[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#29725] [PATCH 2/2] services: urandom-seed: Try using a HWRNG to see
|
From: |
Ludovic Courtès |
|
Subject: |
[bug#29725] [PATCH 2/2] services: urandom-seed: Try using a HWRNG to seed the Linux CRNG at boot. |
|
Date: |
Sun, 17 Dec 2017 16:31:27 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) |
Leo Famulari <address@hidden> skribis:
> * gnu/services/base.scm (urandom-seed-shepherd-service): Try to read from
> '/dev/hwrng' at boot, as a supplement to any saved random seed.
> * doc/guix.texi (Base Services): Document the new feature.
Overall LGTM!
> + ;; Try writing from /dev/hwrng into /dev/urandom.
> + ;; It seems that the file '/dev/hwrng' always exists,
> even
> + ;; when there is no hardware random number generator
> + ;; available. So, we handle any errors caused by a failed
> + ;; read.
> + (when (file-exists? "/dev/hwrng")
> + (call-with-input-file "/dev/hwrng"
> + (lambda (hwrng)
> + (let ((buf (make-bytevector 512)))
> + (catch #t
> + (lambda ()
> + (get-bytevector-n! hwrng buf 0 512))
> + ;; Silence is golden...
> + (lambda _ (const #f)))
> + (call-with-output-file "/dev/urandom"
> + (lambda (urandom)
> + (put-bytevector urandom buf)))))))
If we fail to read from /dev/hwrng we may end up writing zeros to
/dev/urandom (because ‘buf’ is left uninitialized).
To address that, perhaps this could be formulated like this:
(let ((buf (catch 'system-error
(lambda ()
(call-with-input-file "/dev/hwrng"
(lambda (port)
(get-bytevector-n port 512))))
(const #f))))
(when buf
(call-with-output-file "/dev/urandom"
(lambda (urandom)
(put-bytevector urandom buf)))))
This also removes the need for the ‘file-exists?’ call.
WDYT?
Thanks,
Ludo’.