {
> + blake2s_update(&state, (void *)&sz, sizeof(sz));
> + blake2s_update(&state, bits, sz);
So, here, shouldn't bitſ[] be zeroed out?
> - seed->size = EFI_RANDOM_SEED_SIZE;
> + blake2s_final(&state, seed->bits);
And here, shouldn't the state struct be zeroed out? (or does
blake2s_final() do that implicitly?
Looks excellent otherwise!
Will-be-used-by: systemd
Reviewed-by: Lennart Poettering <mzxreary@xxxxxxxxxxxx>
