Add entropy caching. With this, some entropy is cached at shutdown

time, and this is used to reseed the random number generator at boot time. NOTE - this has no hope of working if you halt(); you need to execute rc.shutdown to get the entropy stash.
2000-07-17 12:28:58 +00:00 · 2000-07-17 12:28:58 +00:00 · 6a39de8a71
commit 6a39de8a71
parent 2e73d3a1fa
3 changed files with 31 additions and 0 deletions
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@ -291,6 +291,8 @@ kern_securelevel_enable="NO"	# kernel security level (see init(8)),
 kern_securelevel="-1"	# range: -1..3 ; `-1' is the most insecure
 update_motd="YES"	# update version info in /etc/motd (or NO)
 start_vinum=""		# set to YES to start vinum
+entropy_file="/var/db/entropy"
+			# Set to NO to disable caching entropy through reboots

 ##############################################################
 ### Define source_rc_confs, the mechanism used by /etc/rc.* ##
--- a/etc/rc
+++ b/etc/rc
@ -132,6 +132,20 @@ if [ -n "${diskless_mount}" -a -r "${diskless_mount}" ]; then
 		sh ${diskless_mount}
 fi

+# Recover some entropy so the rebooting /dev/random can reseed
+#
+case ${entropy_file} in
+[Nn][Oo] | '')
+	;;
+*)
+	if [ -f ${entropy_file} -a -r ${entropy_file} ] ; then
+		echo -n "Reading entropy file"
+		cat ${entropy_file} > /dev/random
+		rm -f ${entropy_file}
+	fi
+	;;
+esac
+
 adjkerntz -i

 clean_var() {
--- a/etc/rc.shutdown
+++ b/etc/rc.shutdown
@ -26,6 +26,21 @@ elif [ -r /etc/rc.conf ]; then
 	. /etc/rc.conf
 fi

+# Write some entropy so the rebooting /dev/random can reseed
+#
+case ${entropy_file} in
+[Nn][Oo] | '')
+	;;
+*)
+	if [ -f ${entropy_file} -a -r ${entropy_file} ] ; then
+		echo -n "Writing entropy file"
+		touch ${entropy_file} && \
+			chmod 600 ${entropy_file} && \
+			dd if=/dev/random of=${entropy_file} bs=4096 count=1
+	fi
+	;;
+esac
+
 # Check if /var/db/mounttab is clean.
 case $1 in
 reboot)