From 7417198fcf8ee28079f8d31248f677dc0ad9b741 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= Date: Sun, 2 Nov 2014 01:47:27 +0000 Subject: [PATCH] Get rid of the postrandom script. It was born in a time when the random script ran before filesystems were mounted, which is no longer the case. In random_start(), immediately delete each file that is fed into /dev/random, and recreate the default entropy file immediately after reading and deleting it. The logic used in random_stop() to determine which file to write to should probably be factored out and used here as well. --- ObsoleteFiles.inc | 2 ++ etc/rc.d/Makefile | 1 - etc/rc.d/adjkerntz | 2 +- etc/rc.d/postrandom | 41 ------------------------------------ etc/rc.d/random | 51 ++++++++++++++++++++++++++++++--------------- 5 files changed, 37 insertions(+), 60 deletions(-) delete mode 100755 etc/rc.d/postrandom diff --git a/ObsoleteFiles.inc b/ObsoleteFiles.inc index 7c8f8987f505..c8072d446059 100644 --- a/ObsoleteFiles.inc +++ b/ObsoleteFiles.inc @@ -38,6 +38,8 @@ # xargs -n1 | sort | uniq -d; # done +# 20141102: postrandom obsoleted by new /dev/random code +OLD_FILES+=etc/rc.d/postrandom # 20141031: initrandom obsoleted by new /dev/random code OLD_FILES+=etc/rc.d/initrandom # 20141028: debug files accidentally installed as directory name diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile index f42b207936e6..bfa22bfcfd09 100644 --- a/etc/rc.d/Makefile +++ b/etc/rc.d/Makefile @@ -112,7 +112,6 @@ FILES= DAEMON \ pf \ pflog \ pfsync \ - postrandom \ powerd \ power_profile \ ppp \ diff --git a/etc/rc.d/adjkerntz b/etc/rc.d/adjkerntz index 03f615946e9f..18a822012059 100755 --- a/etc/rc.d/adjkerntz +++ b/etc/rc.d/adjkerntz @@ -4,7 +4,7 @@ # # PROVIDE: adjkerntz -# REQUIRE: FILESYSTEMS postrandom +# REQUIRE: FILESYSTEMS # BEFORE: netif # KEYWORD: nojail diff --git a/etc/rc.d/postrandom b/etc/rc.d/postrandom deleted file mode 100755 index 3a608307e37f..000000000000 --- a/etc/rc.d/postrandom +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# PROVIDE: postrandom -# REQUIRE: random FILESYSTEMS -# BEFORE: LOGIN -# KEYWORD: nojail - -. /etc/rc.subr - -name="postrandom" -start_cmd="${name}_start" -stop_cmd=":" - -# This will remove old ${entropy_file} and generate a new one. -# According to Bruce Schneier, this is strongly recommended in order -# to avoid using same ${entropy_file} across reboots. -# Reference: Chapter 10.6, Practical Cryptography, ISBN: 0-471-22357-3 - -postrandom_start() -{ - /etc/rc.d/random fastsaveseed - - case ${entropy_dir} in - [Nn][Oo]) - ;; - *) - entropy_dir=${entropy_dir:-/var/db/entropy} - if [ -d "${entropy_dir}" ]; then - if [ -w /dev/random ]; then - rm -f ${entropy_dir}/* - fi - fi - ;; - esac -} - -load_rc_config random -run_rc_command "$1" diff --git a/etc/rc.d/random b/etc/rc.d/random index c7da932939fe..2420a39f97ca 100755 --- a/etc/rc.d/random +++ b/etc/rc.d/random @@ -17,41 +17,58 @@ stop_cmd="random_stop" extra_commands="saveseed" saveseed_cmd="${name}_stop" +save_dev_random() +{ + for f ; do + if :>>"$f" ; then + debug "saving entropy to $f" + dd if=/dev/random of="$f" bs=4096 count=1 2>/dev/null + fi + done +} + feed_dev_random() { - if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then - cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null - fi + for f ; do + if [ -f "$f" -a -r "$f" -a -s "$f" ] ; then + if dd if="$f" of=/dev/random bs=4096 2>/dev/null ; then + debug "entropy read from $f" + rm -f "$f" + fi + fi + done } random_start() { + echo -n 'Feeding entropy:' + + if [ ! -w /dev/random ] ; then + warn "/dev/random is not writeable" + return 1 + fi + # Reseed /dev/random with previously stored entropy. - case ${entropy_dir} in + case ${entropy_dir:=/var/db/entropy} in [Nn][Oo]) ;; *) - entropy_dir=${entropy_dir:-/var/db/entropy} - if [ -d "${entropy_dir}" ]; then - if [ -w /dev/random ]; then - for seedfile in ${entropy_dir}/*; do - feed_dev_random "${seedfile}" - done - fi + if [ -d "${entropy_dir}" ] ; then + feed_dev_random "${entropy_dir}"/* fi ;; esac - case ${entropy_file} in + case ${entropy_file:=/entropy} in [Nn][Oo] | '') ;; *) - if [ -w /dev/random ]; then - feed_dev_random "${entropy_file}" - feed_dev_random /var/db/entropy-file - fi + feed_dev_random "${entropy_file}" /var/db/entropy-file + save_dev_random "${entropy_file}" ;; esac + + echo '.' } random_stop() @@ -59,7 +76,7 @@ random_stop() # Write some entropy so when the machine reboots /dev/random # can be reseeded # - case ${entropy_file} in + case ${entropy_file:=/entropy} in [Nn][Oo] | '') ;; *)