Add code to turn on the entropy harvesting sysctl's as early as possible

during the boot process. We're turning it on by default, based on the
actual presence of a configured ethernet card, and/or ppp/tun devices.
Of course, it's easy to disable in rc.conf.
This commit is contained in:
Doug Barton 2001-03-01 13:19:49 +00:00
parent 1edf3f9bdb
commit bbee5785ca
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=73277
2 changed files with 81 additions and 0 deletions

View File

@ -332,6 +332,9 @@ entropy_file="/entropy" # Set to NO to disable caching entropy through reboots.
entropy_dir="/var/db/entropy" # Set to NO to disable caching entropy via cron.
entropy_save_sz="2048" # Size of the entropy cache files.
entropy_save_num="8" # Number of entropy cache files to save.
harvest_interrupt="YES" # Entropy device harvests interrupt randomness
harvest_ethernet="" # Entropy device harvests ethernet randomness
harvest_p_to_p="" # Entropy device harvests point-to-point randomness
##############################################################
### Define source_rc_confs, the mechanism used by /etc/rc.* ##

78
etc/rc
View File

@ -107,6 +107,84 @@ chkdepend NFS nfs_server_enable portmap portmap_enable
chkdepend NIS nis_server_enable portmap portmap_enable
chkdepend NIS nis_client_enable portmap portmap_enable
# Enable harvesting of entropy via devices. The sooner this happens the
# better so that we can take advantage of the boot process.
#
echo -n 'Entropy harvesting:'
case ${harvest_interrupt} in
[Nn][Oo])
;;
*)
if [ -w /dev/random ]; then
/sbin/sysctl -w kern.random.sys.harvest_interrupt=1 >/dev/null
echo -n ' interrupts'
fi
;;
esac
# Steal some code from rc.network to help determine what to enable.
case ${network_interfaces} in
[Aa][Uu][Tt][Oo])
h_network_interfaces="`ifconfig -l`"
;;
*)
h_network_interfaces="${network_interfaces}"
;;
esac
case ${harvest_ethernet} in
[Nn][Oo])
;;
*)
do_ether_harvest=''
for h_ifn in ${h_network_interfaces}; do
eval h_ifconfig_args=\$ifconfig_${h_ifn}
case ${h_ifconfig_args} in
'')
;;
*)
do_ether_harvest=1
;;
esac
done
if [ -w /dev/random -a "${do_ether_harvest}" ]; then
/sbin/sysctl -w kern.random.sys.harvest_ethernet=1 >/dev/null
echo -n ' ethernet'
fi
;;
esac
case ${harvest_p_to_p} in
[Nn][Oo])
;;
*)
do_p_to_p_harvest=''
# Other than user ppp, tun* will already exist
case "${h_network_interfaces}" in
*tun0*)
do_p_to_p_harvest=1
;;
esac
case ${ppp_enable} in
[Yy][Ee][Ss])
do_p_to_p_harvest=1
;;
esac
if [ -w /dev/random -a "${do_p_to_p_harvest}" ]; then
/sbin/sysctl -w kern.random.sys.harvest_point_to_point=1 >/dev/null
echo -n ' point_to_point'
fi
;;
esac
echo '.'
# First pass at reseeding /dev/random.
#
# XXX temporary until we can get the entropy