From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 30A58158094 for ; Tue, 19 Jul 2022 17:10:33 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CBCD4E0C15; Tue, 19 Jul 2022 17:10:30 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 7A3A6E0C11 for ; Tue, 19 Jul 2022 17:10:30 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 35B11340E9D for ; Tue, 19 Jul 2022 17:10:29 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 80803540 for ; Tue, 19 Jul 2022 17:10:27 +0000 (UTC) From: "Conrad Kostecki" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Conrad Kostecki" Message-ID: <1658250526.2ba4f610a5f50a175ebb56d767d8c78aff457051.conikost@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: sys-apps/systemd/files/250.4-random-seed-hash.patch X-VCS-Directories: sys-apps/systemd/files/ X-VCS-Committer: conikost X-VCS-Committer-Name: Conrad Kostecki X-VCS-Revision: 2ba4f610a5f50a175ebb56d767d8c78aff457051 X-VCS-Branch: master Date: Tue, 19 Jul 2022 17:10:27 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: ee9d3806-7f9d-4fa9-9d16-3e18d40c8438 X-Archives-Hash: b5bcf63b5150de7b9cca1bcbbf84df6f commit: 2ba4f610a5f50a175ebb56d767d8c78aff457051 Author: Michael Mair-Keimberger levelnine at> AuthorDate: Tue Jul 19 15:30:56 2022 +0000 Commit: Conrad Kostecki gentoo org> CommitDate: Tue Jul 19 17:08:46 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ba4f610 sys-apps/systemd: remove unused patch Signed-off-by: Michael Mair-Keimberger levelnine.at> Portage 3.0.32 / pkgdev 0.2.1 / pkgcheck 0.10.11 Closes: https://github.com/gentoo/gentoo/pull/26477 Signed-off-by: Conrad Kostecki gentoo.org> .../systemd/files/250.4-random-seed-hash.patch | 74 ---------------------- 1 file changed, 74 deletions(-) diff --git a/sys-apps/systemd/files/250.4-random-seed-hash.patch b/sys-apps/systemd/files/250.4-random-seed-hash.patch deleted file mode 100644 index efaa8cdfcaac..000000000000 --- a/sys-apps/systemd/files/250.4-random-seed-hash.patch +++ /dev/null @@ -1,74 +0,0 @@ -https://github.com/systemd/systemd-stable/commit/ed46ff2bd6ca21d83cae4a94c3ed752ad1b64cce - -From: "Jason A. Donenfeld" -Date: Mon, 3 Jan 2022 18:11:32 +0100 -Subject: [PATCH] random-seed: hash together old seed and new seed before - writing out file - -If we're consuming an on-disk seed, we usually write out a new one after -consuming it. In that case, we might be at early boot and the randomness -could be rather poor, and the kernel doesn't guarantee that it'll use -the new randomness right away for us. In order to prevent the new -entropy from getting any worse, hash together the old seed and the new -seed, and replace the final bytes of the new seed with the hash output. -This way, entropy strictly increases and never regresses. - -(cherry picked from commit da2862ef06f22fc8d31dafced6d2d6dc14f2ee0b) ---- a/src/random-seed/random-seed.c -+++ b/src/random-seed/random-seed.c -@@ -26,6 +26,7 @@ - #include "random-util.h" - #include "string-util.h" - #include "sync-util.h" -+#include "sha256.h" - #include "util.h" - #include "xattr-util.h" - -@@ -106,9 +107,11 @@ static int run(int argc, char *argv[]) { - _cleanup_close_ int seed_fd = -1, random_fd = -1; - bool read_seed_file, write_seed_file, synchronous; - _cleanup_free_ void* buf = NULL; -+ struct sha256_ctx hash_state; -+ uint8_t hash[32]; - size_t buf_size; - struct stat st; -- ssize_t k; -+ ssize_t k, l; - int r; - - log_setup(); -@@ -242,6 +245,16 @@ static int run(int argc, char *argv[]) { - if (r < 0) - log_error_errno(r, "Failed to write seed to /dev/urandom: %m"); - } -+ /* If we're going to later write out a seed file, initialize a hash state with -+ * the contents of the seed file we just read, so that the new one can't regress -+ * in entropy. */ -+ if (write_seed_file) { -+ sha256_init_ctx(&hash_state); -+ if (k < 0) -+ k = 0; -+ sha256_process_bytes(&k, sizeof(k), &hash_state); -+ sha256_process_bytes(buf, k, &hash_state); -+ } - } - - if (write_seed_file) { -@@ -277,6 +290,17 @@ static int run(int argc, char *argv[]) { - "Got EOF while reading from /dev/urandom."); - } - -+ /* If we previously read in a seed file, then hash the new seed into the old one, -+ * and replace the last 32 bytes of the seed with the hash output, so that the -+ * new seed file can't regress in entropy. */ -+ if (read_seed_file) { -+ sha256_process_bytes(&k, sizeof(k), &hash_state); -+ sha256_process_bytes(buf, k, &hash_state); -+ sha256_finish_ctx(&hash_state, hash); -+ l = MIN(k, 32); -+ memcpy((uint8_t *)buf + k - l, hash, l); -+ } -+ - r = loop_write(seed_fd, buf, (size_t) k, false); - if (r < 0) - return log_error_errno(r, "Failed to write new random seed file: %m");