Added -q and -v flags, updated help and man page

-q and --quiet flags to suppress error messages from rngd.c
-v and --verbose flags to list available entropy sources
help and man page reflect these changes and have minor fixes

4 files changed, 74 insertions, 16 deletions

diff --git a/rngd.8.in b/rngd.8.in
index 3575784..bbd9e3c 100644
--- a/rngd.8.in
+++ b/rngd.8.in
@@ -13,6 +13,9 @@ rngd \- Check and feed random data from hardware device to kernel random device
 [\fB\-r\fR, \fB\-\-rng-device=\fIfile\fR]
 [\fB\-s\fR, \fB\-\-random-step=\fInnn\fR]
 [\fB\-W\fR, \fB\-\-fill-watermark=\fInnn\fR]
+[\fB\-n\fR, \fB\-\-no-tpm=\fI1|0\fR]
+[\fB\-q\fR, \fB\-\-quiet\fR]
+[\fB\-v\fR, \fB\-\-verbose\fR]
 [\fB\-t\fR, \fB\-\-timeout=\fInnn\fR]
 [\fB\-?\fR, \fB\-\-help\fR]
 [\fB\-V\fR, \fB\-\-version\fR]
@@ -25,7 +28,7 @@ it is properly random.
 .PP
 The \fB\-f\fR or \fB\-\-foreground\fR options can be used to tell
 \fBrngd\fR to avoid forking on startup.  This is typically used for
-debugging.  The \fB\-f\fR or \fB\-\-foreground\fR options, which fork and put
+debugging.  The \fB\-b\fR or \fB\-\-background\fR options, which fork and put
 \fBrngd\fR into the background automatically, are the default.
 .PP
 The \fB\-r\fR or \fB\-\-rng-device\fR options can be used to select an
@@ -64,6 +67,15 @@ entropy pool.  Low values will hurt system performance during entropy
 starves.  Do not set \fIfill-watermark\fR above the size of the
 entropy pool (usually 4096 bits).
 .TP
+\fB\-n\fI 1|0\fR, \fB\-\-no-tpm=\fI1|0\fR
+Do not use tpm as a source of random number input (default:0)
+.TP
+\fB\-q\fR, \fB\-\-quiet\fR
+Suppress error messages
+.TP
+\fB\-v\fR, \fB\-\-verbose\fR
+Report available entropy sources
+.TP
 \fB\-t\fI nnn\fR, \fB\-\-timeout=\fInnn\fR
 Interval written to random-device when the entropy pool is full, in seconds, or 0 to disable (default: 60)
 .TP
@@ -79,4 +91,5 @@ Philipp Rumpf
 Jeff Garzik \- jgarzik@pobox.com
 .br
 Matt Sottek
-
+.br
+Brad Hill
diff --git a/rngd.c b/rngd.c
index d4cf870..90232f8 100644
--- a/rngd.c
+++ b/rngd.c
@@ -89,8 +89,12 @@ static struct argp_option options[] = {
 	{ "fill-watermark", 'W', "n", 0,
 	  "Do not stop feeding entropy to random-device until at least n bits of entropy are available in the pool (default: 2048), 0 <= n <= 4096" },
 
+	{ "quiet", 'q', 0, 0, "Suppress error messages" },
+
+	{ "verbose" ,'v', 0, 0, "Report available entropy sources" },
+
 	{ "timeout", 't', "nnn", 0,
-	  "Interval written to random-device when the entropy pool is full, in seconds (default: 60)" },
+	  "Interval written to random-device when the entropy pool is full, in seconds, or 0 to disable (default: 60)" },
 	{ "no-tpm", 'n', "1|0", 0,
 	  "do not use tpm as a source of random number input (default: 0)" },
 
@@ -104,6 +108,8 @@ static struct arguments default_arguments = {
 	.fill_watermark	= 2048,
 	.daemon		= 1,
 	.enable_tpm	= 1,
+	.quiet		= 0,
+	.verbose	= 0,
 };
 struct arguments *arguments = &default_arguments;
 
