Commit f864c59d authored by Jonas Termansen's avatar Jonas Termansen

Mix in fresh randomness when writing out /boot/random.seed.

When entropy gathering is implemented, in the case of the installer and
upgrader, the system probably won't have any entropy when it begins. By the
time the system is installed, there will probably be a bit of entropy from
the user using the system and general system usage, so mix in some of that.
In the case of init, after an installed system has run for a while, a lot of
entropy will have gotten collected, but init will have its arc4random seeded
with initial boot entry, so mix in some fresh entropy, so the random seed
written on shutdown remains as entropic as possible.
parent 4c2ef980
/*
* Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016 Jonas 'Sortie' Termansen.
* Copyright (c) 2011-2017 Jonas 'Sortie' Termansen.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
......@@ -173,8 +173,15 @@ static void write_random_seed(void)
close(fd);
return;
}
// Write out randomness, but mix in some fresh kernel randomness in case the
// randomness used to seed arc4random didn't have enough entropy, there may
// be more now.
unsigned char buf[256];
arc4random_buf(buf, sizeof(buf));
unsigned char newbuf[256];
getentropy(newbuf, sizeof(newbuf));
for ( size_t i = 0; i < 256; i++ )
buf[i] ^= newbuf[i];
size_t done = writeall(fd, buf, sizeof(buf));
explicit_bzero(buf, sizeof(buf));
if ( done < sizeof(buf) )
......
/*
* Copyright (c) 2015, 2016 Jonas 'Sortie' Termansen.
* Copyright (c) 2015, 2016, 2017 Jonas 'Sortie' Termansen.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
......@@ -114,10 +114,17 @@ void write_random_seed(const char* path)
warn("chmod: %s", path);
_exit(2);
}
// Write out randomness, but mix in some fresh kernel randomness in case the
// randomness used to seed arc4random didn't have enough entropy, there may
// be more now.
unsigned char buf[256];
arc4random_buf(buf, sizeof(buf));
unsigned char newbuf[256];
getentropy(newbuf, sizeof(newbuf));
size_t done = writeall(fd, buf, sizeof(buf));
explicit_bzero(buf, sizeof(buf));
for ( size_t i = 0; i < 256; i++ )
buf[i] ^= newbuf[i];
if ( done < sizeof(buf) )
{
warn("write: %s", path);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment