freebsd security - Sep 2012 - svn commit: r239598 - head/etc/rc.d

On 08/22/2012 16:37, David E. O'Brien wrote:
> Author: obrien
> Date: Wed Aug 22 23:37:24 2012
> New Revision: 239598
> URL: http://svn.freebsd.org/changeset/base/239598
> 
> Log:
>   * Reinstate r128059's consumption of our best entropy first.
>     r128060 for "hardware-supplied entropy" reversed this without
reason,
>     seems a typo.
I object to this change as well, although mostly for sentimental
reasons. :)  It's also dubious whether the static /entropy file is
really the "best" option at that point, since the "better than
nothing"
entropy at least contains some elements that have the potential to be
different at boot time.
>   * Isolate "better than nothing" implementation to a function.
We generally don't extract code that's only run once into a function,
and my stylistic preference is that we do not do that.

The attached patch simplifies the script quite a bit, and restores the
traditional order of running the "best effort" entropy first. I'm
interested in what others think about this. (Note, the patch is easier
to understand if you apply it and look at the resulting file.)

Doug
> Modified:
>   head/etc/rc.d/initrandom
> 
> Modified: head/etc/rc.d/initrandom
>
=============================================================================>
--- head/etc/rc.d/initrandom	Wed Aug 22 22:48:50 2012	(r239597)
> +++ head/etc/rc.d/initrandom	Wed Aug 22 23:37:24 2012	(r239598)
> @@ -21,6 +21,17 @@ feed_dev_random()
>  	fi
>  }
>  
> +better_than_nothing()
> +{
> +	# XXX temporary until we can improve the entropy
> +	# harvesting rate.
> +	# Entropy below is not great, but better than nothing.
> +	# This unblocks the generator at startup
> +	( ps -fauxww; sysctl -a; date; df -ib; dmesg; ps -fauxww ) \
> +	    | dd of=/dev/random bs=8k 2>/dev/null
> +	cat /bin/ls | dd of=/dev/random bs=8k 2>/dev/null
> +}
> +
>  initrandom_start()
>  {
>  	soft_random_generator=`sysctl kern.random 2>/dev/null`
> @@ -52,14 +63,6 @@ initrandom_start()
>  			fi
>  		fi
>  
> -		# XXX temporary until we can improve the entropy
> -		# harvesting rate.
> -		# Entropy below is not great, but better than nothing.
> -		# This unblocks the generator at startup
> -		( ps -fauxww; sysctl -a; date; df -ib; dmesg; ps -fauxww ) \
> -		    | dd of=/dev/random bs=8k 2>/dev/null
> -		cat /bin/ls | dd of=/dev/random bs=8k 2>/dev/null
> -
>  		# First pass at reseeding /dev/random.
>  		#
>  		case ${entropy_file} in
> @@ -72,6 +75,8 @@ initrandom_start()
>  			;;
>  		esac
>  
> +		better_than_nothing()
> +
>  		echo -n ' kickstart'
>  	fi
>  
> 

-- 

    I am only one, but I am one.  I cannot do everything, but I can do
    something.  And I will not let what I cannot do interfere with what
    I can do.
			-- Edward Everett Hale, (1822 - 1909)
-------------- next part --------------
Index: initrandom
==================================================================--- initrandom
(revision 240002)
+++ initrandom	(working copy)
@@ -1,8 +1,7 @@
 #!/bin/sh
-#
+
 # $FreeBSD$
 #
-
 # PROVIDE: initrandom
 # REQUIRE: dumpon ddb
 # BEFORE: disks
@@ -21,8 +20,11 @@
 	fi
 }
 
-better_than_nothing()
+initrandom_start()
 {
+	[ -w /dev/random ] || return
+	sysctl kern.random 2>/dev/null || return
+
 	# XXX temporary until we can improve the entropy
 	# harvesting rate.
 	# Entropy below is not great, but better than nothing.
@@ -30,54 +32,36 @@
 	( ps -fauxww; sysctl -a; date; df -ib; dmesg; ps -fauxww ) \
 	    | dd of=/dev/random bs=8k 2>/dev/null
 	cat /bin/ls | dd of=/dev/random bs=8k 2>/dev/null
-}
 
-initrandom_start()
-{
-	soft_random_generator=`sysctl kern.random 2>/dev/null`
+	case ${entropy_file} in
+	[Nn][Oo] | '')
+		;;
+	*)
+		feed_dev_random "${entropy_file}"
+		;;
+	esac
 
 	echo -n 'Entropy harvesting:'
 
-	if [ \! -z "${soft_random_generator}" ] ; then
+	if checkyesno harvest_interrupt; then
+		${SYSCTL} kern.random.sys.harvest.interrupt=1 >/dev/null
+		echo -n ' interrupts'
+	else
+		${SYSCTL} kern.random.sys.harvest.interrupt=0 >/dev/null
+	fi
 
