Index: Makefile.inc =================================================================== RCS file: /cvsroot/src/usr.sbin/sysinst/Makefile.inc,v retrieving revision 1.37 diff -u -r1.37 Makefile.inc --- Makefile.inc 4 Nov 2020 14:29:40 -0000 1.37 +++ Makefile.inc 13 Nov 2020 00:12:33 -0000 @@ -48,7 +48,6 @@ .endif .if ${CHECK_ENTROPY:Uyes} != "no" -MENUS_MI+= menus.entropy CPPFLAGS+= -DCHECK_ENTROPY=1 .endif Index: install.c =================================================================== RCS file: /cvsroot/src/usr.sbin/sysinst/install.c,v retrieving revision 1.20 diff -u -r1.20 install.c --- install.c 4 Nov 2020 14:29:40 -0000 1.20 +++ install.c 13 Nov 2020 00:12:33 -0000 @@ -164,7 +164,7 @@ #ifndef DEBUG msg_display(MSG_installusure); - if (!ask_noyes(NULL)) + if (!ask_yesno(NULL)) return; #endif Index: menus.entropy =================================================================== RCS file: menus.entropy diff -N menus.entropy --- menus.entropy 4 Nov 2020 14:29:40 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,131 +0,0 @@ -/* $NetBSD: menus.entropy,v 1.1 2020/11/04 14:29:40 martin Exp $ */ - -/*- - * Copyright (c) 2003 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by David Laight. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/* Menu system definitions -- entropy setup */ - -/* arg is an int*, returning a magic value for the selected menu option */ -menu not_enough_entropy, title MSG_not_enough_entropy, y=-1, no box, clear, - exit, exitstring MSG_abort_installation; - option MSG_entropy_add_manually, exit, - action { *((int*)arg) = 1; }; - option MSG_entropy_download_seed, exit, - action { *((int*)arg) = 2; }; - option MSG_entropy_download_raw, exit, - action { *((int*)arg) = 3; }; - option MSG_entropy_retry, exit, - action { *((int*)arg) = 4; }; - - -/* arg is an int*, returning a magic value for the selected menu option */ -menu entropy_select_file, title MSG_entropy_select_file, y=-5, box, - exit, exitstring MSG_cancel; - option MSG_entropy_add_download_http, exit, - action { *((int*)arg) = 1; }; - option MSG_entropy_add_download_ftp, exit, - action { *((int*)arg) = 2; }; - option MSG_entropy_add_nfs, exit, - action { *((int*)arg) = 3; }; - option MSG_entropy_add_local, exit, - action { *((int*)arg) = 4; }; - - -/* arg is an int*, set to SET_RETRY when the menu is aborted */ -menu entropy_nfssource, y=-5, x=0, w=70, no box, no clear, - exitstring MSG_load_entropy; - option {src_legend(menu, MSG_Host, nfs_host);}, - action { src_prompt(MSG_Host, nfs_host, sizeof nfs_host); }; - option {src_legend(menu, MSG_Base_dir, nfs_dir);}, - action { src_prompt(MSG_Base_dir, nfs_dir, sizeof nfs_dir); }; - option {src_legend(menu, MSG_entropy_file, entropy_file);}, - action { src_prompt(MSG_set_entropy_file, entropy_file, sizeof entropy_file); }; - option MSG_cancel, exit, - action { *((int*)arg) = SET_RETRY; }; - - -/* arg is an arg_rv*, pointing to a struct ftpinfo and a return value */ -menu entropy_ftpsource, y=-4, x=0, w=70, no box, no clear, - exitstring MSG_download_entropy; - option {src_legend(menu, MSG_Host, - ((struct ftpinfo*)((arg_rv*)arg)->arg)->xfer_host[ - ((struct ftpinfo*)((arg_rv*)arg)->arg)->xfer]);}, - action { struct ftpinfo *fpi = (struct ftpinfo*)((arg_rv*)arg)->arg; - src_prompt(MSG_Host, fpi->xfer_host[fpi->xfer], - sizeof fpi->xfer_host[fpi->xfer]); }; - option {src_legend(menu, MSG_entropy_path_and_file, entropy_file);}, - action { src_prompt(MSG_entropy_path_and_file, - entropy_file, sizeof entropy_file); }; - option {src_legend(menu, MSG_User, - ((struct ftpinfo*)((arg_rv*)arg)->arg)->user);}, - action { struct ftpinfo *fpi = (struct ftpinfo*)((arg_rv*)arg)->arg; - src_prompt(MSG_User, fpi->user, sizeof fpi->user); - fpi->pass[0] = 0; - }; - option {src_legend(menu, MSG_Password, - strcmp(((struct ftpinfo*)((arg_rv*)arg)->arg)->user, - "ftp") == 0 || - ((struct ftpinfo*)((arg_rv*)arg)->arg)->pass[0] == 0 - ? ((struct ftpinfo*)((arg_rv*)arg)->arg)->pass - : msg_string(MSG_hidden));}, - action { struct ftpinfo *fpi = (struct ftpinfo*)((arg_rv*)arg)->arg; - if (strcmp(fpi->user, "ftp") == 0) - src_prompt(MSG_email, fpi->pass, sizeof fpi->pass); - else { - msg_prompt_noecho(MSG_Password, "", - fpi->pass, sizeof fpi->pass); - } - }; - option {src_legend(menu, MSG_Proxy, - ((struct ftpinfo*)((arg_rv*)arg)->arg)->proxy);}, - action { struct ftpinfo *fpi = (struct ftpinfo*)((arg_rv*)arg)->arg; - src_prompt(MSG_Proxy, fpi->proxy, sizeof fpi->proxy); - if (strcmp(fpi->proxy, "") == 0) { - unsetenv("ftp_proxy"); - unsetenv("http_proxy"); - } else { - setenv("ftp_proxy", fpi->proxy, 1); - setenv("http_proxy", fpi->proxy, 1); - } - }; - option MSG_cancel, exit, action { ((arg_rv*)arg)->rv = SET_RETRY; }; - - -/* arg is an int*, set to SET_RETRY when the menu is aborted */ -menu entropy_localfs, y=-4, x=0, w=70, no box, no clear, - exitstring MSG_load_entropy; - display action { msg_display(MSG_entropy_localfs); }; - option {src_legend(menu, MSG_Device, localfs_dev);}, - action { src_prompt(MSG_dev, localfs_dev, sizeof localfs_dev);}; - option {src_legend(menu, MSG_File_system, localfs_fs);}, - action { src_prompt(MSG_filesys, localfs_fs, sizeof localfs_fs); }; - option {src_legend(menu, MSG_entropy_path_and_file, entropy_file);}, - action { src_prompt(MSG_entropy_path_and_file, entropy_file, sizeof entropy_file);}; - option MSG_cancel, exit, action { *((int*)arg) = SET_RETRY; }; - Index: msg.entropy.de =================================================================== RCS file: /cvsroot/src/usr.sbin/sysinst/msg.entropy.de,v retrieving revision 1.2 diff -u -r1.2 msg.entropy.de --- msg.entropy.de 6 Nov 2020 12:23:10 -0000 1.2 +++ msg.entropy.de 13 Nov 2020 00:12:33 -0000 @@ -26,102 +26,13 @@ * POSSIBILITY OF SUCH DAMAGE. */ -message not_enough_entropy -{Dieses System scheint nicht über einen Pseudo-Zufallszahlengenerator -zu verfügen. Für das Erzeugen von kryptografisch sicheren Schlüsseldateien -(z.B. ssh host keys) ist nicht genug Entropie verfügbar. - -Am einfachsten generieren Sie Zufallsdaten auf einem anderen Computer -und laden sie in dieser Installation. Alternativ können Sie auch -manuell Zufallsdaten eingeben. - -Falls Sie einen USB Zufallsgenerator besitzen, verbinden Sie diesen -jetzt und wählen dann die Option "Erneut testen".} - -message entropy_add_manually {Manuelle Zufallseingabe} -message entropy_download_raw {Zufallsdaten laden} -message entropy_download_seed {NetBSD Entropie-Datei laden} -message entropy_retry {Erneut testen} - message entropy_enter_manual1 -{Geben Sie bitte mehrere Zeilen zufällige Zeichen ein, -in denen genug Entropie enthalten sein sollte, die 256 Münzwürfen, -100 Würfen mit einem sechsseitigen Würfel oder 64 zufälligen hexadezimalen -Zeichen entspricht.} +{Couldn't find a hardware random number generator, or a big enough seed. +We can still provide secure random numbers if a small random seed is +provided.} message entropy_enter_manual2 -{Falls Sie Daten von einem anderen System per Kopieren & Einfügen in dieses -Installationsprogramm übertragen können, können Sie die Ausgabe des -folgenden Kommandos (auf einem System dessen Entropie Sie vertrauen) -verwenden:} +{Supply input to be used as a random seed:} -message entropy_enter_manual3 -{Benutzen Sie nicht die gleiche Eingabe für mehrere Installationen. -Beenden Sie die Eingabe mit einer leeren Zeile.} - message entropy_manual_not_enough {Sie haben nicht genug Zeichen eingegeben!} - -message entropy_select_file -{Wählen Sie auf welche Art Sie die Zufallsdaten auf diesen Computer -übertragen wollen:} - -message entropy_add_download_ftp -{Download per ftp} - -message entropy_add_download_http -{Download per http} - -message entropy_add_nfs -{Von einer NFS Freigabe laden} - -message download_entropy -{Download starten} - -message entropy_add_local -{Von einem lokalen Dateisystem laden (z.B. USB)} - -message entropy_file -{Pfad/Datei} - -message load_entropy -{Zufallsdatei laden} - -message set_entropy_file -{Pfad der Zuffalsdatei} - -/* Called with: Example - * $0 = content of file NetBSD entropy seed file - */ -message entropy_via_nfs -{Wählen Sie Server, Freigabe und Dateipfad von dem die $0 geladen werden kann.