}
int random_write_entropy(int fd, const void *seed, size_t size, bool credit) {
+ _cleanup_close_ int opened_fd = -1;
int r;
- assert(fd >= 0);
- assert(seed && size > 0);
+ assert(seed || size == 0);
+
+ if (size == 0)
+ return 0;
+
+ if (fd < 0) {
+ opened_fd = open("/dev/urandom", O_WRONLY|O_CLOEXEC|O_NOCTTY);
+ if (opened_fd < 0)
+ return -errno;
+
+ fd = opened_fd;
+ }
if (credit) {
_cleanup_free_ struct rand_pool_info *info = NULL;
return r;
}
- return 0;
+ return 1;
}
int efi_take_random_seed(void) {
_cleanup_free_ void *value = NULL;
- _cleanup_close_ int random_fd = -1;
size_t size;
int r;
if (size == 0)
return log_warning_errno(SYNTHETIC_ERRNO(EINVAL), "Random seed passed from boot loader has zero size? Ignoring.");
- random_fd = open("/dev/urandom", O_WRONLY|O_CLOEXEC|O_NOCTTY);
- if (random_fd < 0)
- return log_warning_errno(errno, "Failed to open /dev/urandom for writing, ignoring: %m");
-
/* Before we use the seed, let's mark it as used, so that we never credit it twice. Also, it's a nice
* way to let users known that we successfully acquired entropy from the boot laoder. */
r = touch("/run/systemd/efi-random-seed-taken");
if (r < 0)
return log_warning_errno(r, "Unable to mark EFI random seed as used, not using it: %m");
- r = random_write_entropy(random_fd, value, size, true);
+ r = random_write_entropy(-1, value, size, true);
if (r < 0)
return log_warning_errno(errno, "Failed to credit entropy, ignoring: %m");
}
static void cmdline_take_random_seed(void) {
- _cleanup_close_ int random_fd = -1;
size_t suggested;
int r;
log_warning("Random seed specified on kernel command line has size %zu, but %zu bytes required to fill entropy pool.",
arg_random_seed_size, suggested);
- random_fd = open("/dev/urandom", O_WRONLY|O_CLOEXEC|O_NOCTTY);
- if (random_fd < 0) {
- log_warning_errno(errno, "Failed to open /dev/urandom for writing, ignoring: %m");
- return;
- }
-
- r = random_write_entropy(random_fd, arg_random_seed, arg_random_seed_size, true);
+ r = random_write_entropy(-1, arg_random_seed, arg_random_seed_size, true);
if (r < 0) {
log_warning_errno(r, "Failed to credit entropy specified on kernel command line, ignoring: %m");
return;
CK_SESSION_HANDLE session) {
_cleanup_free_ void *buffer = NULL;
- _cleanup_close_ int fd = -1;
size_t rps;
CK_RV rv;
int r;
return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
"Failed to generate RNG data on security token: %s", p11_kit_strerror(rv));
- fd = open("/dev/urandom", O_WRONLY|O_CLOEXEC|O_NOCTTY);
- if (fd < 0)
- return log_debug_errno(errno, "Failed to open /dev/urandom for writing: %m");
-
- r = loop_write(fd, buffer, rps, false);
+ r = random_write_entropy(-1, buffer, rps, false);
if (r < 0)
return log_debug_errno(r, "Failed to write PKCS#11 acquired random data to /dev/urandom: %m");