freebsd-skq/etc/rc.d/random
obrien 1103474a1b Remove old entropy seeding after consumption initializing /dev/random PRNG.
Not doing so opens us up to replay attacks.

Submitted by:	Arthur Mesh <arthurmesh@gmail.com>
Sponsored by:	Juniper Networks
2012-08-22 18:43:21 +00:00

97 lines
1.7 KiB
Bash
Executable File

#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: random
# REQUIRE: initrandom var
# BEFORE: netif
# KEYWORD: nojail shutdown
. /etc/rc.subr
name="random"
start_cmd="random_start"
stop_cmd="random_stop"
extra_commands="saveseed"
saveseed_cmd="${name}_stop"
feed_dev_random()
{
if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then
cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null
fi
}
random_start()
{
# Reseed /dev/random with previously stored entropy.
case ${entropy_dir} in
[Nn][Oo])
;;
*)
entropy_dir=${entropy_dir:-/var/db/entropy}
if [ -d "${entropy_dir}" ]; then
if [ -w /dev/random ]; then
for seedfile in ${entropy_dir}/*; do
feed_dev_random "${seedfile}"
done
fi
fi
;;
esac
case ${entropy_file} in
[Nn][Oo] | '')
;;
*)
if [ -w /dev/random ]; then
feed_dev_random "${entropy_file}"
feed_dev_random /var/db/entropy-file
fi
;;
esac
}
random_stop()
{
# Write some entropy so when the machine reboots /dev/random
# can be reseeded
#
case ${entropy_file} in
[Nn][Oo] | '')
;;
*)
echo -n 'Writing entropy file:'
rm -f ${entropy_file} 2> /dev/null
oumask=`umask`
umask 077
if touch ${entropy_file} 2> /dev/null; then
entropy_file_confirmed="${entropy_file}"
else
# Try this as a reasonable alternative for read-only
# roots, diskless workstations, etc.
rm -f /var/db/entropy-file 2> /dev/null
if touch /var/db/entropy-file 2> /dev/null; then
entropy_file_confirmed=/var/db/entropy-file
fi
fi
case ${entropy_file_confirmed} in
'')
warn 'write failed (read-only fs?)'
;;
*)
dd if=/dev/random of=${entropy_file_confirmed} \
bs=4096 count=1 2> /dev/null
echo '.'
;;
esac
umask ${oumask}
;;
esac
}
load_rc_config $name
run_rc_command "$1"