} - -/* Called with: Example - * $0 = content of file NetBSD entropy seed file - */ -message entropy_via_download -{Da derzeit auf diesem System nicht genug Entropie vorhanden ist, sind alle -kryptographischen Operation durch replay-Attacken angreifbar. -Verwenden Sie nur lokale vertrauenswürdige Netzwerke.} - -message entropy_data -{Binärdatei mit Zuffallsdaten} - -message entropy_data_hdr -{Auf einem System mit kryptographisch starkem Zufallszahlengenerator -können Sie zufällige Binärdaten z.B. so erzeugen:} - -message entropy_seed -{NetBSD entropy Datei} - -message entropy_seed_hdr -{Auf einem NetBSD System mit kryptographisch starkem Zufallszahlengenerator -können Sie einen Entropie-Schnappschuss folgendermaßen erstellen:} - -message entropy_path_and_file -{Pfad und Dateiname} - -message entropy_localfs -{Geben Sie das noch nicht gemountete lokale Gerät und dessen entsprechendes -Verzeichnis an, in dem die Zufallsdatei zu finden ist.} - Index: msg.entropy.en =================================================================== RCS file: /cvsroot/src/usr.sbin/sysinst/msg.entropy.en,v retrieving revision 1.2 diff -u -r1.2 msg.entropy.en --- msg.entropy.en 6 Nov 2020 12:23:10 -0000 1.2 +++ msg.entropy.en 13 Nov 2020 00:12:33 -0000 @@ -26,99 +26,13 @@ * POSSIBILITY OF SUCH DAMAGE. */ -message not_enough_entropy -{This system seems to lack a cryptographically strong pseudo random -number generator. There is not enough entropy available to create secure -keys (e.g. ssh host keys). - -You may use random data generated on another computer and load it -here, or you could enter random characters manually. - -If you own a USB random number device, connect it now and select -the "Re-test" option.} - -message entropy_add_manually {Manual input of random data} -message entropy_download_raw {Load random data} -message entropy_download_seed {Import a NetBSD entropy file} -message entropy_retry {Re-test} - message entropy_enter_manual1 -{Enter random characters.} +{Couldn't find a hardware random number generator, or a big enough seed. +We can still provide secure random numbers if a small random seed is +provided.} message entropy_enter_manual2 -{They should contain at last 256 bits of randomness, as in 256 coin -tosses, 100 throws of a 6-sided die, 64 random hexadecimal digits, or -(if you are able to copy & paste output from another machine into this -installer) the output from running the following command on another -machine whose randomness you trust:} - -message entropy_enter_manual3 -{Do not use the same data for multiple installations. -Terminate the input with an empty line.} +{Supply input to be used as a random seed:} message entropy_manual_not_enough {You did not enter enough characters!} - -message entropy_select_file -{Please select how you want to transfer the random data file -to this machine:} - -message entropy_add_download_ftp -{Download via ftp} - -message entropy_add_download_http -{Download via http} - -message download_entropy -{Start download} - -message entropy_add_nfs -{Load from a NFS share} - -message entropy_add_local -{Load from a local file system (e.g. a USB device)} - -message entropy_file -{Path/file} - -message load_entropy -{Load random data} - -message set_entropy_file -{Random data file path} - -/* Called with: Example - * $0 = content of file NetBSD entropy seed file - */ -message entropy_via_nfs -{Select a server, a share and the file path to load the $0.} - -/* Called with: Example - * $0 = content of file NetBSD entropy seed file - */ -message entropy_via_download -{Since not enough entropy is available on this system, all crytographic -operations are suspect to replay attacks. -Please only use trustworthy local networks.