Commit f864c59d authored by Jonas Termansen's avatar Jonas Termansen

Mix in fresh randomness when writing out /boot/random.seed.

When entropy gathering is implemented, in the case of the installer and upgrader, the system probably won't have any entropy when it begins. By the time the system is installed, there will probably be a bit of entropy from the user using the system and general system usage, so mix in some of that. In the case of init, after an installed system has run for a while, a lot of entropy will have gotten collected, but init will have its arc4random seeded with initial boot entry, so mix in some fresh entropy, so the random seed written on shutdown remains as entropic as possible.
parent 4c2ef980
/*
* Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016 Jonas 'Sortie' Termansen.
* Copyright (c) 2011-2017 Jonas 'Sortie' Termansen.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
......@@ -173,8 +173,15 @@ static void write_random_seed(void)
close(fd);
return;
}
// Write out randomness, but mix in some fresh kernel randomness in case the
// randomness used to seed arc4random didn't have enough entropy, there may
// be more now.
unsigned char buf[256];
arc4random_buf(buf, sizeof(buf));
unsigned char newbuf[256];
getentropy(newbuf, sizeof(newbuf));
for ( size_t i = 0; i < 256; i++ )
buf[i] ^= newbuf[i];
size_t done = writeall(fd, buf, sizeof(buf));
explicit_bzero(buf, sizeof(buf));
if ( done < sizeof(buf) )
......
/*
* Copyright (c) 2015, 2016 Jonas 'Sortie' Termansen.
* Copyright (c) 2015, 2016, 2017 Jonas 'Sortie' Termansen.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
......@@ -114,10 +114,17 @@ void write_random_seed(const char* path)
warn("chmod: %s", path);
_exit(2);
}
// Write out randomness, but mix in some fresh kernel randomness in case the
// randomness used to seed arc4random didn't have enough entropy, there may
// be more now.
unsigned char buf[256];
arc4random_buf(buf, sizeof(buf));
unsigned char newbuf[256];
getentropy(newbuf, sizeof(newbuf));
size_t done = writeall(fd, buf, sizeof(buf));
explicit_bzero(buf, sizeof(buf));
for ( size_t i = 0; i < 256; i++ )
buf[i] ^= newbuf[i];
if ( done < sizeof(buf) )
{
warn("write: %s", path);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment