svn commit: r265284 - projects/random_number_generator/etc/rc.d

Mark Murray markm at FreeBSD.org
Sat May 3 18:12:27 UTC 2014 

Author: markm
Date: Sat May  3 18:12:26 2014
New Revision: 265284
URL: http://svnweb.freebsd.org/changeset/base/265284

Log:
  Strip down the startup for the more streamlined way of doing things.
  This may need later tweeking, but we certainly don't need the
  complexity of old.
  
  Most important is that the CSPRNG is now auto-unblocking; it gets
  good enough entropy from probing.

Modified:
  projects/random_number_generator/etc/rc.d/postrandom
  projects/random_number_generator/etc/rc.d/random

Modified: projects/random_number_generator/etc/rc.d/postrandom
==============================================================================
--- projects/random_number_generator/etc/rc.d/postrandom	Sat May  3 17:57:06 2014	(r265283)
+++ projects/random_number_generator/etc/rc.d/postrandom	Sat May  3 18:12:26 2014	(r265284)
@@ -14,27 +14,25 @@ name="postrandom"
 start_cmd="${name}_start"
 stop_cmd=":"
 
-# This will remove old entropy file.
+# This will remove old ${entropy_file} and generate a new one.
 # According to Bruce Schneier, this is strongly recommended in order
 # to avoid using same ${entropy_file} across reboots.
 # Reference: Chapter 10.6, Practical Cryptography, ISBN: 0-471-22357-3
 
 postrandom_start()
 {
+	/etc/rc.d/random fastsaveseed
+
 	case ${entropy_dir} in
 	[Nn][Oo])
 		;;
 	*)
 		entropy_dir=${entropy_dir:-/var/db/entropy}
 		if [ -d "${entropy_dir}" ]; then
-			rm -f ${entropy_dir}/*
-		fi
-		boot_dir=${boot_dir:-/boot}
-		if [ -d "${boot_dir}" ]; then
-			rm -f ${boot_dir}/entropy
+			if [ -w /dev/random ]; then
+				rm -f ${entropy_dir}/*
+			fi
 		fi
-		rm -f /entropy
-		rm -f /var/db/entropy-file
 		;;
 	esac
 }

Modified: projects/random_number_generator/etc/rc.d/random
==============================================================================
--- projects/random_number_generator/etc/rc.d/random	Sat May  3 17:57:06 2014	(r265283)
+++ projects/random_number_generator/etc/rc.d/random	Sat May  3 18:12:26 2014	(r265284)
@@ -17,90 +17,77 @@ stop_cmd="random_stop"
 extra_commands="saveseed"
 saveseed_cmd="${name}_stop"
 
-random_harvest()
+feed_dev_random()
 {
-	tag=$1
-	source=$2
-	if checkyesno ${tag} ; then
-		setting=1
-	else
-		setting=0
+	if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then
+		cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null
 	fi
-	oldsetting=`${SYSCTL_N} -i kern.random.sys.harvest.${source}`
-	case ${oldsetting} in
-	0 | 1)
-		if [ ${oldsetting} != ${setting} ] ; then
-			${SYSCTL} kern.random.sys.harvest.${source}=${setting} >/dev/null
-		fi
-		if [ ${setting} = 1 ] ; then
-			echo -n " ${source}"
-		fi
+}
+
+random_start()
+{
+	# Reseed /dev/random with previously stored entropy.
+	case ${entropy_dir} in
+	[Nn][Oo])
 		;;
 	*)
+		entropy_dir=${entropy_dir:-/var/db/entropy}
+		if [ -d "${entropy_dir}" ]; then
+			if [ -w /dev/random ]; then
+				for seedfile in ${entropy_dir}/*; do
+					feed_dev_random "${seedfile}"
+				done
+			fi
+		fi
 		;;
 	esac
-}
 
-random_start()
-{
-	randomadaptor=`${SYSCTL_N} -i kern.random.active_adaptor`
-	case ${randomadaptor} in
-	dummy | '')
+	case ${entropy_file} in
+	[Nn][Oo] | '')
 		;;
 	*)
-		echo -n 'Entropy harvesting:'
-		random_harvest 'harvest_interrupt' 'interrupt'
-		random_harvest 'harvest_ethernet' 'ethernet'
-		random_harvest 'harvest_p_to_p' 'point_to_point'
-		random_harvest 'harvest_swi' 'swi'
-		echo '.'
+		if [ -w /dev/random ]; then
+			feed_dev_random "${entropy_file}"
+			feed_dev_random /var/db/entropy-file
+		fi
 		;;
 	esac
 }
 
 random_stop()
 {
-	randomadaptor=`${SYSCTL_N} -i kern.random.active_adaptor`
-	case ${randomadaptor} in
-	dummy | '')
-		warn 'entropy device not present; entropy not cached'
+	# Write some entropy so when the machine reboots /dev/random
+	# can be reseeded
+	#
+	case ${entropy_file} in
+	[Nn][Oo] | '')
 		;;
 	*)
-		# Write some entropy so when the machine reboots /dev/random
-		# can be reseeded
-		#
-		case ${entropy_file} in
-		[Nn][Oo] | '')
+		echo -n 'Writing entropy file:'
+		rm -f ${entropy_file} 2> /dev/null
+		oumask=`umask`
+		umask 077
+		if touch ${entropy_file} 2> /dev/null; then
+			entropy_file_confirmed="${entropy_file}"
+		else
+			# Try this as a reasonable alternative for read-only
+			# roots, diskless workstations, etc.
+			rm -f /var/db/entropy-file 2> /dev/null
+			if touch /var/db/entropy-file 2> /dev/null; then
+				entropy_file_confirmed=/var/db/entropy-file
+			fi
+		fi
+		case ${entropy_file_confirmed} in
+		'')
+			warn 'write failed (read-only fs?)'
 			;;
 		*)
-			echo -n 'Writing entropy file:'
-			rm -f ${entropy_file} 2> /dev/null
-			oumask=`umask`
-			umask 077
-			if touch ${entropy_file} 2> /dev/null; then
-				entropy_file_confirmed="${entropy_file}"
-			else
-				# Try this as a reasonable alternative for read-only
-				# roots, diskless workstations, etc.
-				rm -f /var/db/entropy-file 2> /dev/null
-				if touch /var/db/entropy-file 2> /dev/null; then
-					entropy_file_confirmed=/var/db/entropy-file
-				fi
-			fi
-			case ${entropy_file_confirmed} in
-			'')
-				warn 'write failed (read-only fs?)'
-				;;
-			*)
-				dd if=/dev/random of=${entropy_file_confirmed} \
-			   	bs=4096 count=1 2> /dev/null
-				echo -n ${entropy_file_confirmed}
-				;;
-			esac
-			umask ${oumask}
+			dd if=/dev/random of=${entropy_file_confirmed} \
+			   bs=4096 count=1 2> /dev/null
 			echo '.'
 			;;
 		esac
+		umask ${oumask}
 		;;
 	esac
 }

More information about the svn-src-projects mailing list