19c600e7dSMatthew Dillon#!/bin/sh 29c600e7dSMatthew Dillon# 39c600e7dSMatthew Dillon# $FreeBSD: src/etc/rc.d/random,v 1.3 2003/04/18 17:55:05 mtm Exp $ 49c600e7dSMatthew Dillon# 59c600e7dSMatthew Dillon 69c600e7dSMatthew Dillon# PROVIDE: random 79c600e7dSMatthew Dillon# REQUIRE: diskless mountcritlocal initrandom 8*ce083385SAaron LI# BEFORE: FILESYSTEMS 9696a5717SSascha Wildner# KEYWORD: shutdown 109c600e7dSMatthew Dillon 119c600e7dSMatthew Dillon. /etc/rc.subr 129c600e7dSMatthew Dillon 139c600e7dSMatthew Dillonname="random" 149c600e7dSMatthew Dillonstart_cmd="random_start" 159c600e7dSMatthew Dillonstop_cmd="random_stop" 169c600e7dSMatthew Dillon 179c600e7dSMatthew Dillonfeed_dev_random() 189c600e7dSMatthew Dillon{ 199c600e7dSMatthew Dillon if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then 20b0a4258dSAaron LI ${SYSCTL_W} kern.seedenable=1 >/dev/null 21ceccfc6bSAlex Hornung # Feed using a small block size so that a pool-based CSPRNG 22ceccfc6bSAlex Hornung # is more likely to distribute the entropy over several 23ceccfc6bSAlex Hornung # pools 24ceccfc6bSAlex Hornung cat "${1}" | dd of=/dev/random bs=512 2>/dev/null 25b0a4258dSAaron LI ${SYSCTL_W} kern.seedenable=0 >/dev/null 269c600e7dSMatthew Dillon fi 279c600e7dSMatthew Dillon} 289c600e7dSMatthew Dillon 299c600e7dSMatthew Dillonrandom_start() 309c600e7dSMatthew Dillon{ 319c600e7dSMatthew Dillon # Reseed /dev/random with previously stored entropy. 329c600e7dSMatthew Dillon case ${entropy_dir} in 33ceccfc6bSAlex Hornung [Nn][Oo] | '') 349c600e7dSMatthew Dillon ;; 359c600e7dSMatthew Dillon *) 369c600e7dSMatthew Dillon entropy_dir=${entropy_dir:-/var/db/entropy} 379c600e7dSMatthew Dillon if [ -d "${entropy_dir}" ]; then 389c600e7dSMatthew Dillon if [ -w /dev/random ]; then 399c600e7dSMatthew Dillon for seedfile in ${entropy_dir}/*; do 409c600e7dSMatthew Dillon feed_dev_random "${seedfile}" 419c600e7dSMatthew Dillon done 429c600e7dSMatthew Dillon fi 439c600e7dSMatthew Dillon fi 449c600e7dSMatthew Dillon ;; 459c600e7dSMatthew Dillon esac 469c600e7dSMatthew Dillon 479c600e7dSMatthew Dillon case ${entropy_file} in 489c600e7dSMatthew Dillon [Nn][Oo] | '') 499c600e7dSMatthew Dillon ;; 509c600e7dSMatthew Dillon *) 519c600e7dSMatthew Dillon if [ -w /dev/random ]; then 529c600e7dSMatthew Dillon feed_dev_random "${entropy_file}" 539c600e7dSMatthew Dillon fi 549c600e7dSMatthew Dillon ;; 559c600e7dSMatthew Dillon esac 569c600e7dSMatthew Dillon} 579c600e7dSMatthew Dillon 589c600e7dSMatthew Dillonrandom_stop() 599c600e7dSMatthew Dillon{ 60ef93e7b8SThomas Nikolajsen # Write some entropy so when the machine reboots /dev/random 619c600e7dSMatthew Dillon # can be reseeded 629c600e7dSMatthew Dillon # 639c600e7dSMatthew Dillon case ${entropy_file} in 649c600e7dSMatthew Dillon [Nn][Oo] | '') 659c600e7dSMatthew Dillon ;; 669c600e7dSMatthew Dillon *) 679c600e7dSMatthew Dillon echo -n 'Writing entropy file:' 689c600e7dSMatthew Dillon rm -f ${entropy_file} 699c600e7dSMatthew Dillon oumask=`umask` 709c600e7dSMatthew Dillon umask 077 719c600e7dSMatthew Dillon if touch ${entropy_file}; then 729c600e7dSMatthew Dillon entropy_file_confirmed="${entropy_file}" 739c600e7dSMatthew Dillon fi 749c600e7dSMatthew Dillon case ${entropy_file_confirmed} in 759c600e7dSMatthew Dillon '') 76ceccfc6bSAlex Hornung err 1 '${entropy_file}:' \ 779c600e7dSMatthew Dillon ' entropy file write failed.' 789c600e7dSMatthew Dillon ;; 799c600e7dSMatthew Dillon *) 809c600e7dSMatthew Dillon dd if=/dev/random of=${entropy_file_confirmed} \ 81ceccfc6bSAlex Hornung bs=${entropy_save_sz} count=1 2> /dev/null 829c600e7dSMatthew Dillon echo '.' 839c600e7dSMatthew Dillon ;; 849c600e7dSMatthew Dillon esac 859c600e7dSMatthew Dillon umask ${oumask} 869c600e7dSMatthew Dillon ;; 879c600e7dSMatthew Dillon esac 889c600e7dSMatthew Dillon} 899c600e7dSMatthew Dillon 909c600e7dSMatthew Dillonload_rc_config $name 919c600e7dSMatthew Dillonrun_rc_command "$1" 92