From owner-svn-src-projects@FreeBSD.ORG  Sat May  3 18:12:27 2014
Return-Path: <owner-svn-src-projects@FreeBSD.ORG>
Delivered-To: svn-src-projects@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 52802BAA;
 Sat,  3 May 2014 18:12:27 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 336CB161E;
 Sat,  3 May 2014 18:12:27 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s43ICRRY090528;
 Sat, 3 May 2014 18:12:27 GMT (envelope-from markm@svn.freebsd.org)
Received: (from markm@localhost)
 by svn.freebsd.org (8.14.8/8.14.8/Submit) id s43ICQLo090526;
 Sat, 3 May 2014 18:12:26 GMT (envelope-from markm@svn.freebsd.org)
Message-Id: <201405031812.s43ICQLo090526@svn.freebsd.org>
From: Mark Murray <markm@FreeBSD.org>
Date: Sat, 3 May 2014 18:12:26 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject: svn commit: r265284 - projects/random_number_generator/etc/rc.d
X-SVN-Group: projects
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
 tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 03 May 2014 18:12:27 -0000

Author: markm
Date: Sat May  3 18:12:26 2014
New Revision: 265284
URL: http://svnweb.freebsd.org/changeset/base/265284

Log:
  Strip down the startup for the more streamlined way of doing things.
  This may need later tweeking, but we certainly don't need the
  complexity of old.
  
  Most important is that the CSPRNG is now auto-unblocking; it gets
  good enough entropy from probing.

Modified:
  projects/random_number_generator/etc/rc.d/postrandom
  projects/random_number_generator/etc/rc.d/random

Modified: projects/random_number_generator/etc/rc.d/postrandom
==============================================================================
--- projects/random_number_generator/etc/rc.d/postrandom	Sat May  3 17:57:06 2014	(r265283)
+++ projects/random_number_generator/etc/rc.d/postrandom	Sat May  3 18:12:26 2014	(r265284)
@@ -14,27 +14,25 @@ name="postrandom"
 start_cmd="${name}_start"
 stop_cmd=":"
 
-# This will remove old entropy file.
+# This will remove old ${entropy_file} and generate a new one.
 # According to Bruce Schneier, this is strongly recommended in order
 # to avoid using same ${entropy_file} across reboots.
 # Reference: Chapter 10.6, Practical Cryptography, ISBN: 0-471-22357-3
 
 postrandom_start()
 {
+	/etc/rc.d/random fastsaveseed
+
 	case ${entropy_dir} in
 	[Nn][Oo])
 		;;
 	*)
 		entropy_dir=${entropy_dir:-/var/db/entropy}
 		if [ -d "${entropy_dir}" ]; then
-			rm -f ${entropy_dir}/*
-		fi
-		boot_dir=${boot_dir:-/boot}
-		if [ -d "${boot_dir}" ]; then
-			rm -f ${boot_dir}/entropy
+			if [ -w /dev/random ]; then
+				rm -f ${entropy_dir}/*
+			fi
 		fi
-		rm -f /entropy
-		rm -f /var/db/entropy-file
 		;;
 	esac
 }

Modified: projects/random_number_generator/etc/rc.d/random
==============================================================================
--- projects/random_number_generator/etc/rc.d/random	Sat May  3 17:57:06 2014	(r265283)
+++ projects/random_number_generator/etc/rc.d/random	Sat May  3 18:12:26 2014	(r265284)
@@ -17,90 +17,77 @@ stop_cmd="random_stop"
 extra_commands="saveseed"
 saveseed_cmd="${name}_stop"
 
