From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 6 Jun 2024 09:21:02 +0000 (+0200)
Subject: random-util: add crypto_random_bytes_allocate_iovec()
X-Git-Tag: v257-rc1~1136
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4d6222b6a47288a84cef0dcaf43fc13825c6db69;p=thirdparty%2Fsystemd.git

random-util: add crypto_random_bytes_allocate_iovec()

Just a simple helper that allocates some memory, initializes it
randomly, and places this in a struct iovec.
---

diff --git a/src/basic/random-util.c b/src/basic/random-util.c
index c7277ad01ee..4069b290d55 100644
--- a/src/basic/random-util.c
+++ b/src/basic/random-util.c
@@ -21,6 +21,7 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "io-util.h"
+#include "iovec-util.h"
 #include "missing_random.h"
 #include "missing_syscall.h"
 #include "missing_threads.h"
@@ -164,6 +165,24 @@ int crypto_random_bytes(void *p, size_t n) {
         return loop_read_exact(fd, p, n, false);
 }
 
+int crypto_random_bytes_allocate_iovec(size_t n, struct iovec *ret) {
+        _cleanup_free_ void *p = NULL;
+        int r;
+
+        assert(ret);
+
+        p = malloc(MAX(n, 1U));
+        if (!p)
+                return -ENOMEM;
+
+        r = crypto_random_bytes(p, n);
+        if (r < 0)
+                return r;
+
+        *ret = IOVEC_MAKE(TAKE_PTR(p), n);
+        return 0;
+}
+
 size_t random_pool_size(void) {
         _cleanup_free_ char *s = NULL;
         int r;
diff --git a/src/basic/random-util.h b/src/basic/random-util.h
index b1a4d10971f..0b5ba771907 100644
--- a/src/basic/random-util.h
+++ b/src/basic/random-util.h
@@ -4,9 +4,11 @@
 #include <stdbool.h>
 #include <stddef.h>
 #include <stdint.h>
+#include <sys/uio.h>
 
 void random_bytes(void *p, size_t n); /* Returns random bytes suitable for most uses, but may be insecure sometimes. */
 int crypto_random_bytes(void *p, size_t n); /* Returns secure random bytes after waiting for the RNG to initialize. */
+int crypto_random_bytes_allocate_iovec(size_t n, struct iovec *ret);
 
 static inline uint64_t random_u64(void) {
         uint64_t u;
diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c
index e99477997a0..7015b0822c7 100644
--- a/src/shared/creds-util.c
+++ b/src/shared/creds-util.c
@@ -1029,13 +1029,7 @@ int encrypt_credential_and_warn(
         if (ivsz > 0) {
                 assert((size_t) ivsz <= CREDENTIAL_FIELD_SIZE_MAX);
 
-                iv.iov_base = malloc(ivsz);
-                if (!iv.iov_base)
-                        return log_oom();
-
-                iv.iov_len = ivsz;
-
-                r = crypto_random_bytes(iv.iov_base, iv.iov_len);
+                r = crypto_random_bytes_allocate_iovec(ivsz, &iv);
                 if (r < 0)
                         return log_error_errno(r, "Failed to acquired randomized IV: %m");
         }
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 2985ff17ac2..e60f1208dc3 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -5309,12 +5309,7 @@ int tpm2_calculate_seal(
                 /* No secret provided, generate a random secret. We use SHA256 digest length, though it can
                  * be up to TPM2_MAX_SEALED_DATA. The secret length is not limited to the nameAlg hash
                  * size. */
-                generated_secret.iov_len = TPM2_SHA256_DIGEST_SIZE;
-                generated_secret.iov_base = malloc(generated_secret.iov_len);
-                if (!generated_secret.iov_base)
-                        return log_oom_debug();
-
-                r = crypto_random_bytes(generated_secret.iov_base, generated_secret.iov_len);
+                r = crypto_random_bytes_allocate_iovec(TPM2_SHA256_DIGEST_SIZE, &generated_secret);
                 if (r < 0)
                         return log_debug_errno(r, "Failed to generate secret key: %m");