From f864c59d0d239653ecdedf9c6c9a0642fb80dc13 Mon Sep 17 00:00:00 2001 From: Jonas 'Sortie' Termansen Date: Tue, 14 Mar 2017 23:13:47 +0100 Subject: [PATCH] Mix in fresh randomness when writing out /boot/random.seed. When entropy gathering is implemented, in the case of the installer and upgrader, the system probably won't have any entropy when it begins. By the time the system is installed, there will probably be a bit of entropy from the user using the system and general system usage, so mix in some of that. In the case of init, after an installed system has run for a while, a lot of entropy will have gotten collected, but init will have its arc4random seeded with initial boot entry, so mix in some fresh entropy, so the random seed written on shutdown remains as entropic as possible. --- init/init.c | 9 ++++++++- sysinstall/fileops.c | 9 ++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/init/init.c b/init/init.c index fa0f1d8a..4667c289 100644 --- a/init/init.c +++ b/init/init.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016 Jonas 'Sortie' Termansen. + * Copyright (c) 2011-2017 Jonas 'Sortie' Termansen. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -173,8 +173,15 @@ static void write_random_seed(void) close(fd); return; } + // Write out randomness, but mix in some fresh kernel randomness in case the + // randomness used to seed arc4random didn't have enough entropy, there may + // be more now. unsigned char buf[256]; arc4random_buf(buf, sizeof(buf)); + unsigned char newbuf[256]; + getentropy(newbuf, sizeof(newbuf)); + for ( size_t i = 0; i < 256; i++ ) + buf[i] ^= newbuf[i]; size_t done = writeall(fd, buf, sizeof(buf)); explicit_bzero(buf, sizeof(buf)); if ( done < sizeof(buf) ) diff --git a/sysinstall/fileops.c b/sysinstall/fileops.c index d18a266c..cd1ec541 100644 --- a/sysinstall/fileops.c +++ b/sysinstall/fileops.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2016 Jonas 'Sortie' Termansen. + * Copyright (c) 2015, 2016, 2017 Jonas 'Sortie' Termansen. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -114,10 +114,17 @@ void write_random_seed(const char* path) warn("chmod: %s", path); _exit(2); } + // Write out randomness, but mix in some fresh kernel randomness in case the + // randomness used to seed arc4random didn't have enough entropy, there may + // be more now. unsigned char buf[256]; arc4random_buf(buf, sizeof(buf)); + unsigned char newbuf[256]; + getentropy(newbuf, sizeof(newbuf)); size_t done = writeall(fd, buf, sizeof(buf)); explicit_bzero(buf, sizeof(buf)); + for ( size_t i = 0; i < 256; i++ ) + buf[i] ^= newbuf[i]; if ( done < sizeof(buf) ) { warn("write: %s", path);