From d8f39fb2690fb40afe1a40571213d31f019b8f29 Mon Sep 17 00:00:00 2001
From: "Eduardo Lima (Etrunko)" <etrunko@redhat.com>
Date: Fri, 18 Mar 2022 10:21:48 -0300
Subject: [PATCH 1/4] agent/random: Rename RNDRESEEDRNG to RNDRESEEDCRNG

Make this definition match the one in kernel:

https://github.com/torvalds/linux/blob/5bfc75d92efd494db37f5c4c173d3639d4772966/include/uapi/linux/random.h#L38-L39

Signed-off-by: Eduardo Lima (Etrunko) <etrunko@redhat.com>
---
 src/agent/src/random.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/agent/src/random.rs b/src/agent/src/random.rs
index 4713134a8..ec64e89c9 100644
--- a/src/agent/src/random.rs
+++ b/src/agent/src/random.rs
@@ -13,7 +13,7 @@ use tracing::instrument;
 
 pub const RNGDEV: &str = "/dev/random";
 pub const RNDADDTOENTCNT: libc::c_int = 0x40045201;
-pub const RNDRESEEDRNG: libc::c_int = 0x5207;
+pub const RNDRESEEDCRNG: libc::c_int = 0x5207;
 
 // Handle the differing ioctl(2) request types for different targets
 #[cfg(target_env = "musl")]
@@ -41,7 +41,7 @@ pub fn reseed_rng(data: &[u8]) -> Result<()> {
     };
     Errno::result(ret).map(drop)?;
 
-    let ret = unsafe { libc::ioctl(f.as_raw_fd(), RNDRESEEDRNG as IoctlRequestType, 0) };
+    let ret = unsafe { libc::ioctl(f.as_raw_fd(), RNDRESEEDCRNG as IoctlRequestType, 0) };
     Errno::result(ret).map(drop)?;
 
     Ok(())

From 39a35b693a628829de103f1a51af10facc34e363 Mon Sep 17 00:00:00 2001
From: Wainer dos Santos Moschetta <wainersm@redhat.com>
Date: Thu, 8 Apr 2021 14:34:35 -0400
Subject: [PATCH 2/4] agent: Add test to random::reseed_rng()

Introduced an unit test for the random::reseed_rng() function.

Fixes #291
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
---
 src/agent/src/random.rs | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/agent/src/random.rs b/src/agent/src/random.rs
index ec64e89c9..4e7005a35 100644
--- a/src/agent/src/random.rs
+++ b/src/agent/src/random.rs
@@ -46,3 +46,24 @@ pub fn reseed_rng(data: &[u8]) -> Result<()> {
 
     Ok(())
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::skip_if_not_root;
+    use std::fs::File;
+    use std::io::prelude::*;
+
+    #[test]
+    fn test_reseed_rng() {
+        skip_if_not_root!();
+        const POOL_SIZE: usize = 512;
+        let mut f = File::open("/dev/urandom").unwrap();
+        let mut seed = [0; POOL_SIZE];
+        let n = f.read(&mut seed).unwrap();
+        // Ensure the buffer was filled.
+        assert!(n == POOL_SIZE);
+        let ret = reseed_rng(&seed);
+        assert!(ret.is_ok());
+    }
+}

From 33c953ace4cfeb1b7670054ffb3926fddeb70f8e Mon Sep 17 00:00:00 2001
From: "Eduardo Lima (Etrunko)" <etrunko@redhat.com>
Date: Fri, 18 Mar 2022 10:22:33 -0300
Subject: [PATCH 3/4] agent: Add test_ressed_rng_not_root

Same as previous test, but does not skip if it is not running as root.

Signed-off-by: Eduardo Lima (Etrunko) <etrunko@redhat.com>
---
 src/agent/src/random.rs | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/agent/src/random.rs b/src/agent/src/random.rs
index 4e7005a35..79ee25d96 100644
--- a/src/agent/src/random.rs
+++ b/src/agent/src/random.rs
@@ -66,4 +66,20 @@ mod tests {
         let ret = reseed_rng(&seed);
         assert!(ret.is_ok());
     }
+
+    #[test]
+    fn test_reseed_rng_not_root() {
+        const POOL_SIZE: usize = 512;
+        let mut f = File::open("/dev/urandom").unwrap();
+        let mut seed = [0; POOL_SIZE];
+        let n = f.read(&mut seed).unwrap();
+        // Ensure the buffer was filled.
+        assert!(n == POOL_SIZE);
+        let ret = reseed_rng(&seed);
+        if nix::unistd::Uid::effective().is_root() {
+            assert!(ret.is_ok());
+        } else {
+            assert!(!ret.is_ok());
+        }
+    }
 }

From 1cad3a4696058d1119c54c9a23768dfac330363a Mon Sep 17 00:00:00 2001
From: "Eduardo Lima (Etrunko)" <etrunko@redhat.com>
Date: Fri, 18 Mar 2022 11:39:49 -0300
Subject: [PATCH 4/4] agent/random: Ensure data.len > 0

Also adds a test to cover this scenario

Signed-off-by: Eduardo Lima (Etrunko) <etrunko@redhat.com>
---
 src/agent/src/random.rs | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/agent/src/random.rs b/src/agent/src/random.rs
index 79ee25d96..c2506ac24 100644
--- a/src/agent/src/random.rs
+++ b/src/agent/src/random.rs
@@ -3,7 +3,7 @@
 // SPDX-License-Identifier: Apache-2.0
 //
 
-use anyhow::Result;
+use anyhow::{ensure, Result};
 use nix::errno::Errno;
 use nix::fcntl::{self, OFlag};
 use nix::sys::stat::Mode;
@@ -24,6 +24,9 @@ type IoctlRequestType = libc::c_ulong;
 #[instrument]
 pub fn reseed_rng(data: &[u8]) -> Result<()> {
     let len = data.len() as libc::c_long;
+
+    ensure!(len > 0, "missing entropy data");
+
     fs::write(RNGDEV, data)?;
 
     let f = {
@@ -82,4 +85,11 @@ mod tests {
             assert!(!ret.is_ok());
         }
     }
+
+    #[test]
+    fn test_reseed_rng_zero_data() {
+        let seed = [];
+        let ret = reseed_rng(&seed);
+        assert!(!ret.is_ok());
+    }
 }