]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/random-seed/random-seed.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2010 Lennart Poettering
14 #include "alloc-util.h"
19 #include "string-util.h"
22 #define POOL_SIZE_MIN 512
24 int main(int argc
, char *argv
[]) {
25 _cleanup_close_
int seed_fd
= -1, random_fd
= -1;
26 _cleanup_free_
void* buf
= NULL
;
31 bool refresh_seed_file
= true;
34 log_error("This program requires one argument.");
38 log_set_target(LOG_TARGET_AUTO
);
39 log_parse_environment();
44 /* Read pool size, if possible */
45 f
= fopen("/proc/sys/kernel/random/poolsize", "re");
47 if (fscanf(f
, "%zu", &buf_size
) > 0)
48 /* poolsize is in bits on 2.6, but we want bytes */
54 if (buf_size
<= POOL_SIZE_MIN
)
55 buf_size
= POOL_SIZE_MIN
;
57 buf
= malloc(buf_size
);
63 r
= mkdir_parents_label(RANDOM_SEED
, 0755);
65 log_error_errno(r
, "Failed to create directory " RANDOM_SEED_DIR
": %m");
69 /* When we load the seed we read it and write it to the device
70 * and then immediately update the saved seed with new data,
71 * to make sure the next boot gets seeded differently. */
73 if (streq(argv
[1], "load")) {
75 seed_fd
= open(RANDOM_SEED
, O_RDWR
|O_CLOEXEC
|O_NOCTTY
|O_CREAT
, 0600);
76 open_rw_error
= -errno
;
78 refresh_seed_file
= false;
80 seed_fd
= open(RANDOM_SEED
, O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
82 bool missing
= errno
== ENOENT
;
84 log_full_errno(missing
? LOG_DEBUG
: LOG_ERR
,
85 open_rw_error
, "Failed to open " RANDOM_SEED
" for writing: %m");
86 r
= log_full_errno(missing
? LOG_DEBUG
: LOG_ERR
,
87 errno
, "Failed to open " RANDOM_SEED
" for reading: %m");
95 random_fd
= open("/dev/urandom", O_RDWR
|O_CLOEXEC
|O_NOCTTY
, 0600);
97 random_fd
= open("/dev/urandom", O_WRONLY
|O_CLOEXEC
|O_NOCTTY
, 0600);
99 r
= log_error_errno(errno
, "Failed to open /dev/urandom: %m");
104 k
= loop_read(seed_fd
, buf
, buf_size
, false);
106 r
= log_error_errno(k
, "Failed to read seed from " RANDOM_SEED
": %m");
109 log_debug("Seed file " RANDOM_SEED
" not yet initialized, proceeding.");
111 (void) lseek(seed_fd
, 0, SEEK_SET
);
113 r
= loop_write(random_fd
, buf
, (size_t) k
, false);
115 log_error_errno(r
, "Failed to write seed to /dev/urandom: %m");
118 } else if (streq(argv
[1], "save")) {
120 seed_fd
= open(RANDOM_SEED
, O_WRONLY
|O_CLOEXEC
|O_NOCTTY
|O_CREAT
, 0600);
122 r
= log_error_errno(errno
, "Failed to open " RANDOM_SEED
": %m");
126 random_fd
= open("/dev/urandom", O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
128 r
= log_error_errno(errno
, "Failed to open /dev/urandom: %m");
133 log_error("Unknown verb '%s'.", argv
[1]);
138 if (refresh_seed_file
) {
140 /* This is just a safety measure. Given that we are root and
141 * most likely created the file ourselves the mode and owner
142 * should be correct anyway. */
143 (void) fchmod(seed_fd
, 0600);
144 (void) fchown(seed_fd
, 0, 0);
146 k
= loop_read(random_fd
, buf
, buf_size
, false);
148 r
= log_error_errno(k
, "Failed to read new seed from /dev/urandom: %m");
152 log_error("Got EOF while reading from /dev/urandom.");
157 r
= loop_write(seed_fd
, buf
, (size_t) k
, false);
159 log_error_errno(r
, "Failed to write new random seed file: %m");
163 return r
< 0 ? EXIT_FAILURE
: EXIT_SUCCESS
;