From 81bc4533aa1d7d81472c1d8d9f697ba2a9c9cbf9 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Sat, 5 Oct 2019 22:03:06 +0200 Subject: services: urandom-seed: Credit the entropy added to the PRNG. Partly fixes . Reported by Marius Bakke . * gnu/services/base.scm (urandom-seed-shepherd-service): In 'start' method, add calls to 'add-to-entropy-count'. --- gnu/services/base.scm | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 25716ef152..f7e90e26b7 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -573,7 +573,13 @@ (define (urandom-seed-shepherd-service _) (lambda (seed) (call-with-output-file "/dev/urandom" (lambda (urandom) - (dump-port seed urandom)))))) + (dump-port seed urandom) + + ;; Writing SEED to URANDOM isn't enough: we must + ;; also tell the kernel to account for these + ;; extra bits of entropy. + (let ((bits (* 8 (stat:size (stat seed))))) + (add-to-entropy-count urandom bits))))))) ;; Try writing from /dev/hwrng into /dev/urandom. ;; It seems that the file /dev/hwrng always exists, even @@ -590,7 +596,9 @@ (define (urandom-seed-shepherd-service _) (when buf (call-with-output-file "/dev/urandom" (lambda (urandom) - (put-bytevector urandom buf))))) + (put-bytevector urandom buf) + (let ((bits (* 8 (bytevector-length buf)))) + (add-to-entropy-count urandom bits)))))) ;; Immediately refresh the seed in case the system doesn't ;; shut down cleanly. -- cgit v1.2.3