3 /*-
22  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
91 	fprintf(stderr, "usage: %s [-CEce] [-d devname | -t devtype]\n",  in usage()
93 	fprintf(stderr, "       %s [-lsv] [-d devname | -t devtype]\n",  in usage()
95 	fprintf(stderr, "       %s [-i] -L save-file\n", getprogname());  in usage()
96 	fprintf(stderr, "       %s -S save-file\n", getprogname());  in usage()
107 	while (a->a_name != NULL) {  in find_type()
108 		if (strcmp(a->a_name, name) == 0)  in find_type()
109 			return (a->a_type);  in find_type()
124 	while (a->a_name != NULL) {  in find_name()
125 		if (type == a->a_type)  in find_name()
126 			return (a->a_name);  in find_name()
150 	if ((fd_random = open(_PATH_URANDOM, O_RDONLY)) == -1) {  in update_seed()
152 		return -1;  in update_seed()
156 	if (ioctl(fd_random, RNDGETENTCNT, &systementropy) == -1) {  in update_seed()
163 		if (nread == -1)  in update_seed()
167 		return -1;  in update_seed()
171 	if (close(fd_random) == -1)  in update_seed()
173 	fd_random = -1;		/* paranoia */  in update_seed()
177 	 * the seed data.  in update_seed()
186 	 * Report an upper bound on the min-entropy of the seed data.  in update_seed()
188 	 * entropy -- the system state and the extra input may or may  in update_seed()
189 	 * not be independent, so we can't add them -- and clamp to the  in update_seed()
199 	 * Compute the checksum on the 32-bit entropy count, followed  in update_seed()
200 	 * by the seed data.  in update_seed()
210 	 * This way either the old seed or the new seed is completely  in update_seed()
216 	 * disclosed, no big deal -- either the pool was predictable to  in update_seed()
222 		if (unlink(tmp) == -1)  in update_seed()
224 		if (nwrit == -1)  in update_seed()
228 		return -1;  in update_seed()
231 	if (fsync_range(fd_seed, FDATASYNC|FDISKSYNC, 0, 0) == -1) {  in update_seed()
233 		if (unlink(tmp) == -1)  in update_seed()
236 		return -1;  in update_seed()
238 	if (close(fd_seed) == -1)  in update_seed()
242 	if (rename(tmp, filename) == -1) {  in update_seed()
244 		return -1;  in update_seed()
259 		(const int[]){1}, sizeof(int)) == -1)  in do_save()
266 	/* Create a temporary seed file.  */  in do_save()
267 	if ((fd_seed = open(tmp, O_CREAT|O_TRUNC|O_WRONLY, 0600)) == -1)  in do_save()
268 		err(1, "open seed file to save");  in do_save()
270 	/* Update the seed.  Abort on failure.  */  in do_save()
271 	if (update_seed(filename, fd_seed, tmp, NULL, 0, 0) == -1)  in do_save()
289 	 * 1. Load the old seed.  in do_load()
290 	 * 2. Feed the old seed into the kernel.  in do_load()
291 	 * 3. Generate and write a new seed.  in do_load()
292 	 * 4. Erase the old seed if we can.  in do_load()
298 	 *	`Update Seed File'.  in do_load()
300 	 * Additionally, we zero the seed's stored entropy estimate if  in do_load()
301 	 * it appears to be on a read-only medium.  in do_load()
308 	/* Create a new seed file or determine the medium is read-only. */  in do_load()
309 	if ((fd_new = open(tmp, O_CREAT|O_TRUNC|O_WRONLY, 0600)) == -1) {  in do_load()
310 		warn("update seed file");  in do_load()
315 	 * 1. Load the old seed.  in do_load()
317 	if ((fd_old = open(filename, O_RDWR)) == -1) {  in do_load()
320 		    (fd_old = open(filename, O_RDONLY)) == -1)  in do_load()
321 			err(1, "open seed file to load");  in do_load()
322 		if (fd_new != -1)  in do_load()
323 			warnc(error, "can't overwrite old seed file");  in do_load()
327 		if (nread == -1)  in do_load()
328 			err(1, "read seed");  in do_load()
330 			errx(1, "seed too short");  in do_load()
341 		 * the seed in anyway, but act as though it has zero  in do_load()
350 	 * If the entropy is insensibly large, try byte-swapping.  in do_load()
366 	/* Fail later on if there's no entropy in the seed.  */  in do_load()
368 		warnx("no entropy in seed");  in do_load()
377 	 * 2. Feed the old seed into the kernel.  in do_load()
381 	 * to have full entropy, so that the updated seed will  in do_load()
388 	if ((fd_random = open(_PATH_URANDOM, O_WRONLY)) == -1)  in do_load()
390 	if (ioctl(fd_random, RNDADDDATA, &rd) == -1)  in do_load()
393 	if (close(fd_random) == -1)  in do_load()
395 	fd_random = -1;		/* paranoia */  in do_load()
398 	 * 3. Generate and write a new seed.  in do_load()
400 	if (fd_new == -1 ||  in do_load()
402 		rs.entropy) == -1)  in do_load()
406 	 * 4. Erase the old seed.  in do_load()
408 	 * Only effective if we're on a fixed-address file system like  in do_load()
409 	 * ffs -- doesn't help to erase the data on lfs, but doesn't  in do_load()
410 	 * hurt either.  No need to unlink because update_seed will  in do_load()
417 			if (nwrit == -1)  in do_load()
418 				err(1, "overwrite old seed");  in do_load()
422 		if (fsync_range(fd_old, FDATASYNC|FDISKSYNC, 0, 0) == -1)  in do_load()
465 	if (str[strlen(str) - 2] == ',')  in strflags()
466 		str[strlen(str) - 2] = '\0';  in strflags()
476 	printf("%-16s ", source->rt.name);  in do_print_source()
477 	printf("%10" PRIu32 " ", source->rt.total);  in do_print_source()
478 	printf("%10" PRIu32 " ", source->dt_samples + source->dv_samples);  in do_print_source()
479 	printf("%-6s ", find_name(source->rt.type));  in do_print_source()
480 	printf("%s\n", strflags(source->rt.total, source->rt.flags));  in do_print_source()
486 	printf("\tDt samples = %d\n", source->dt_samples);  in do_print_source_verbose()
487 	printf("\tDt bits = %d\n", source->dt_total);  in do_print_source_verbose()
488 	printf("\tDv samples = %d\n", source->dv_samples);  in do_print_source_verbose()
489 	printf("\tDv bits = %d\n", source->dv_total);  in do_print_source_verbose()
577 		errx(1, "SHA-3 self-test failed");  in main()
588 	while ((ch = getopt(argc, argv, "CES:L:celit:d:sv")) != -1) {  in main()
654 	argc -= optind;  in main()
658 	 * No leftover non-option arguments.  in main()
664 	 * -i makes sense only with -L.  in main()
692 	 * Bomb out on no-ops.  in main()