Encryption patch follow-up

* PBKDF2 implementation changed to OpenSSL implementation. * HKDF implementation moved to its own file and tests added to ensure correctness. * Removed libzfs's now unnecessary dependency on libzpool and libicp. * Ztest can now create and test encrypted datasets. This is currently disabled until issue #6526 is resolved, but otherwise functions as advertised. * Several small bug fixes discovered after enabling ztest to run on encrypted datasets. * Fixed coverity defects added by the encryption patch. * Updated man pages for encrypted send / receive behavior. * Fixed a bug where encrypted datasets could receive DRR_WRITE_EMBEDDED records. * Minor code cleanups / consolidation. Signed-off-by: Tom Caputi <tcaputi@datto.com>
2026-05-23 19:04:45 +03:00 · 2017-09-12 16:15:11 -04:00
parent 94d49e8f9b
commit 4807c0badb
41 changed files with 1056 additions and 434 deletions
@@ -146,6 +146,15 @@ function store_core
 	fi
 }

+rngdpid=""
+function on_exit
+{
+	if [ -n "$rngdpid" ]; then
+		kill -9 "$rngdpid"
+	fi
+}
+trap on_exit EXIT
+
 # parse arguments
 # expected format: zloop [-t timeout] [-c coredir] [-- extra ztest args]
 coredir=$DEFAULTCOREDIR
@@ -191,6 +200,9 @@ or_die rm -f ztest.history
 or_die rm -f ztest.ddt
 or_die rm -f ztest.cores

+# start rngd in the background so we don't run out of entropy
+or_die read -r rngdpid < <(rngd -f -r /dev/urandom & echo $!)
+
 ztrc=0		# ztest return value
 foundcrashes=0	# number of crashes found so far
 starttime=$(date +%s)