1103474a1b
Not doing so opens us up to replay attacks. Submitted by: Arthur Mesh <arthurmesh@gmail.com> Sponsored by: Juniper Networks
97 lines
1.7 KiB
Bash
Executable File
97 lines
1.7 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# $FreeBSD$
|
|
#
|
|
|
|
# PROVIDE: random
|
|
# REQUIRE: initrandom var
|
|
# BEFORE: netif
|
|
# KEYWORD: nojail shutdown
|
|
|
|
. /etc/rc.subr
|
|
|
|
name="random"
|
|
start_cmd="random_start"
|
|
stop_cmd="random_stop"
|
|
|
|
extra_commands="saveseed"
|
|
saveseed_cmd="${name}_stop"
|
|
|
|
feed_dev_random()
|
|
{
|
|
if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then
|
|
cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null
|
|
fi
|
|
}
|
|
|
|
random_start()
|
|
{
|
|
# Reseed /dev/random with previously stored entropy.
|
|
case ${entropy_dir} in
|
|
[Nn][Oo])
|
|
;;
|
|
*)
|
|
entropy_dir=${entropy_dir:-/var/db/entropy}
|
|
if [ -d "${entropy_dir}" ]; then
|
|
if [ -w /dev/random ]; then
|
|
for seedfile in ${entropy_dir}/*; do
|
|
feed_dev_random "${seedfile}"
|
|
done
|
|
fi
|
|
fi
|
|
;;
|
|
esac
|
|
|
|
case ${entropy_file} in
|
|
[Nn][Oo] | '')
|
|
;;
|
|
*)
|
|
if [ -w /dev/random ]; then
|
|
feed_dev_random "${entropy_file}"
|
|
feed_dev_random /var/db/entropy-file
|
|
fi
|
|
;;
|
|
esac
|
|
}
|
|
|
|
random_stop()
|
|
{
|
|
# Write some entropy so when the machine reboots /dev/random
|
|
# can be reseeded
|
|
#
|
|
case ${entropy_file} in
|
|
[Nn][Oo] | '')
|
|
;;
|
|
*)
|
|
echo -n 'Writing entropy file:'
|
|
rm -f ${entropy_file} 2> /dev/null
|
|
oumask=`umask`
|
|
umask 077
|
|
if touch ${entropy_file} 2> /dev/null; then
|
|
entropy_file_confirmed="${entropy_file}"
|
|
else
|
|
# Try this as a reasonable alternative for read-only
|
|
# roots, diskless workstations, etc.
|
|
rm -f /var/db/entropy-file 2> /dev/null
|
|
if touch /var/db/entropy-file 2> /dev/null; then
|
|
entropy_file_confirmed=/var/db/entropy-file
|
|
fi
|
|
fi
|
|
case ${entropy_file_confirmed} in
|
|
'')
|
|
warn 'write failed (read-only fs?)'
|
|
;;
|
|
*)
|
|
dd if=/dev/random of=${entropy_file_confirmed} \
|
|
bs=4096 count=1 2> /dev/null
|
|
echo '.'
|
|
;;
|
|
esac
|
|
umask ${oumask}
|
|
;;
|
|
esac
|
|
}
|
|
|
|
load_rc_config $name
|
|
run_rc_command "$1"
|