} - -message entropy_data -{random data binary file} - -message entropy_data_hdr -{On a system with cryptographically strong pseudo random number generator -you can create a file with random binary data like this:} - -message entropy_seed -{NetBSD entropy seed file} - -message entropy_seed_hdr -{On a NetBSD system with cryptographically strong pseudo random number -generator you can create an entropy snapshot like this:} - -message entropy_path_and_file -{Path and filename} - -message entropy_localfs -{Enter the unmounted local device and directory on that device where -the random data is located.} - Index: msg.entropy.es =================================================================== RCS file: /cvsroot/src/usr.sbin/sysinst/msg.entropy.es,v retrieving revision 1.2 diff -u -r1.2 msg.entropy.es --- msg.entropy.es 6 Nov 2020 12:23:10 -0000 1.2 +++ msg.entropy.es 13 Nov 2020 00:12:33 -0000 @@ -1,4 +1,4 @@ -/* $NetBSD: msg.entropy.es,v 1.2 2020/11/06 12:23:10 martin Exp $ */ +/* $NetBSD: msg.entropy.en,v 1.2 2020/11/06 12:23:10 martin Exp $ */ /* * Copyright (c) 2020 The NetBSD Foundation, Inc. @@ -26,99 +26,13 @@ * POSSIBILITY OF SUCH DAMAGE. */ -message not_enough_entropy -{This system seems to lack a cryptographically strong pseudo random -number generator. There is not enough entropy available to create secure -keys (e.g. ssh host keys). - -You may use random data generated on another computer and load it -here, or you could enter random characters manually. - -If you own a USB random number device, connect it now and select -the "Re-test" option.} - -message entropy_add_manually {Manual input of random data} -message entropy_download_raw {Load random data} -message entropy_download_seed {Import a NetBSD entropy file} -message entropy_retry {Re-test} - message entropy_enter_manual1 -{Enter random characters.} +{Couldn't find a hardware random number generator, or a big enough seed. +We can still provide secure random numbers if a small random seed is +provided.} message entropy_enter_manual2 -{They should contain at last 256 bits of randomness, as in 256 coin -tosses, 100 throws of a 6-sided die, 64 random hexadecimal digits, or -(if you are able to copy & paste output from another machine into this -installer) the output from running the following command on another -machine whose randomness you trust:} - -message entropy_enter_manual3 -{Do not use the same data for multiple installations. -Terminate the input with an empty line.} +{Supply input to be used as a random seed:} message entropy_manual_not_enough {You did not enter enough characters!} - -message entropy_select_file -{Please select how you want to transfer the random data file -to this machine:} - -message entropy_add_download_ftp -{Download via ftp} - -message entropy_add_download_http -{Download via http} - -message download_entropy -{Start download} - -message entropy_add_nfs -{Load from a NFS share} - -message entropy_add_local -{Laod from a local file system (e.g. a USB device)} - -message entropy_file -{Path/file} - -message load_entropy -{Load random data} - -message set_entropy_file -{Random data file path} - -/* Called with: Example - * $0 = content of file NetBSD entropy seed file - */ -message entropy_via_nfs -{Select a server, a share and the file path to load the $0.} - -/* Called with: Example - * $0 = content of file NetBSD entropy seed file - */ -message entropy_via_download -{Since not enough entropy is available on this system, all crytographic -operations are suspect to replay attacks. -Please only use trustworthy local networks.} - -message entropy_data -{random data binary file} - -message entropy_data_hdr -{On a system with cryptographically strong pseudo random number generator -you can create a file with random binary data like this:} - -message entropy_seed -{NetBSD entropy seed file} - -message entropy_seed_hdr -{On a NetBSD system with cryptographically strong pseudo random number -generator you can create an entropy snapshot like this:} - -message entropy_path_and_file -{Path and filename} - -message entropy_localfs -{Enter the unmounted local device and directory on that device where -the random data is located.