On Mon, Sep 03, 2012 at 01:31:20AM +0100, RW wrote:
> I see that in CURRENT the order is reversed, but it's still repeating
> the same problem of saturating the buffers. Now most of of the
> low-grade entropy is going to be lost include the date, which in almost
> all cases would have eliminated any problem with a reused entropy file.
Given the limited buffer space we have, I'm not sure what else we could
do. Artifically delay the better_than_nothing()? That seems too fragile
and hackish.
Arthur wanted to commit this:
--- initrandom 2012-09-05 13:38:13.000000000 -0700
+++ initrandom,amesh 2012-08-22 16:54:03.000000000 -0700
@@ -18,6 +18,8 @@ feed_dev_random()
{
if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then
cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null
+ else
+ return 1
fi
}
@@ -72,16 +69,16 @@ initrandom_start()
#
case ${entropy_file} in
[Nn][Oo] | '')
+ better_than_nothing
;;
*)
if [ -w /dev/random ]; then
- feed_dev_random "${entropy_file}"
+ feed_dev_random "${entropy_file}" \
+ || better_than_nothing
fi
;;
esac
- better_than_nothing
-
echo -n ' kickstart'
fi
to reduce what could be the useless better_than_nothing() run.
--
-- David ([email protected])
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
