[PATCH v7 6/7] common: password: make use of get_crypto_bytes

Oleksij Rempel o.rempel at pengutronix.de
Wed Mar 22 01:43:05 PDT 2017


get_random_bytes is providing prng, if we have HWRNG we should be
able to use it over get_crypto_bytes

Signed-off-by: Oleksij Rempel <o.rempel at pengutronix.de>
---
 common/password.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/common/password.c b/common/password.c
index d52b746f0..74d328f4b 100644
--- a/common/password.c
+++ b/common/password.c
@@ -365,7 +365,11 @@ int set_env_passwd(unsigned char* passwd, size_t length)
 		char *salt = passwd_sum;
 		int keylen = PBKDF2_LENGTH - PBKDF2_SALT_LEN;
 
-		get_random_bytes(passwd_sum, PBKDF2_SALT_LEN);
+		ret = get_crypto_bytes(passwd_sum, PBKDF2_SALT_LEN);
+		if (ret) {
+			pr_err("Can't get random numbers\n");
+			return ret;
+		}
 
 		ret = pkcs5_pbkdf2_hmac_sha1(passwd, length, salt,
 				PBKDF2_SALT_LEN, PBKDF2_COUNT, keylen, key);
-- 
2.11.0




More information about the barebox mailing list