} - Index: msg.entropy.fr =================================================================== RCS file: /cvsroot/src/usr.sbin/sysinst/msg.entropy.fr,v retrieving revision 1.2 diff -u -r1.2 msg.entropy.fr --- msg.entropy.fr 6 Nov 2020 12:23:10 -0000 1.2 +++ msg.entropy.fr 13 Nov 2020 00:12:33 -0000 @@ -1,4 +1,4 @@ -/* $NetBSD: msg.entropy.fr,v 1.2 2020/11/06 12:23:10 martin Exp $ */ +/* $NetBSD: msg.entropy.en,v 1.2 2020/11/06 12:23:10 martin Exp $ */ /* * Copyright (c) 2020 The NetBSD Foundation, Inc. @@ -26,99 +26,13 @@ * POSSIBILITY OF SUCH DAMAGE. */ -message not_enough_entropy -{This system seems to lack a cryptographically strong pseudo random -number generator. There is not enough entropy available to create secure -keys (e.g. ssh host keys). - -You may use random data generated on another computer and load it -here, or you could enter random characters manually. - -If you own a USB random number device, connect it now and select -the "Re-test" option.} - -message entropy_add_manually {Manual input of random data} -message entropy_download_raw {Load random data} -message entropy_download_seed {Import a NetBSD entropy file} -message entropy_retry {Re-test} - message entropy_enter_manual1 -{Enter random characters.} +{Couldn't find a hardware random number generator, or a big enough seed. +We can still provide secure random numbers if a small random seed is +provided.} message entropy_enter_manual2 -{They should contain at last 256 bits of randomness, as in 256 coin -tosses, 100 throws of a 6-sided die, 64 random hexadecimal digits, or -(if you are able to copy & paste output from another machine into this -installer) the output from running the following command on another -machine whose randomness you trust:} - -message entropy_enter_manual3 -{Do not use the same data for multiple installations. -Terminate the input with an empty line.} +{Supply input to be used as a random seed:} message entropy_manual_not_enough {You did not enter enough characters!} - -message entropy_select_file -{Please select how you want to transfer the random data file -to this machine:} - -message entropy_add_download_ftp -{Download via ftp} - -message entropy_add_download_http -{Download via http} - -message download_entropy -{Start download} - -message entropy_add_nfs -{Load from a NFS share} - -message entropy_add_local -{Load from a local file system (e.g. a USB device)} - -message entropy_file -{Path/file} - -message load_entropy -{Load random data} - -message set_entropy_file -{Random data file path} - -/* Called with: Example - * $0 = content of file NetBSD entropy seed file - */ -message entropy_via_nfs -{Select a server, a share and the file path to load the $0.} - -/* Called with: Example - * $0 = content of file NetBSD entropy seed file - */ -message entropy_via_download -{Since not enough entropy is available on this system, all crytographic -operations are suspect to replay attacks. -Please only use trustworthy local networks.} - -message entropy_data -{random data binary file} - -message entropy_data_hdr -{On a system with cryptographically strong pseudo random number generator -you can create a file with random binary data like this:} - -message entropy_seed -{NetBSD entropy seed file} - -message entropy_seed_hdr -{On a NetBSD system with cryptographically strong pseudo random number -generator you can create an entropy snapshot like this:} - -message entropy_path_and_file -{Path and filename} - -message entropy_localfs -{Enter the unmounted local device and directory on that device where -the random data is located.