Get rid of the postrandom script. It was born in a time when the

random script ran before filesystems were mounted, which is no
longer the case.

In random_start(), immediately delete each file that is fed into
/dev/random, and recreate the default entropy file immediately
after reading and deleting it.  The logic used in random_stop()
to determine which file to write to should probably be factored
out and used here as well.

4 files changed, 35 insertions, 60 deletions

diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile
index f42b207..bfa22bf 100644
--- a/etc/rc.d/Makefile
+++ b/etc/rc.d/Makefile
@@ -112,7 +112,6 @@ FILES=	DAEMON \
 	pf \
 	pflog \
 	pfsync \
-	postrandom \
 	powerd \
 	power_profile \
 	ppp \
diff --git a/etc/rc.d/adjkerntz b/etc/rc.d/adjkerntz
index 03f6159..18a8220 100755
--- a/etc/rc.d/adjkerntz
+++ b/etc/rc.d/adjkerntz
@@ -4,7 +4,7 @@
 #
 
 # PROVIDE: adjkerntz
-# REQUIRE: FILESYSTEMS postrandom
+# REQUIRE: FILESYSTEMS
 # BEFORE: netif
 # KEYWORD: nojail
 
diff --git a/etc/rc.d/postrandom b/etc/rc.d/postrandom
deleted file mode 100755
index 3a60830..0000000
--- a/etc/rc.d/postrandom
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# PROVIDE: postrandom
-# REQUIRE: random FILESYSTEMS
-# BEFORE: LOGIN
-# KEYWORD: nojail
-
-. /etc/rc.subr
-
-name="postrandom"
-start_cmd="${name}_start"
-stop_cmd=":"
-
-# This will remove old ${entropy_file} and generate a new one.
-# According to Bruce Schneier, this is strongly recommended in order
-# to avoid using same ${entropy_file} across reboots.
-# Reference: Chapter 10.6, Practical Cryptography, ISBN: 0-471-22357-3
-
-postrandom_start()
-{
-	/etc/rc.d/random fastsaveseed
-
-	case ${entropy_dir} in
-	[Nn][Oo])
-		;;
-	*)
-		entropy_dir=${entropy_dir:-/var/db/entropy}
-		if [ -d "${entropy_dir}" ]; then
-			if [ -w /dev/random ]; then
-				rm -f ${entropy_dir}/*
-			fi
-		fi
-		;;
-	esac
-}
-
-load_rc_config random
-run_rc_command "$1"
diff --git a/etc/rc.d/random b/etc/rc.d/random
index c7da932..2420a39 100755
--- a/etc/rc.d/random
+++ b/etc/rc.d/random
@@ -17,41 +17,58 @@ stop_cmd="random_stop"
 extra_commands="saveseed"
 saveseed_cmd="${name}_stop"
 
+save_dev_random()
+{
+	for f ; do
+		if :>>"$f" ; then
+			debug "saving entropy to $f"
+			dd if=/dev/random of="$f" bs=4096 count=1 2>/dev/null
+		fi
+	done
+}
+
 feed_dev_random()
 {
-	if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then
-		cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null
-	fi
+	for f ; do
+		if [ -f "$f" -a -r "$f" -a -s "$f" ] ; then
+			if dd if="$f" of=/dev/random bs=4096 2>/dev/null ; then
+				debug "entropy read from $f"
+				rm -f "$f"
+			fi
+		fi
+	done
 }
 
 random_start()
 {
+	echo -n 'Feeding entropy:'
+
+	if [ ! -w /dev/random ] ; then
+		warn "/dev/random is not writeable"
+		return 1
+	fi
+
 	# Reseed /dev/random with previously stored entropy.
-	case ${entropy_dir} in
+	case ${entropy_dir:=/var/db/entropy} in
 	[Nn][Oo])
 		;;
 	*)
-		entropy_dir=${entropy_dir:-/var/db/entropy}
-		if [ -d "${entropy_dir}" ]; then
-			if [ -w /dev/random ]; then
-				for seedfile in ${entropy_dir}/*; do
-					feed_dev_random "${seedfile}"
-				done
-			fi
+		if [ -d "${entropy_dir}" ] ; then
+			feed_dev_random "${entropy_dir}"/*
 		fi
 		;;
 	esac
 
-	case ${entropy_file} in
+	case ${entropy_file:=/entropy} in
 	[Nn][Oo] | '')
 		;;
 	*)
-		if [ -w /dev/random ]; then
-			feed_dev_random "${entropy_file}"
-			feed_dev_random /var/db/entropy-file
-		fi
+		feed_dev_random "${entropy_file}" /var/db/entropy-file
+		save_dev_random "${entropy_file}"
 		;;
 	esac
+
+	echo '.'
 }
 
 random_stop()
@@ -59,7 +76,7 @@ random_stop()
 	# Write some entropy so when the machine reboots /dev/random
 	# can be reseeded
 	#
-	case ${entropy_file} in
+	case ${entropy_file:=/entropy} in
 	[Nn][Oo] | '')
 		;;
 	*)