random-util: add crypto_random_bytes_allocate_iovec()

Just a simple helper that allocates some memory, initializes it randomly, and places this in a struct iovec.
2024-09-30 05:15:19 +00:00 · 2024-06-06 11:21:02 +02:00 · 2024-06-06 11:21:02 +02:00 · 4d6222b6a4
parent 3b2e99ed8c
commit 4d6222b6a4
4 changed files with 23 additions and 13 deletions
--- a/src/basic/random-util.c
+++ b/src/basic/random-util.c
@ -21,6 +21,7 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "io-util.h"
+#include "iovec-util.h"
 #include "missing_random.h"
 #include "missing_syscall.h"
 #include "missing_threads.h"
@ -164,6 +165,24 @@ int crypto_random_bytes(void *p, size_t n) {
        return loop_read_exact(fd, p, n, false);
 }

+int crypto_random_bytes_allocate_iovec(size_t n, struct iovec *ret) {
+        _cleanup_free_ void *p = NULL;
+        int r;
+
+        assert(ret);
+
+        p = malloc(MAX(n, 1U));
+        if (!p)
+                return -ENOMEM;
+
+        r = crypto_random_bytes(p, n);
+        if (r < 0)
+                return r;
+
+        *ret = IOVEC_MAKE(TAKE_PTR(p), n);
+        return 0;
+}
+
 size_t random_pool_size(void) {
        _cleanup_free_ char *s = NULL;
        int r;
--- a/src/basic/random-util.h
+++ b/src/basic/random-util.h
@ -4,9 +4,11 @@
 #include <stdbool.h>
 #include <stddef.h>
 #include <stdint.h>
+#include <sys/uio.h>

 void random_bytes(void *p, size_t n); /* Returns random bytes suitable for most uses, but may be insecure sometimes. */
 int crypto_random_bytes(void *p, size_t n); /* Returns secure random bytes after waiting for the RNG to initialize. */
+int crypto_random_bytes_allocate_iovec(size_t n, struct iovec *ret);

 static inline uint64_t random_u64(void) {
        uint64_t u;
--- a/src/shared/creds-util.c
+++ b/src/shared/creds-util.c
@ -1029,13 +1029,7 @@ int encrypt_credential_and_warn(
        if (ivsz > 0) {
                assert((size_t) ivsz <= CREDENTIAL_FIELD_SIZE_MAX);

-                iv.iov_base = malloc(ivsz);
-                if (!iv.iov_base)
-                        return log_oom();
-
-                iv.iov_len = ivsz;
-
-                r = crypto_random_bytes(iv.iov_base, iv.iov_len);
+                r = crypto_random_bytes_allocate_iovec(ivsz, &iv);
                if (r < 0)
                        return log_error_errno(r, "Failed to acquired randomized IV: %m");
        }
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@ -5309,12 +5309,7 @@ int tpm2_calculate_seal(
                /* No secret provided, generate a random secret. We use SHA256 digest length, though it can
                 * be up to TPM2_MAX_SEALED_DATA. The secret length is not limited to the nameAlg hash
                 * size. */
-                generated_secret.iov_len = TPM2_SHA256_DIGEST_SIZE;
-                generated_secret.iov_base = malloc(generated_secret.iov_len);
-                if (!generated_secret.iov_base)
-                        return log_oom_debug();
-
-                r = crypto_random_bytes(generated_secret.iov_base, generated_secret.iov_len);
+                r = crypto_random_bytes_allocate_iovec(TPM2_SHA256_DIGEST_SIZE, &generated_secret);
                if (r < 0)
                        return log_debug_errno(r, "Failed to generate secret key: %m");