From 67a5cf76750f7e164a05f52db33c5832828e9d9b Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Wed, 3 Aug 2022 12:24:49 +0200 Subject: [PATCH] core: block to get good random bytes for "/var/lib/NetworkManager/secret_key" _host_id_read() is the only place where we really care to have good random numbers, because that is the secret key that we persist to disk. Previously, we tried only nm_random_get_bytes_full(), which is a best effort to get strong random numbers. If it fails to generate those, it would simply remember the generated key in memory and proceed, but not persist it to disk. nm_random_get_bytes_full() does not block waiting for good numbers. Change that. Now, first call nm_random_get_crypto_bytes(), which would block and try hard to get good random numbers. Only if that fails, fallback to nm_random_get_bytes_full() as before. The difference is of course only in early boot, when we might not yet have entropy. In that case, I think it's better for NetworkManager to block. --- src/core/nm-core-utils.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/core/nm-core-utils.c b/src/core/nm-core-utils.c index fb85d75a8b..480e9b28f0 100644 --- a/src/core/nm-core-utils.c +++ b/src/core/nm-core-utils.c @@ -2814,7 +2814,10 @@ _host_id_read(guint8 **out_host_id, gsize *out_host_id_len) int base64_save = 0; gsize len; - nm_random_get_bytes_full(rnd_buf, sizeof(rnd_buf), &success); + if (nm_random_get_crypto_bytes(rnd_buf, sizeof(rnd_buf)) < 0) + nm_random_get_bytes_full(rnd_buf, sizeof(rnd_buf), &success); + else + success = TRUE; /* Our key is really binary data. But since we anyway generate a random seed * (with 32 random bytes), don't write it in binary, but instead create