From 6a39de8a71bd177ebc0d03e048e99ccb5828c020 Mon Sep 17 00:00:00 2001 From: markm Date: Mon, 17 Jul 2000 12:28:58 +0000 Subject: [PATCH] Add entropy caching. With this, some entropy is cached at shutdown time, and this is used to reseed the random number generator at boot time. NOTE - this has no hope of working if you halt(); you need to execute rc.shutdown to get the entropy stash. --- etc/defaults/rc.conf | 2 ++ etc/rc | 14 ++++++++++++++ etc/rc.shutdown | 15 +++++++++++++++ 3 files changed, 31 insertions(+) diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index 36a89ffe34b7..fcdf302f5b99 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -291,6 +291,8 @@ kern_securelevel_enable="NO" # kernel security level (see init(8)), kern_securelevel="-1" # range: -1..3 ; `-1' is the most insecure update_motd="YES" # update version info in /etc/motd (or NO) start_vinum="" # set to YES to start vinum +entropy_file="/var/db/entropy" + # Set to NO to disable caching entropy through reboots ############################################################## ### Define source_rc_confs, the mechanism used by /etc/rc.* ## diff --git a/etc/rc b/etc/rc index 6d03e4936f79..47d15b44075a 100644 --- a/etc/rc +++ b/etc/rc @@ -132,6 +132,20 @@ if [ -n "${diskless_mount}" -a -r "${diskless_mount}" ]; then sh ${diskless_mount} fi +# Recover some entropy so the rebooting /dev/random can reseed +# +case ${entropy_file} in +[Nn][Oo] | '') + ;; +*) + if [ -f ${entropy_file} -a -r ${entropy_file} ] ; then + echo -n "Reading entropy file" + cat ${entropy_file} > /dev/random + rm -f ${entropy_file} + fi + ;; +esac + adjkerntz -i clean_var() { diff --git a/etc/rc.shutdown b/etc/rc.shutdown index 0d93bcf60460..7014c70e75f4 100644 --- a/etc/rc.shutdown +++ b/etc/rc.shutdown @@ -26,6 +26,21 @@ elif [ -r /etc/rc.conf ]; then . /etc/rc.conf fi +# Write some entropy so the rebooting /dev/random can reseed +# +case ${entropy_file} in +[Nn][Oo] | '') + ;; +*) + if [ -f ${entropy_file} -a -r ${entropy_file} ] ; then + echo -n "Writing entropy file" + touch ${entropy_file} && \ + chmod 600 ${entropy_file} && \ + dd if=/dev/random of=${entropy_file} bs=4096 count=1 + fi + ;; +esac + # Check if /var/db/mounttab is clean. case $1 in reboot)