-		if [ -w /dev/random ]; then
-			if checkyesno harvest_interrupt; then
-				${SYSCTL} kern.random.sys.harvest.interrupt=1 >/dev/null
-				echo -n ' interrupts'
-			else
-				${SYSCTL} kern.random.sys.harvest.interrupt=0 >/dev/null
-			fi
+	if checkyesno harvest_ethernet; then
+		${SYSCTL} kern.random.sys.harvest.ethernet=1 >/dev/null
+		echo -n ' ethernet'
+	else
+		${SYSCTL} kern.random.sys.harvest.ethernet=0 >/dev/null
+	fi
 
-			if checkyesno harvest_ethernet; then
-				${SYSCTL} kern.random.sys.harvest.ethernet=1 >/dev/null
-				echo -n ' ethernet'
-			else
-				${SYSCTL} kern.random.sys.harvest.ethernet=0 >/dev/null
-			fi
-
-			if checkyesno harvest_p_to_p; then
-				${SYSCTL} kern.random.sys.harvest.point_to_point=1 >/dev/null
-				echo -n ' point_to_point'
-			else
-				${SYSCTL} kern.random.sys.harvest.point_to_point=0 >/dev/null
-			fi
-		fi
-
-		# First pass at reseeding /dev/random.
-		#
-		case ${entropy_file} in
-		[Nn][Oo] | '')
-			;;
-		*)
-			if [ -w /dev/random ]; then
-				feed_dev_random "${entropy_file}"
-			fi
-			;;
-		esac
-
-		better_than_nothing
-
-		echo -n ' kickstart'
+	if checkyesno harvest_p_to_p; then
+		${SYSCTL} kern.random.sys.harvest.point_to_point=1 >/dev/null
+		echo -n ' point_to_point'
+	else
+		${SYSCTL} kern.random.sys.harvest.point_to_point=0 >/dev/null
 	fi
 
 	echo '.'

On Sun, 2012-09-02 at 15:57 -0700, Doug Barton wrote:
> The attached patch simplifies the script quite a bit, and restores the
> traditional order of running the "best effort" entropy first.
I'm
> interested in what others think about this. (Note, the patch is easier
> to understand if you apply it and look at the resulting file.) 
I have a patchset somewhere that added the ability to supply an
alternate command to generate "best effort" entropy.  The reason is
that
the existing code on an embedded system with no realtime clock hardware
generates a sequence that sometimes differs by two full bytes from one
boot to the next.  Often it's identical.  Adding insult is the fact that
the existing sequence takes about 4-5 seconds on that platform.

There just isn't much entropy available there, but I came up with a
command sequence that ran in about a second and generated more
differences on each boot.

I'm still interested in the ability to override the default best effort
generator with something else via entries in rc.conf; I'm not picky
about the mechanism for doing so.  If there's any interest, I'll try to
find that old patch I had for it (which I never submitted for fear of
starting a "that's not good enough entropy" flame war).

-- Ian

On Sun, Sep 02, 2012 at 03:57:13PM -0700, Doug Barton
wrote:
> On 08/22/2012 16:37, David E. O'Brien wrote:
> > Author: obrien
> > Date: Wed Aug 22 23:37:24 2012
> > New Revision: 239598
> > URL: http://svn.freebsd.org/changeset/base/239598
> > 
> > Log:
> >   * Reinstate r128059's consumption of our best entropy first.
> >     r128060 for "hardware-supplied entropy" reversed this
without reason,
> >     seems a typo.
> 
> I object to this change as well, although mostly for sentimental
> reasons. :)

Hi Doug,
Hope you had a good Labor Day Holiday.

I'm sorry I didn't see your messages before I committed another change
to
this file (r240108).  I had it ready to commit last Thursday night, but
didn't want to commit it before being AFK over the holiday.

> It's also dubious whether the static /entropy file is
> really the "best" option at that point, since the "better
than nothing"
> entropy at least contains some elements that have the potential to be
> different at boot time.
I may be misreading.  Are you suggesting you don't have much faith that
there is a good amount of entropy in the saved "/entropy" as produced
by
/dev/random?

> >   * Isolate "better than nothing" implementation to a
function.
> 
> We generally don't extract code that's only run once into a
function,
> and my stylistic preference is that we do not do that.
I'll go thru your messages and take a look at your diff.

I think what I committed is a better abstraction.
I think the name of the function helps drive the point that that entropy
gathering isn't all that good, and makes reading the logic flow of the
code easier to read.

-- 
-- David    (obrien@NUXI.org)