diff options
author | des <des@FreeBSD.org> | 2014-11-02 01:47:27 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2014-11-02 01:47:27 +0000 |
commit | 79cf481147176a7adeb670c9a1d0012e2bb2c606 (patch) | |
tree | 54a33f8a84924e39197c127babbb6284c45fe5f6 /etc/rc.d | |
parent | 22a53e3b5ace7a690b1f0bb73f790f6d348f9b24 (diff) | |
download | FreeBSD-src-79cf481147176a7adeb670c9a1d0012e2bb2c606.zip FreeBSD-src-79cf481147176a7adeb670c9a1d0012e2bb2c606.tar.gz |
Get rid of the postrandom script. It was born in a time when the
random script ran before filesystems were mounted, which is no
longer the case.
In random_start(), immediately delete each file that is fed into
/dev/random, and recreate the default entropy file immediately
after reading and deleting it. The logic used in random_stop()
to determine which file to write to should probably be factored
out and used here as well.
Diffstat (limited to 'etc/rc.d')
-rw-r--r-- | etc/rc.d/Makefile | 1 | ||||
-rwxr-xr-x | etc/rc.d/adjkerntz | 2 | ||||
-rwxr-xr-x | etc/rc.d/postrandom | 41 | ||||
-rwxr-xr-x | etc/rc.d/random | 51 |
4 files changed, 35 insertions, 60 deletions
diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile index f42b207..bfa22bf 100644 --- a/etc/rc.d/Makefile +++ b/etc/rc.d/Makefile @@ -112,7 +112,6 @@ FILES= DAEMON \ pf \ pflog \ pfsync \ - postrandom \ powerd \ power_profile \ ppp \ diff --git a/etc/rc.d/adjkerntz b/etc/rc.d/adjkerntz index 03f6159..18a8220 100755 --- a/etc/rc.d/adjkerntz +++ b/etc/rc.d/adjkerntz @@ -4,7 +4,7 @@ # # PROVIDE: adjkerntz -# REQUIRE: FILESYSTEMS postrandom +# REQUIRE: FILESYSTEMS # BEFORE: netif # KEYWORD: nojail diff --git a/etc/rc.d/postrandom b/etc/rc.d/postrandom deleted file mode 100755 index 3a60830..0000000 --- a/etc/rc.d/postrandom +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# PROVIDE: postrandom -# REQUIRE: random FILESYSTEMS -# BEFORE: LOGIN -# KEYWORD: nojail - -. /etc/rc.subr - -name="postrandom" -start_cmd="${name}_start" -stop_cmd=":" - -# This will remove old ${entropy_file} and generate a new one. -# According to Bruce Schneier, this is strongly recommended in order -# to avoid using same ${entropy_file} across reboots. -# Reference: Chapter 10.6, Practical Cryptography, ISBN: 0-471-22357-3 - -postrandom_start() -{ - /etc/rc.d/random fastsaveseed - - case ${entropy_dir} in - [Nn][Oo]) - ;; - *) - entropy_dir=${entropy_dir:-/var/db/entropy} - if [ -d "${entropy_dir}" ]; then - if [ -w /dev/random ]; then - rm -f ${entropy_dir}/* - fi - fi - ;; - esac -} - -load_rc_config random -run_rc_command "$1" diff --git a/etc/rc.d/random b/etc/rc.d/random index c7da932..2420a39 100755 --- a/etc/rc.d/random +++ b/etc/rc.d/random @@ -17,41 +17,58 @@ stop_cmd="random_stop" extra_commands="saveseed" saveseed_cmd="${name}_stop" +save_dev_random() +{ + for f ; do + if :>>"$f" ; then + debug "saving entropy to $f" + dd if=/dev/random of="$f" bs=4096 count=1 2>/dev/null + fi + done +} + feed_dev_random() { - if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then - cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null - fi + for f ; do + if [ -f "$f" -a -r "$f" -a -s "$f" ] ; then + if dd if="$f" of=/dev/random bs=4096 2>/dev/null ; then + debug "entropy read from $f" + rm -f "$f" + fi + fi + done } random_start() { + echo -n 'Feeding entropy:' + + if [ ! -w /dev/random ] ; then + warn "/dev/random is not writeable" + return 1 + fi + # Reseed /dev/random with previously stored entropy. - case ${entropy_dir} in + case ${entropy_dir:=/var/db/entropy} in [Nn][Oo]) ;; *) - entropy_dir=${entropy_dir:-/var/db/entropy} - if [ -d "${entropy_dir}" ]; then - if [ -w /dev/random ]; then - for seedfile in ${entropy_dir}/*; do - feed_dev_random "${seedfile}" - done - fi + if [ -d "${entropy_dir}" ] ; then + feed_dev_random "${entropy_dir}"/* fi ;; esac - case ${entropy_file} in + case ${entropy_file:=/entropy} in [Nn][Oo] | '') ;; *) - if [ -w /dev/random ]; then - feed_dev_random "${entropy_file}" - feed_dev_random /var/db/entropy-file - fi + feed_dev_random "${entropy_file}" /var/db/entropy-file + save_dev_random "${entropy_file}" ;; esac + + echo '.' } random_stop() @@ -59,7 +76,7 @@ random_stop() # Write some entropy so when the machine reboots /dev/random # can be reseeded # - case ${entropy_file} in + case ${entropy_file:=/entropy} in [Nn][Oo] | '') ;; *) |