} - Index: msg.entropy.pl =================================================================== RCS file: /cvsroot/src/usr.sbin/sysinst/msg.entropy.pl,v retrieving revision 1.2 diff -u -r1.2 msg.entropy.pl --- msg.entropy.pl 6 Nov 2020 12:23:10 -0000 1.2 +++ msg.entropy.pl 13 Nov 2020 00:12:33 -0000 @@ -1,4 +1,4 @@ -/* $NetBSD: msg.entropy.pl,v 1.2 2020/11/06 12:23:10 martin Exp $ */ +/* $NetBSD: msg.entropy.en,v 1.2 2020/11/06 12:23:10 martin Exp $ */ /* * Copyright (c) 2020 The NetBSD Foundation, Inc. @@ -26,99 +26,13 @@ * POSSIBILITY OF SUCH DAMAGE. */ -message not_enough_entropy -{This system seems to lack a cryptographically strong pseudo random -number generator. There is not enough entropy available to create secure -keys (e.g. ssh host keys). - -You may use random data generated on another computer and load it -here, or you could enter random characters manually. - -If you own a USB random number device, connect it now and select -the "Re-test" option.} - -message entropy_add_manually {Manual input of random data} -message entropy_download_raw {Load random data} -message entropy_download_seed {Import a NetBSD entropy file} -message entropy_retry {Re-test} - message entropy_enter_manual1 -{Enter random characters.} +{Couldn't find a hardware random number generator, or a big enough seed. +We can still provide secure random numbers if a small random seed is +provided.} message entropy_enter_manual2 -{They should contain at last 256 bits of randomness, as in 256 coin -tosses, 100 throws of a 6-sided die, 64 random hexadecimal digits, or -(if you are able to copy & paste output from another machine into this -installer) the output from running the following command on another -machine whose randomness you trust:} - -message entropy_enter_manual3 -{Do not use the same data for multiple installations. -Terminate the input with an empty line.} +{Supply input to be used as a random seed:} message entropy_manual_not_enough {You did not enter enough characters!} - -message entropy_select_file -{Please select how you want to transfer the random data file -to this machine:} - -message entropy_add_download_ftp -{Download via ftp} - -message entropy_add_download_http -{Download via http} - -message download_entropy -{Start download} - -message entropy_add_nfs -{Load from a NFS share} - -message entropy_add_local -{Load from a local file system (e.g. a USB device)} - -message entropy_file -{Path/file} - -message load_entropy -{Load random data} - -message set_entropy_file -{Random data file path} - -/* Called with: Example - * $0 = content of file NetBSD entropy seed file - */ -message entropy_via_nfs -{Select a server, a share and the file path to load the $0.} - -/* Called with: Example - * $0 = content of file NetBSD entropy seed file - */ -message entropy_via_download -{Since not enough entropy is available on this system, all crytographic -operations are suspect to replay attacks. -Please only use trustworthy local networks.} - -message entropy_data -{random data binary file} - -message entropy_data_hdr -{On a system with cryptographically strong pseudo random number generator -you can create a file with random binary data like this:} - -message entropy_seed -{NetBSD entropy seed file} - -message entropy_seed_hdr -{On a NetBSD system with cryptographically strong pseudo random number -generator you can create an entropy snapshot like this:} - -message entropy_path_and_file -{Path and filename} - -message entropy_localfs -{Enter the unmounted local device and directory on that device where -the random data is located.} - Index: util.c =================================================================== RCS file: /cvsroot/src/usr.sbin/sysinst/util.c,v retrieving revision 1.56 diff -u -r1.56 util.c --- util.c 10 Nov 2020 09:14:01 -0000 1.56 +++ util.c 13 Nov 2020 00:12:34 -0000 @@ -1158,8 +1158,6 @@ msg_display(MSG_entropy_enter_manual1); msg_printf("\n\n"); msg_display_add(MSG_entropy_enter_manual2); - msg_printf("\n\n dd if=/dev/random bs=32 count=16 | openssl base64\n\n"); - msg_display_add(MSG_entropy_enter_manual3); msg_printf("\n\n"); SHA256_Init(&ctx); line_no = 1; @@ -1181,193 +1179,16 @@ } /* - * Get a file by some means and return a (potentially only - * temporary valid) path to the local copy. - * If mountpt is nonempty, the caller should unmount that - * directory after processing the file. - * Return success if the file is available, or failure if - * the user cancelled the request or network transfer failed. - */ -static bool -entropy_get_file(bool use_netbsd_seed, char *path) -{ - static struct ftpinfo server = { .user = "ftp" }; - char url[STRSIZE], tmpf[PATH_MAX], mountpt[PATH_MAX]; - const char *ftp_opt; - arg_rv arg; - int rv = 0; - const char *file_desc = msg_string(use_netbsd_seed ? - MSG_entropy_seed : MSG_entropy_data); - char *dir; - - path[0] = 0; - mountpt[0] = 0; - - sprintf(tmpf, "/tmp/entr.