get_random_bytes is providing prng, if we have HWRNG we should be
able to use it over get_crypto_bytes
Signed-off-by: Oleksij Rempel <o.rempel@xxxxxxxxxxxxxx>
---
common/password.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/common/password.c b/common/password.c
index d52b746f0..74d328f4b 100644
--- a/common/password.c
+++ b/common/password.c
@@ -365,7 +365,11 @@ int set_env_passwd(unsigned char* passwd, size_t length)
char *salt = passwd_sum;
int keylen = PBKDF2_LENGTH - PBKDF2_SALT_LEN;
- get_random_bytes(passwd_sum, PBKDF2_SALT_LEN);
+ ret = get_crypto_bytes(passwd_sum, PBKDF2_SALT_LEN);
+ if (ret) {
+ pr_err("Can't get random numbers\n");
+ return ret;
+ }
ret = pkcs5_pbkdf2_hmac_sha1(passwd, length, salt,
PBKDF2_SALT_LEN, PBKDF2_COUNT, keylen, key);
--
2.11.0
_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox
