Date: Sat, 3 May 2014 18:12:26 +0000 (UTC) From: Mark Murray <markm@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r265284 - projects/random_number_generator/etc/rc.d Message-ID: <201405031812.s43ICQLo090526@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: markm Date: Sat May 3 18:12:26 2014 New Revision: 265284 URL: http://svnweb.freebsd.org/changeset/base/265284 Log: Strip down the startup for the more streamlined way of doing things. This may need later tweeking, but we certainly don't need the complexity of old. Most important is that the CSPRNG is now auto-unblocking; it gets good enough entropy from probing. Modified: projects/random_number_generator/etc/rc.d/postrandom projects/random_number_generator/etc/rc.d/random Modified: projects/random_number_generator/etc/rc.d/postrandom ============================================================================== --- projects/random_number_generator/etc/rc.d/postrandom Sat May 3 17:57:06 2014 (r265283) +++ projects/random_number_generator/etc/rc.d/postrandom Sat May 3 18:12:26 2014 (r265284) @@ -14,27 +14,25 @@ name="postrandom" start_cmd="${name}_start" stop_cmd=":" -# This will remove old entropy file. +# This will remove old ${entropy_file} and generate a new one. # According to Bruce Schneier, this is strongly recommended in order # to avoid using same ${entropy_file} across reboots. # Reference: Chapter 10.6, Practical Cryptography, ISBN: 0-471-22357-3 postrandom_start() { + /etc/rc.d/random fastsaveseed + case ${entropy_dir} in [Nn][Oo]) ;; *) entropy_dir=${entropy_dir:-/var/db/entropy} if [ -d "${entropy_dir}" ]; then - rm -f ${entropy_dir}/* - fi - boot_dir=${boot_dir:-/boot} - if [ -d "${boot_dir}" ]; then - rm -f ${boot_dir}/entropy + if [ -w /dev/random ]; then + rm -f ${entropy_dir}/* + fi fi - rm -f /entropy - rm -f /var/db/entropy-file ;; esac } Modified: projects/random_number_generator/etc/rc.d/random ============================================================================== --- projects/random_number_generator/etc/rc.d/random Sat May 3 17:57:06 2014 (r265283) +++ projects/random_number_generator/etc/rc.d/random Sat May 3 18:12:26 2014 (r265284) @@ -17,90 +17,77 @@ stop_cmd="random_stop" extra_commands="saveseed" saveseed_cmd="${name}_stop" -random_harvest() +feed_dev_random() { - tag=$1 - source=$2 - if checkyesno ${tag} ; then - setting=1 - else - setting=0 + if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then + cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null fi - oldsetting=`${SYSCTL_N} -i kern.random.sys.harvest.${source}` - case ${oldsetting} in - 0 | 1) - if [ ${oldsetting} != ${setting} ] ; then - ${SYSCTL} kern.random.sys.harvest.${source}=${setting} >/dev/null - fi - if [ ${setting} = 1 ] ; then - echo -n " ${source}" - fi +} + +random_start() +{ + # Reseed /dev/random with previously stored entropy. + case ${entropy_dir} in + [Nn][Oo]) ;; *) + entropy_dir=${entropy_dir:-/var/db/entropy} + if [ -d "${entropy_dir}" ]; then + if [ -w /dev/random ]; then + for seedfile in ${entropy_dir}/*; do + feed_dev_random "${seedfile}" + done + fi + fi ;; esac -} -random_start() -{ - randomadaptor=`${SYSCTL_N} -i kern.random.active_adaptor` - case ${randomadaptor} in - dummy | '') + case ${entropy_file} in + [Nn][Oo] | '') ;; *) - echo -n 'Entropy harvesting:' - random_harvest 'harvest_interrupt' 'interrupt' - random_harvest 'harvest_ethernet' 'ethernet' - random_harvest 'harvest_p_to_p' 'point_to_point' - random_harvest 'harvest_swi' 'swi' - echo '.' + if [ -w /dev/random ]; then + feed_dev_random "${entropy_file}" + feed_dev_random /var/db/entropy-file + fi ;; esac } random_stop() { - randomadaptor=`${SYSCTL_N} -i kern.random.active_adaptor` - case ${randomadaptor} in - dummy | '') - warn 'entropy device not present; entropy not cached' + # Write some entropy so when the machine reboots /dev/random + # can be reseeded + # + case ${entropy_file} in + [Nn][Oo] | '') ;; *) - # Write some entropy so when the machine reboots /dev/random - # can be reseeded - # - case ${entropy_file} in - [Nn][Oo] | '') + echo -n 'Writing entropy file:' + rm -f ${entropy_file} 2> /dev/null + oumask=`umask` + umask 077 + if touch ${entropy_file} 2> /dev/null; then + entropy_file_confirmed="${entropy_file}" + else + # Try this as a reasonable alternative for read-only + # roots, diskless workstations, etc. + rm -f /var/db/entropy-file 2> /dev/null + if touch /var/db/entropy-file 2> /dev/null; then + entropy_file_confirmed=/var/db/entropy-file + fi + fi + case ${entropy_file_confirmed} in + '') + warn 'write failed (read-only fs?)' ;; *) - echo -n 'Writing entropy file:' - rm -f ${entropy_file} 2> /dev/null - oumask=`umask` - umask 077 - if touch ${entropy_file} 2> /dev/null; then - entropy_file_confirmed="${entropy_file}" - else - # Try this as a reasonable alternative for read-only - # roots, diskless workstations, etc. - rm -f /var/db/entropy-file 2> /dev/null - if touch /var/db/entropy-file 2> /dev/null; then - entropy_file_confirmed=/var/db/entropy-file - fi - fi - case ${entropy_file_confirmed} in - '') - warn 'write failed (read-only fs?)' - ;; - *) - dd if=/dev/random of=${entropy_file_confirmed} \ - bs=4096 count=1 2> /dev/null - echo -n ${entropy_file_confirmed} - ;; - esac - umask ${oumask} + dd if=/dev/random of=${entropy_file_confirmed} \ + bs=4096 count=1 2> /dev/null echo '.' ;; esac + umask ${oumask} ;; esac }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201405031812.s43ICQLo090526>