svn commit: r257919 - in projects/random_number_generator: etc/rc.d libexec/save-entropy
Mark Murray
markm at FreeBSD.org
Sun Nov 10 16:35:02 UTC 2013
Author: markm
Date: Sun Nov 10 16:35:00 2013
New Revision: 257919
URL: http://svnweb.freebsd.org/changeset/base/257919
Log:
Fix up the random(4) startup scripts and runtime entropy caching.
Modified:
projects/random_number_generator/etc/rc.d/postrandom
projects/random_number_generator/etc/rc.d/random
projects/random_number_generator/libexec/save-entropy/save-entropy.sh
Modified: projects/random_number_generator/etc/rc.d/postrandom
==============================================================================
--- projects/random_number_generator/etc/rc.d/postrandom Sun Nov 10 16:33:14 2013 (r257918)
+++ projects/random_number_generator/etc/rc.d/postrandom Sun Nov 10 16:35:00 2013 (r257919)
@@ -14,25 +14,27 @@ name="postrandom"
start_cmd="${name}_start"
stop_cmd=":"
-# This will remove old ${entropy_file} and generate a new one.
+# This will remove old entropy file.
# According to Bruce Schneier, this is strongly recommended in order
# to avoid using same ${entropy_file} across reboots.
# Reference: Chapter 10.6, Practical Cryptography, ISBN: 0-471-22357-3
postrandom_start()
{
- /etc/rc.d/random fastsaveseed
-
case ${entropy_dir} in
[Nn][Oo])
;;
*)
entropy_dir=${entropy_dir:-/var/db/entropy}
if [ -d "${entropy_dir}" ]; then
- if [ -w /dev/random ]; then
- rm -f ${entropy_dir}/*
- fi
+ rm -f ${entropy_dir}/*
+ fi
+ boot_dir=${boot_dir:-/boot}
+ if [ -d "${boot_dir}" ]; then
+ rm -f ${boot_dir}/entropy
fi
+ rm -f /entropy
+ rm -f /var/db/entropy-file
;;
esac
}
Modified: projects/random_number_generator/etc/rc.d/random
==============================================================================
--- projects/random_number_generator/etc/rc.d/random Sun Nov 10 16:33:14 2013 (r257918)
+++ projects/random_number_generator/etc/rc.d/random Sun Nov 10 16:35:00 2013 (r257919)
@@ -17,75 +17,90 @@ stop_cmd="random_stop"
extra_commands="saveseed"
saveseed_cmd="${name}_stop"
-random_start()
+random_harvest()
{
- echo -n 'Entropy harvesting:'
-
- if checkyesno harvest_interrupt; then
- ${SYSCTL} kern.random.sys.harvest.interrupt=1 >/dev/null
- echo -n ' interrupts'
- else
- ${SYSCTL} kern.random.sys.harvest.interrupt=0 >/dev/null
- fi
-
- if checkyesno harvest_ethernet; then
- ${SYSCTL} kern.random.sys.harvest.ethernet=1 >/dev/null
- echo -n ' ethernet'
- else
- ${SYSCTL} kern.random.sys.harvest.ethernet=0 >/dev/null
- fi
-
- if checkyesno harvest_p_to_p; then
- ${SYSCTL} kern.random.sys.harvest.point_to_point=1 >/dev/null
- echo -n ' point_to_point'
- else
- ${SYSCTL} kern.random.sys.harvest.point_to_point=0 >/dev/null
- fi
-
- if checkyesno harvest_swi; then
- ${SYSCTL} kern.random.sys.harvest.swi=1 >/dev/null
- echo -n ' swi'
+ tag=$1
+ source=$2
+ if checkyesno ${tag} ; then
+ setting=1
else
- ${SYSCTL} kern.random.sys.harvest.swi=0 >/dev/null
+ setting=0
fi
+ oldsetting=`${SYSCTL_N} -i kern.random.sys.harvest.${source}`
+ case ${oldsetting} in
+ 0 | 1)
+ if [ ${oldsetting} != ${setting} ] ; then
+ ${SYSCTL} kern.random.sys.harvest.${source}=${setting} >/dev/null
+ fi
+ if [ ${setting} = 1 ] ; then
+ echo -n " ${source}"
+ fi
+ ;;
+ *)
+ ;;
+ esac
+}
- echo '.'
