Date: Mon, 23 Sep 2013 16:35:08 GMT From: def@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r257651 - in soc2013/def/crashdump-head: etc/defaults etc/rc.d sbin/dumpkey Message-ID: <201309231635.r8NGZ8QB015299@socsvn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: def Date: Mon Sep 23 16:35:08 2013 New Revision: 257651 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=257651 Log: Review dumpkey. Modified: soc2013/def/crashdump-head/etc/defaults/rc.conf soc2013/def/crashdump-head/etc/rc.d/dumpkey soc2013/def/crashdump-head/sbin/dumpkey/dumpkey.c Modified: soc2013/def/crashdump-head/etc/defaults/rc.conf ============================================================================== --- soc2013/def/crashdump-head/etc/defaults/rc.conf Mon Sep 23 16:12:11 2013 (r257650) +++ soc2013/def/crashdump-head/etc/defaults/rc.conf Mon Sep 23 16:35:08 2013 (r257651) @@ -606,10 +606,10 @@ chkprintcap_flags="-d" # Create missing directories by default. dumpdev="AUTO" # Device to crashdump to (device name, AUTO, or NO). dumpdir="/var/crash" # Directory where crash dumps are to be stored -dumpkey_enable="YES" -dumpkey_pub="/var/crash/.public.key" -dumpkey_priv="/var/crash/.private.key" -dumpkey_bits="2048" +dumpkey_enable="YES" # Run dumpkey to generate a symmetric key. +dumpkey_pub="/var/crash/.public.key" # Public key to encrypt a symmetric key. +dumpkey_priv="/var/crash/.private.key" # Private key to decrypt a symmetric key. +dumpkey_bits="2048" # RSA keys' length. savecore_flags="-m 10" # Used if dumpdev is enabled above, and present. # By default, only the 10 most recent kernel dumps # are saved. Modified: soc2013/def/crashdump-head/etc/rc.d/dumpkey ============================================================================== --- soc2013/def/crashdump-head/etc/rc.d/dumpkey Mon Sep 23 16:12:11 2013 (r257650) +++ soc2013/def/crashdump-head/etc/rc.d/dumpkey Mon Sep 23 16:35:08 2013 (r257651) @@ -9,10 +9,7 @@ rcvar="dumpkey_enable" start_cmd="dumpkey_start" start_precmd="dumpkey_prestart" -stop_cmd=":" -decrypt_precmd="dumpkey_predecrypt" -decrypt_cmd="dumpkey_decrypt" -extra_commands="decrypt" +stop_cmd="dumpkey_stop" dumpkey_prestart() { @@ -32,21 +29,9 @@ /sbin/dumpkey -e ${dumpkey_pub} } -dumpkey_predecrypt() +dumpkey_stop() { - if [ ! -r "${dumpkey_priv}" ]; then - warn "The private RSA key doesn't exist. It's not possible to decrypt the symmetric key." - return 1 - fi -} - -dumpkey_decrypt() -{ - if [ $# -gt 0 ]; then - /usr/bin/openssl rsautl -decrypt -inkey ${dumpkey_priv} -in "$*" -out "$*-decrypted" - else - echo "You have to specify an encrypted symmetric key." - fi + rm ${dumpdir}/*-decrypted } load_rc_config $name Modified: soc2013/def/crashdump-head/sbin/dumpkey/dumpkey.c ============================================================================== --- soc2013/def/crashdump-head/sbin/dumpkey/dumpkey.c Mon Sep 23 16:12:11 2013 (r257650) +++ soc2013/def/crashdump-head/sbin/dumpkey/dumpkey.c Mon Sep 23 16:35:08 2013 (r257651) @@ -40,7 +40,7 @@ } static int -read_data(char *buf, size_t size, char *fname) +read_data(char *buf, size_t size, const char *fname) { FILE *fp; @@ -194,8 +194,8 @@ char buf[PEFS_SECTOR_SIZE]; struct xts_ctx data_ctx, tweak_ctx; RSA *private_key; - int buf_used, offset; - size_t bytes; + int offset; + size_t buf_used, bytes; FILE *fp, *fp_w; private_key = RSA_new(); @@ -232,8 +232,10 @@ if (buf_used == PEFS_SECTOR_SIZE || (buf_used > 0 && bytes == 0)) { xts_block_decrypt(&xts_alg_aes, &tweak_ctx, &data_ctx, offset, tweak, 0, buf_used, buf, buf); - if (fwrite(buf, 1, buf_used, fp_w) != buf_used) + if (fwrite(buf, 1, buf_used, fp_w) != buf_used) { + printf("Error: cannot write a decrypted core.\n"); goto out; + } offset += buf_used; buf_used = 0;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201309231635.r8NGZ8QB015299>