%06x", getpid()); - - msg_display(use_netbsd_seed ? - MSG_entropy_seed_hdr : MSG_entropy_data_hdr); - msg_printf("\n\n %s\n\n", - use_netbsd_seed ? - "rndctl -S /tmp/entropy-file" : - "dd if=/dev/random bs=32 count=1 of=/tmp/random.tmp"); - strcpy(entropy_file, use_netbsd_seed ? - "entropy-file" : "random.tmp"); - process_menu(MENU_entropy_select_file, &rv); - switch (rv) { - case 1: - case 2: -#ifndef DEBUG - if (!network_up) - config_network(); -#endif - server.xfer = rv == 1 ? XFER_HTTP : XFER_FTP; - arg.arg = &server; - arg.rv = -1; - msg_display_add_subst(MSG_entropy_via_download, 1, file_desc); - msg_printf("\n\n"); - process_menu(MENU_entropy_ftpsource, &arg); - if (arg.rv == SET_RETRY) - return false; - make_url(url, &server, entropy_file); - if (server.xfer == XFER_FTP && - strcmp("ftp", server.user) == 0 && server.pass[0] == 0) { - /* do anon ftp */ - ftp_opt = "-a "; - } else { - ftp_opt = ""; - } - rv = run_program(RUN_DISPLAY | RUN_PROGRESS, - "/usr/bin/ftp %s -o %s %s", - ftp_opt, tmpf, url); - strcpy(path, tmpf); - return rv == 0; - case 3: -#ifndef DEBUG - if (!network_up) - config_network(); -#endif - rv = -1; - msg_display_add_subst(MSG_entropy_via_nfs, 1, file_desc); - msg_printf("\n\n"); - process_menu(MENU_entropy_nfssource, &rv); - if (rv == SET_RETRY) - return false; - if (nfs_host[0] != 0 && nfs_dir[0] != 0 && - entropy_file[0] != 0) { - strcpy(mountpt, "/tmp/ent-mnt.XXXXXX"); - dir = mkdtemp(mountpt); - if (dir == NULL) - return false; - sprintf(path, "%s/%s", mountpt, entropy_file); - if (run_program(RUN_SILENT, - "mount -t nfs -r %s:/%s %s", - nfs_host, nfs_dir, mountpt) == 0) { - run_program(RUN_SILENT, - "cp %s %s", path, tmpf); - run_program(RUN_SILENT, - "umount %s", mountpt); - rmdir(mountpt); - strcpy(path, tmpf); - } - } - break; - case 4: - rv = -1; - /* Get device, filesystem, and filepath */ - process_menu (MENU_entropy_localfs, &rv); - if (rv == SET_RETRY) - return false; - if (localfs_dev[0] != 0 && localfs_fs[0] != 0 && - entropy_file[0] != 0) { - strcpy(mountpt, "/tmp/ent-mnt.XXXXXX"); - dir = mkdtemp(mountpt); - if (dir == NULL) - return false; - sprintf(path, "%s/%s", mountpt, entropy_file); - if (run_program(RUN_SILENT, - "mount -t %s -r /dev/%s %s", - localfs_fs, localfs_dev, mountpt) == 0) { - run_program(RUN_SILENT, - "cp %s %s", path, tmpf); - run_program(RUN_SILENT, - "umount %s", mountpt); - rmdir(mountpt); - strcpy(path, tmpf); - } - } - break; - } - return path[0] != 0; -} - -static void -entropy_add_bin_file(void) -{ - char fname[PATH_MAX]; - - if (!entropy_get_file(false, fname)) - return; - if (access(fname, R_OK) == 0) - run_program(RUN_SILENT, "dd if=%s of=" _PATH_RANDOM, - fname); -} - -static void -entropy_add_seed(void) -{ - char fname[PATH_MAX]; - - if (!entropy_get_file(true, fname)) - return; - if (access(fname, R_OK) == 0) - run_program(RUN_SILENT, "rndctl -L %s", fname); -} - -/* * return true if we have enough entropy */ bool do_check_entropy(void) { - int rv; - - if (entropy_needed() == 0) - return true; - for (;;) { if (entropy_needed() == 0) return true; - msg_clear(); - rv = 0; - process_menu(MENU_not_enough_entropy, &rv); - switch (rv) { - case 0: - return false; - case 1: - entropy_add_manual(); - break; - case 2: - entropy_add_seed(); - break; - case 3: - entropy_add_bin_file(); - break; - default: - /* - * retry after small delay to give a new USB device - * a chance to attach and do deliver some - * entropy - */ - msg_display("."); - for (size_t i = 0; i < 10; i++) { - if (entropy_needed() == 0) - return true; - sleep(1); - msg_display_add("."); - } - } + entropy_add_manual(); } } #endif