socsvn commit: r257651 - in soc2013/def/crashdump-head: etc/defaults etc/rc.d sbin/dumpkey
def at FreeBSD.org
def at FreeBSD.org
Mon Sep 23 16:35:09 UTC 2013
Author: def
Date: Mon Sep 23 16:35:08 2013
New Revision: 257651
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=257651
Log:
Review dumpkey.
Modified:
soc2013/def/crashdump-head/etc/defaults/rc.conf
soc2013/def/crashdump-head/etc/rc.d/dumpkey
soc2013/def/crashdump-head/sbin/dumpkey/dumpkey.c
Modified: soc2013/def/crashdump-head/etc/defaults/rc.conf
==============================================================================
--- soc2013/def/crashdump-head/etc/defaults/rc.conf Mon Sep 23 16:12:11 2013 (r257650)
+++ soc2013/def/crashdump-head/etc/defaults/rc.conf Mon Sep 23 16:35:08 2013 (r257651)
@@ -606,10 +606,10 @@
chkprintcap_flags="-d" # Create missing directories by default.
dumpdev="AUTO" # Device to crashdump to (device name, AUTO, or NO).
dumpdir="/var/crash" # Directory where crash dumps are to be stored
-dumpkey_enable="YES"
-dumpkey_pub="/var/crash/.public.key"
-dumpkey_priv="/var/crash/.private.key"
-dumpkey_bits="2048"
+dumpkey_enable="YES" # Run dumpkey to generate a symmetric key.
+dumpkey_pub="/var/crash/.public.key" # Public key to encrypt a symmetric key.
+dumpkey_priv="/var/crash/.private.key" # Private key to decrypt a symmetric key.
+dumpkey_bits="2048" # RSA keys' length.
savecore_flags="-m 10" # Used if dumpdev is enabled above, and present.
# By default, only the 10 most recent kernel dumps
# are saved.
Modified: soc2013/def/crashdump-head/etc/rc.d/dumpkey
==============================================================================
--- soc2013/def/crashdump-head/etc/rc.d/dumpkey Mon Sep 23 16:12:11 2013 (r257650)
+++ soc2013/def/crashdump-head/etc/rc.d/dumpkey Mon Sep 23 16:35:08 2013 (r257651)
@@ -9,10 +9,7 @@
rcvar="dumpkey_enable"
start_cmd="dumpkey_start"
start_precmd="dumpkey_prestart"
-stop_cmd=":"
-decrypt_precmd="dumpkey_predecrypt"
-decrypt_cmd="dumpkey_decrypt"
-extra_commands="decrypt"
+stop_cmd="dumpkey_stop"
dumpkey_prestart()
{
@@ -32,21 +29,9 @@
/sbin/dumpkey -e ${dumpkey_pub}
}
-dumpkey_predecrypt()
+dumpkey_stop()
{
- if [ ! -r "${dumpkey_priv}" ]; then
- warn "The private RSA key doesn't exist. It's not possible to decrypt the symmetric key."
- return 1
- fi
-}
-
-dumpkey_decrypt()
-{
- if [ $# -gt 0 ]; then
- /usr/bin/openssl rsautl -decrypt -inkey ${dumpkey_priv} -in "$*" -out "$*-decrypted"
- else
- echo "You have to specify an encrypted symmetric key."
- fi
+ rm ${dumpdir}/*-decrypted
}
load_rc_config $name
Modified: soc2013/def/crashdump-head/sbin/dumpkey/dumpkey.c
==============================================================================
--- soc2013/def/crashdump-head/sbin/dumpkey/dumpkey.c Mon Sep 23 16:12:11 2013 (r257650)
+++ soc2013/def/crashdump-head/sbin/dumpkey/dumpkey.c Mon Sep 23 16:35:08 2013 (r257651)
@@ -40,7 +40,7 @@
}
static int
-read_data(char *buf, size_t size, char *fname)
+read_data(char *buf, size_t size, const char *fname)
{
FILE *fp;
@@ -194,8 +194,8 @@
char buf[PEFS_SECTOR_SIZE];
struct xts_ctx data_ctx, tweak_ctx;
RSA *private_key;
- int buf_used, offset;
- size_t bytes;
+ int offset;
+ size_t buf_used, bytes;
FILE *fp, *fp_w;
private_key = RSA_new();
@@ -232,8 +232,10 @@
if (buf_used == PEFS_SECTOR_SIZE || (buf_used > 0 && bytes == 0)) {
xts_block_decrypt(&xts_alg_aes, &tweak_ctx, &data_ctx, offset, tweak, 0, buf_used, buf, buf);
- if (fwrite(buf, 1, buf_used, fp_w) != buf_used)
+ if (fwrite(buf, 1, buf_used, fp_w) != buf_used) {
+ printf("Error: cannot write a decrypted core.\n");
goto out;
+ }
offset += buf_used;
buf_used = 0;
More information about the svn-soc-all
mailing list