+random_start()
+{
+ randomadaptor=`${SYSCTL_N} -i kern.random.active_adaptor`
+ case ${randomadaptor} in
+ dummy | '')
+ ;;
+ *)
+ echo -n 'Entropy harvesting:'
+ random_harvest 'harvest_interrupt' 'interrupt'
+ random_harvest 'harvest_ethernet' 'ethernet'
+ random_harvest 'harvest_p_to_p' 'point_to_point'
+ random_harvest 'harvest_swi' 'swi'
+ echo '.'
+ ;;
+ esac
}
random_stop()
{
- # Write some entropy so when the machine reboots /dev/random
- # can be reseeded
- #
- case ${entropy_file} in
- [Nn][Oo] | '')
+ randomadaptor=`${SYSCTL_N} -i kern.random.active_adaptor`
+ case ${randomadaptor} in
+ dummy | '')
+ warn 'entropy device not present; entropy not cached'
;;
*)
- echo -n 'Writing entropy file:'
- rm -f ${entropy_file} 2> /dev/null
- oumask=`umask`
- umask 077
- if touch ${entropy_file} 2> /dev/null; then
- entropy_file_confirmed="${entropy_file}"
- else
- # Try this as a reasonable alternative for read-only
- # roots, diskless workstations, etc.
- rm -f /var/db/entropy-file 2> /dev/null
- if touch /var/db/entropy-file 2> /dev/null; then
- entropy_file_confirmed=/var/db/entropy-file
- fi
- fi
- case ${entropy_file_confirmed} in
- '')
- warn 'write failed (read-only fs?)'
+ # Write some entropy so when the machine reboots /dev/random
+ # can be reseeded
+ #
+ case ${entropy_file} in
+ [Nn][Oo] | '')
;;
*)
- dd if=/dev/random of=${entropy_file_confirmed} \
- bs=4096 count=1 2> /dev/null
+ echo -n 'Writing entropy file:'
+ rm -f ${entropy_file} 2> /dev/null
+ oumask=`umask`
+ umask 077
+ if touch ${entropy_file} 2> /dev/null; then
+ entropy_file_confirmed="${entropy_file}"
+ else
+ # Try this as a reasonable alternative for read-only
+ # roots, diskless workstations, etc.
+ rm -f /var/db/entropy-file 2> /dev/null
+ if touch /var/db/entropy-file 2> /dev/null; then
+ entropy_file_confirmed=/var/db/entropy-file
+ fi
+ fi
+ case ${entropy_file_confirmed} in
+ '')
+ warn 'write failed (read-only fs?)'
+ ;;
+ *)
+ dd if=/dev/random of=${entropy_file_confirmed} \
+ bs=4096 count=1 2> /dev/null
+ echo -n ${entropy_file_confirmed}
+ ;;
+ esac
+ umask ${oumask}
echo '.'
;;
esac
- umask ${oumask}
;;
esac
}
Modified: projects/random_number_generator/libexec/save-entropy/save-entropy.sh
==============================================================================
--- projects/random_number_generator/libexec/save-entropy/save-entropy.sh Sun Nov 10 16:33:14 2013 (r257918)
+++ projects/random_number_generator/libexec/save-entropy/save-entropy.sh Sun Nov 10 16:35:00 2013 (r257919)
@@ -51,7 +51,7 @@ case ${entropy_dir} in
;;
esac
-entropy_save_sz=${entropy_save_sz:-2048}
+entropy_save_sz=${entropy_save_sz:-4096}
entropy_save_num=${entropy_save_num:-8}
if [ ! -d "${entropy_dir}" ]; then
More information about the svn-src-projects
mailing list