1#!/bin/sh 2# 3# $FreeBSD$ 4# 5 6# PROVIDE: random 7# REQUIRE: FILESYSTEMS 8# BEFORE: netif 9# KEYWORD: nojail shutdown 10 11. /etc/rc.subr 12 13name="random" 14start_cmd="random_start" 15stop_cmd="random_stop" 16 17extra_commands="saveseed" 18saveseed_cmd="${name}_stop" 19 20save_dev_random() 21{ 22 for f ; do 23 if :>>"$f" ; then 24 debug "saving entropy to $f" 25 dd if=/dev/random of="$f" bs=4096 count=1 2>/dev/null 26 fi 27 done 28} 29 30feed_dev_random() 31{ 32 for f ; do 33 if [ -f "$f" -a -r "$f" -a -s "$f" ] ; then 34 if dd if="$f" of=/dev/random bs=4096 2>/dev/null ; then 35 debug "entropy read from $f" 36 rm -f "$f" 37 fi 38 fi 39 done 40} 41 42random_start() 43{ 44 45 if [ ${harvest_mask} -gt 0 ]; then 46 echo -n 'Setting up harvesting:' 47 ${SYSCTL} kern.random.harvest.mask=${harvest_mask} > /dev/null 48 ${SYSCTL_N} kern.random.harvest.mask_symbolic 49 fi 50 51 echo -n 'Feeding entropy:' 52 53 if [ ! -w /dev/random ] ; then 54 warn "/dev/random is not writeable" 55 return 1 56 fi 57 58 # Reseed /dev/random with previously stored entropy. 59 case ${entropy_dir:=/var/db/entropy} in 60 [Nn][Oo]) 61 ;; 62 *) 63 if [ -d "${entropy_dir}" ] ; then 64 feed_dev_random "${entropy_dir}"/* 65 fi 66 ;; 67 esac 68 69 case ${entropy_file:=/entropy} in 70 [Nn][Oo]) 71 ;; 72 *) 73 feed_dev_random "${entropy_file}" /var/db/entropy-file 74 save_dev_random "${entropy_file}" 75 ;; 76 esac 77 78 case ${entropy_boot_file:=/boot/entropy} in 79 [Nn][Oo]) 80 ;; 81 *) 82 save_dev_random "${entropy_boot_file}" 83 ;; 84 esac 85 86 echo '.' 87} 88 89random_stop() 90{ 91 # Write some entropy so when the machine reboots /dev/random 92 # can be reseeded 93 # 94 case ${entropy_file:=/entropy} in 95 [Nn][Oo]) 96 ;; 97 *) 98 echo -n 'Writing entropy file:' 99 rm -f ${entropy_file} 2> /dev/null 100 oumask=`umask` 101 umask 077 102 if touch ${entropy_file} 2> /dev/null; then 103 entropy_file_confirmed="${entropy_file}" 104 else 105 # Try this as a reasonable alternative for read-only 106 # roots, diskless workstations, etc. 107 rm -f /var/db/entropy-file 2> /dev/null 108 if touch /var/db/entropy-file 2> /dev/null; then 109 entropy_file_confirmed=/var/db/entropy-file 110 fi 111 fi 112 case ${entropy_file_confirmed} in 113 '') 114 warn 'write failed (read-only fs?)' 115 ;; 116 *) 117 dd if=/dev/random of=${entropy_file_confirmed} \ 118 bs=4096 count=1 2> /dev/null || 119 warn 'write failed (unwriteable file or full fs?)' 120 echo '.' 121 ;; 122 esac 123 umask ${oumask} 124 ;; 125 esac 126 case ${entropy_boot_file:=/boot/entropy} in 127 [Nn][Oo]) 128 ;; 129 *) 130 echo -n 'Writing early boot entropy file:' 131 rm -f ${entropy_boot_file} 2> /dev/null 132 oumask=`umask` 133 umask 077 134 if touch ${entropy_boot_file} 2> /dev/null; then 135 entropy_boot_file_confirmed="${entropy_boot_file}" 136 fi 137 case ${entropy_boot_file_confirmed} in 138 '') 139 warn 'write failed (read-only fs?)' 140 ;; 141 *) 142 dd if=/dev/random of=${entropy_boot_file_confirmed} \ 143 bs=4096 count=1 2> /dev/null || 144 warn 'write failed (unwriteable file or full fs?)' 145 echo '.' 146 ;; 147 esac 148 umask ${oumask} 149 ;; 150 esac 151} 152 153load_rc_config $name 154run_rc_command "$1" 155