-random_harvest()
+feed_dev_random()
 {
-	tag=$1
-	source=$2
-	if checkyesno ${tag} ; then
-		setting=1
-	else
-		setting=0
+	if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then
+		cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null
 	fi
-	oldsetting=`${SYSCTL_N} -i kern.random.sys.harvest.${source}`
-	case ${oldsetting} in
-	0 | 1)
-		if [ ${oldsetting} != ${setting} ] ; then
-			${SYSCTL} kern.random.sys.harvest.${source}=${setting} >/dev/null
-		fi
-		if [ ${setting} = 1 ] ; then
-			echo -n " ${source}"
-		fi
+}
+
+random_start()
+{
+	# Reseed /dev/random with previously stored entropy.
+	case ${entropy_dir} in
+	[Nn][Oo])
 		;;
 	*)
+		entropy_dir=${entropy_dir:-/var/db/entropy}
+		if [ -d "${entropy_dir}" ]; then
+			if [ -w /dev/random ]; then
+				for seedfile in ${entropy_dir}/*; do
+					feed_dev_random "${seedfile}"
+				done
+			fi
+		fi
 		;;
 	esac
-}
 
-random_start()
-{
-	randomadaptor=`${SYSCTL_N} -i kern.random.active_adaptor`
-	case ${randomadaptor} in
-	dummy | '')
+	case ${entropy_file} in
+	[Nn][Oo] | '')
 		;;
 	*)
-		echo -n 'Entropy harvesting:'
-		random_harvest 'harvest_interrupt' 'interrupt'
-		random_harvest 'harvest_ethernet' 'ethernet'
-		random_harvest 'harvest_p_to_p' 'point_to_point'
-		random_harvest 'harvest_swi' 'swi'
-		echo '.'
+		if [ -w /dev/random ]; then
+			feed_dev_random "${entropy_file}"
+			feed_dev_random /var/db/entropy-file
+		fi
 		;;
 	esac
 }
 
 random_stop()
 {
-	randomadaptor=`${SYSCTL_N} -i kern.random.active_adaptor`
-	case ${randomadaptor} in
-	dummy | '')
-		warn 'entropy device not present; entropy not cached'
+	# Write some entropy so when the machine reboots /dev/random
+	# can be reseeded
+	#
+	case ${entropy_file} in
+	[Nn][Oo] | '')
 		;;
 	*)
-		# Write some entropy so when the machine reboots /dev/random
-		# can be reseeded
-		#
-		case ${entropy_file} in
-		[Nn][Oo] | '')
+		echo -n 'Writing entropy file:'
+		rm -f ${entropy_file} 2> /dev/null
+		oumask=`umask`
+		umask 077
+		if touch ${entropy_file} 2> /dev/null; then
+			entropy_file_confirmed="${entropy_file}"
+		else
+			# Try this as a reasonable alternative for read-only
+			# roots, diskless workstations, etc.
+			rm -f /var/db/entropy-file 2> /dev/null
+			if touch /var/db/entropy-file 2> /dev/null; then
+				entropy_file_confirmed=/var/db/entropy-file
+			fi
+		fi
+		case ${entropy_file_confirmed} in
+		'')
+			warn 'write failed (read-only fs?)'
 			;;
 		*)
-			echo -n 'Writing entropy file:'
-			rm -f ${entropy_file} 2> /dev/null
-			oumask=`umask`
-			umask 077
-			if touch ${entropy_file} 2> /dev/null; then
-				entropy_file_confirmed="${entropy_file}"
-			else
-				# Try this as a reasonable alternative for read-only
-				# roots, diskless workstations, etc.
-				rm -f /var/db/entropy-file 2> /dev/null
-				if touch /var/db/entropy-file 2> /dev/null; then
-					entropy_file_confirmed=/var/db/entropy-file
-				fi
-			fi
-			case ${entropy_file_confirmed} in
-			'')
-				warn 'write failed (read-only fs?)'
-				;;
-			*)
-				dd if=/dev/random of=${entropy_file_confirmed} \
-			   	bs=4096 count=1 2> /dev/null
-				echo -n ${entropy_file_confirmed}
-				;;
-			esac
-			umask ${oumask}
+			dd if=/dev/random of=${entropy_file_confirmed} \
+			   bs=4096 count=1 2> /dev/null
 			echo '.'
 			;;
 		esac
+		umask ${oumask}
 		;;
 	esac
 }