From bbee5785ca40b1433b30e7ac49b998df2a5e6875 Mon Sep 17 00:00:00 2001 From: Doug Barton Date: Thu, 1 Mar 2001 13:19:49 +0000 Subject: [PATCH] Add code to turn on the entropy harvesting sysctl's as early as possible during the boot process. We're turning it on by default, based on the actual presence of a configured ethernet card, and/or ppp/tun devices. Of course, it's easy to disable in rc.conf. --- etc/defaults/rc.conf | 3 ++ etc/rc | 78 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 81 insertions(+) diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index 0607ba928d9c..47789db4fc60 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -332,6 +332,9 @@ entropy_file="/entropy" # Set to NO to disable caching entropy through reboots. entropy_dir="/var/db/entropy" # Set to NO to disable caching entropy via cron. entropy_save_sz="2048" # Size of the entropy cache files. entropy_save_num="8" # Number of entropy cache files to save. +harvest_interrupt="YES" # Entropy device harvests interrupt randomness +harvest_ethernet="" # Entropy device harvests ethernet randomness +harvest_p_to_p="" # Entropy device harvests point-to-point randomness ############################################################## ### Define source_rc_confs, the mechanism used by /etc/rc.* ## diff --git a/etc/rc b/etc/rc index 3155f34a4e24..630e226eb44b 100644 --- a/etc/rc +++ b/etc/rc @@ -107,6 +107,84 @@ chkdepend NFS nfs_server_enable portmap portmap_enable chkdepend NIS nis_server_enable portmap portmap_enable chkdepend NIS nis_client_enable portmap portmap_enable +# Enable harvesting of entropy via devices. The sooner this happens the +# better so that we can take advantage of the boot process. +# +echo -n 'Entropy harvesting:' + +case ${harvest_interrupt} in +[Nn][Oo]) + ;; +*) + if [ -w /dev/random ]; then + /sbin/sysctl -w kern.random.sys.harvest_interrupt=1 >/dev/null + echo -n ' interrupts' + fi + ;; +esac + +# Steal some code from rc.network to help determine what to enable. +case ${network_interfaces} in +[Aa][Uu][Tt][Oo]) + h_network_interfaces="`ifconfig -l`" + ;; +*) + h_network_interfaces="${network_interfaces}" + ;; +esac + +case ${harvest_ethernet} in +[Nn][Oo]) + ;; +*) + do_ether_harvest='' + + for h_ifn in ${h_network_interfaces}; do + eval h_ifconfig_args=\$ifconfig_${h_ifn} + case ${h_ifconfig_args} in + '') + ;; + *) + do_ether_harvest=1 + ;; + esac + done + + if [ -w /dev/random -a "${do_ether_harvest}" ]; then + /sbin/sysctl -w kern.random.sys.harvest_ethernet=1 >/dev/null + echo -n ' ethernet' + fi + ;; +esac + +case ${harvest_p_to_p} in +[Nn][Oo]) + ;; +*) + do_p_to_p_harvest='' + + # Other than user ppp, tun* will already exist + case "${h_network_interfaces}" in + *tun0*) + do_p_to_p_harvest=1 + ;; + esac + + case ${ppp_enable} in + [Yy][Ee][Ss]) + do_p_to_p_harvest=1 + ;; + esac + + if [ -w /dev/random -a "${do_p_to_p_harvest}" ]; then + /sbin/sysctl -w kern.random.sys.harvest_point_to_point=1 >/dev/null + echo -n ' point_to_point' + fi + ;; +esac + +echo '.' + # First pass at reseeding /dev/random. # # XXX temporary until we can get the entropy