From nicolas@i.0x5.de  Sun Jan  2 15:47:45 2005
Return-Path: <nicolas@i.0x5.de>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B744416A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Sun,  2 Jan 2005 15:47:45 +0000 (GMT)
Received: from pc5.i.0x5.de (n.0x5.de [217.197.85.142])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7A53443D46
	for <FreeBSD-gnats-submit@freebsd.org>; Sun,  2 Jan 2005 15:47:44 +0000 (GMT)
	(envelope-from nicolas@i.0x5.de)
Received: by pc5.i.0x5.de (Postfix, from userid 1003)
	id E5CD781CA9; Sun,  2 Jan 2005 16:47:41 +0100 (CET)
Message-Id: <20050102154741.E5CD781CA9@pc5.i.0x5.de>
Date: Sun,  2 Jan 2005 16:47:41 +0100 (CET)
From: Nicolas Rachinsky <list@rachinsky.de>
Reply-To: Nicolas Rachinsky <list@rachinsky.de>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: /usr/libexec/save-entropy ignores entropy_save_sz [patch]
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         75722
>Category:       conf
>Synopsis:       [patch] /usr/libexec/save-entropy ignores entropy_save_sz
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    dougb
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 02 15:50:23 GMT 2005
>Closed-Date:    Thu Apr 14 22:02:43 GMT 2005
>Last-Modified:  Thu Apr 14 22:02:43 GMT 2005
>Originator:     Nicolas Rachinsky
>Release:        FreeBSD 4.10-RELEASE-p5 i386
>Organization:
>Environment:
System: FreeBSD pc1 5.3-RELEASE FreeBSD 5.3-RELEASE #4: Sat Jan  1 17:40:50 CET 2005     root@pc1:/usr/src/sys/i386/compile/PC1  i386


	
>Description:
/usr/libexec/save-entropy ignores entropy_save_sz from rc.conf


	
>How-To-Repeat:

change entropy_save_sz to a non default value. It will be ignored.

	
>Fix:

Apply the following patch in src/libexec/save-entropy:

--- save-entropy.sh.orig	Sun Jan  2 16:41:55 2005
+++ save-entropy.sh	Sun Jan  2 16:45:20 2005
@@ -86,7 +86,7 @@
 done
 
 dd if=/dev/random of="${entropy_dir}/saved-entropy.1" \
-    bs=2048 count=1 2> /dev/null
+    bs="${entropy_save_sz}" count=1 2> /dev/null
 
 exit 0
 
>Release-Note:
>Audit-Trail:

From: Ceri Davies <ceri@submonkey.net>
To: FreeBSD Gnats Submit <freebsd-gnats-submit@FreeBSD.org>
Cc:  
Subject: Re: conf/75722: /usr/libexec/save-entropy ignores entropy_save_sz [patch]
Date: Tue, 4 Jan 2005 13:07:32 +0000

 On Sun, Jan 02, 2005 at 04:47:41PM +0100, Nicolas Rachinsky wrote:
 
 > change entropy_save_sz to a non default value. It will be ignored.
 
 It is also ignored in /etc/rc.d/random, which the following patch
 corrects.  Unforunately, this now only saves 2048 bits by default,
 though since the entropy_save_sz variable is shared, one of them needs
 to change:
 
 Index: etc/rc.d/random
 ===================================================================
 RCS file: /home/ncvs/src/etc/rc.d/random,v
 retrieving revision 1.7
 diff -u -r1.7 random
 --- etc/rc.d/random	7 Oct 2004 13:55:26 -0000	1.7
 +++ etc/rc.d/random	4 Jan 2005 12:53:13 -0000
 @@ -80,7 +80,7 @@
  			;;
  		*)
  			dd if=/dev/random of=${entropy_file_confirmed} \
 -			   bs=4096 count=1 2> /dev/null
 +			   bs=${entropy_save_sz} count=1 2> /dev/null
  			echo '.'
  			;;
  		esac
 
 There are further problems with /etc/rc.d/random, which I will note
 here, as I am unsure of how it and save-entropy are supposed to work
 together.
 
 o  /etc/rc.d/random expects /var/db/entropy to be a file on one
    occasion, and a directory on another:
 
      31                 entropy_dir=${entropy_dir:-/var/db/entropy}
      32                 if [ -d "${entropy_dir}" ]; then
      33                         if [ -w /dev/random ]; then
      34                                 for seedfile in ${entropy_dir}/*; do
      35                                         feed_dev_random "${seedfile}"
      36                                 done
      37                         fi
      38                 fi
      39                 ;;
 
      69                         # Try this as a reasonable alternative for read-only
      70                         # roots, diskless workstations, etc.
      71                         rm -f /var/db/entropy
      72                         if touch /var/db/entropy; then
      73					entropy_file_confirmed=/var/db/entropy
      74                         fi
 
    Again, due to the variables being shared between here and
    save-entropy, I'm not sure of the appropriate fix.
 
 o  /etc/rc.d/random contains the following snippet:
 
      76                 case ${entropy_file_confirmed} in
      77                 '')
      78                         err 1 '${entropy_file_confirmed}:' \
      79                             ' entropy file write failed.'
      80                         ;;
 
    The intention here is presumably to print the failing filename, but
    it will always just print ": entropy file write failed.".
 
 Ceri
Responsible-Changed-From-To: freebsd-bugs->dougb 
Responsible-Changed-By: dougb 
Responsible-Changed-When: Sun Mar 13 11:10:50 GMT 2005 
Responsible-Changed-Why:  

I wrote this script 

http://www.freebsd.org/cgi/query-pr.cgi?pr=75722 
State-Changed-From-To: open->patched 
State-Changed-By: dougb 
State-Changed-When: Mon Apr 11 02:07:47 GMT 2005 
State-Changed-Why:  

I've applied the patch you suggested to this script. 
The problems with /etc/rc.d/random need more analysis. 

Thanks for this PR. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=75722 
State-Changed-From-To: patched->analyzed 
State-Changed-By: dougb 
State-Changed-When: Mon Apr 11 02:46:07 GMT 2005 
State-Changed-Why:  

The problems with rc.d/random have been fixed, thanks. 
The entropy_save_sz variable is not meant to be used by 
this script, the value of 4096 was chosen on purpose. 

I'll MFC these changes, and the save-entropy changes in 
about a week. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=75722 
State-Changed-From-To: analyzed->closed 
State-Changed-By: dougb 
State-Changed-When: Thu Apr 14 22:01:11 GMT 2005 
State-Changed-Why:  

All of these fixes have been MFC'ed to RELENG_5[_4]. 

Thanks again for this report.  

Doug 

http://www.freebsd.org/cgi/query-pr.cgi?pr=75722 
>Unformatted:
