Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 4 May 2015 17:19:42 GMT
From:      def@FreeBSD.org
To:        svn-soc-all@FreeBSD.org
Subject:   socsvn commit: r284997 - soc2013/def/crashdump-head/sbin/cryptcore
Message-ID:  <201505041719.t44HJgSl052605@socsvn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: def
Date: Mon May  4 17:19:42 2015
New Revision: 284997
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=284997

Log:
  Use arc4random_buf(3).

Modified:
  soc2013/def/crashdump-head/sbin/cryptcore/cryptcore.c

Modified: soc2013/def/crashdump-head/sbin/cryptcore/cryptcore.c
==============================================================================
--- soc2013/def/crashdump-head/sbin/cryptcore/cryptcore.c	Mon May  4 16:59:09 2015	(r284996)
+++ soc2013/def/crashdump-head/sbin/cryptcore/cryptcore.c	Mon May  4 17:19:42 2015	(r284997)
@@ -9,13 +9,12 @@
 
 #include <fcntl.h>
 #include <stdbool.h>
+#include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 
 #include <pjdlog.h>
 
-#define	CRYPTCORE_DEVRANDOM	"/dev/random"
-
 #define	CRYPTCORE_CMD_GENKEY	0x01
 #define	CRYPTCORE_CMD_DECRYPT	0x02
 
@@ -35,7 +34,7 @@
 	uint8_t ciphertext[KERNELDUMP_CIPHERTEXT_SIZE];
 	FILE *fp;
 	RSA *pubkey;
-	int err, fd, pubkeysize, size;
+	int err, pubkeysize;
 
 	PJDLOG_ASSERT(pubkeyfile != NULL);
 
@@ -43,18 +42,6 @@
 	if (pubkey == NULL)
 		pjdlog_exit(1, "Unable to allocate an RSA structure");
 
-	fd = open(CRYPTCORE_DEVRANDOM, O_RDONLY);
-	if (fd == -1)
-		pjdlog_exit(1, "Unable to open %s", CRYPTCORE_DEVRANDOM);
-	size = (int)read(fd, buf, KERNELDUMP_KEY_SIZE + KERNELDUMP_IV_SIZE);
-	err = errno;
-	close(fd);
-	if (size != KERNELDUMP_KEY_SIZE + KERNELDUMP_IV_SIZE) {
-		errno = err;
-		pjdlog_exit(1, "Unable to read data from %s",
-		    CRYPTCORE_DEVRANDOM);
-	}
-
 	fp = fopen(pubkeyfile, "r");
 	if (fp == NULL)
 		pjdlog_exit(1, "Unable to open %s", pubkeyfile);
@@ -71,6 +58,7 @@
 		    8 * KERNELDUMP_CIPHERTEXT_SIZE);
 	}
 
+	arc4random_buf(buf, sizeof(buf));
 	if (RSA_public_encrypt(KERNELDUMP_KEY_SIZE + KERNELDUMP_IV_SIZE, buf,
 	    ciphertext, pubkey, RSA_PKCS1_PADDING) != pubkeysize) {
 		pjdlog_exit(1, "Unable to encrypt the one-time key");

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201505041719.t44HJgSl052605>