@@ -160,6 +166,12 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state)
 			arguments->fill_watermark = n;
 		break;
 	}
+	case 'q':
+		arguments->quiet = 1;
+		break;
+	case 'v':
+		arguments->verbose = 1;
+		break;
 	case 'n': {
 		int n;
 		if ((sscanf(arg,"%i", &n) == 0) || ((n | 1)!=1))
@@ -187,7 +199,8 @@ static int update_kernel_random(int random_step, double poll_timeout,
 
 	fips = fips_run_rng_test(fipsctx_in, buf);
 	if (fips) {
-		message(LOG_DAEMON|LOG_ERR, "failed fips test\n");
+		if (!arguments->quiet)
+			message(LOG_DAEMON|LOG_ERR, "failed fips test\n");
 		return 1;
 	}
 
@@ -202,7 +215,7 @@ static int update_kernel_random(int random_step, double poll_timeout,
 static void do_loop(int random_step, double poll_timeout)
 {
 	unsigned char buf[FIPS_RNG_BUFFER_SIZE];
-	int retval;
+	int retval = 0;
 	int no_work = 0;
 
 	while (no_work < 100) {
@@ -231,7 +244,8 @@ static void do_loop(int random_step, double poll_timeout)
 
 			iter->failures++;
 			if (iter->failures == MAX_RNG_FAILURES) {
-				message(LOG_DAEMON|LOG_ERR,
+				if (!arguments->quiet)
+					message(LOG_DAEMON|LOG_ERR,
 					"too many FIPS failures, disabling entropy source\n");
 				iter->disabled = true;
 			}
@@ -241,14 +255,17 @@ static void do_loop(int random_step, double poll_timeout)
 			no_work++;
 	}
 
-	message(LOG_DAEMON|LOG_ERR,
+	if (!arguments->quiet)
+		message(LOG_DAEMON|LOG_ERR,
 		"No entropy sources working, exiting rngd\n");
 }
 
 int main(int argc, char **argv)
 {
-	int rc_rng = 1;
-	int rc_tpm = 1;
+	int rc_rng = 0;
+	int rc_tpm = 0;
+
+	openlog("rngd", 0, LOG_DAEMON);
 
 	/* Parsing of commandline parameters */
 	argp_parse(&argp, argc, argv, 0, 0, arguments);
@@ -259,10 +276,28 @@ int main(int argc, char **argv)
 		rc_tpm = init_tpm_entropy_source(&rng_tpm);
 
 	if (rc_rng && rc_tpm) {
-		message(LOG_DAEMON|LOG_ERR,
-			"can't open entropy source(tpm or intel/amd rng)");
-		message(LOG_DAEMON|LOG_ERR,
-			"Maybe RNG device modules are not loaded\n");
+		if (!arguments->quiet) {
+			message(LOG_DAEMON|LOG_ERR,
+				"can't open entropy source(tpm or intel/amd rng)");
+			message(LOG_DAEMON|LOG_ERR,
+				"Maybe RNG device modules are not loaded\n");
+		}
+		return 1;
+	}
+	
+	if (arguments->verbose) {
+		printf("Available entropy sources:\n");
+		if (!rc_rng)
+			printf("\tIntel/AMD hardware rng\n");
+		if (!rc_tpm)
+			printf("\tTPM\n");
+	}
+
+	if (rc_rng 
+		&& (rc_tpm || !arguments->enable_tpm)) {
+		if (!arguments->quiet)
+			message(LOG_DAEMON|LOG_ERR,
+		"No entropy source available, shutting down\n");
 		return 1;
 	}
 
@@ -273,12 +308,11 @@ int main(int argc, char **argv)
 		am_daemon = 1;
 
 		if (daemon(0, 0) < 0) {
-			fprintf(stderr, "can't daemonize: %s\n",
+			if(!arguments->quiet)
+				fprintf(stderr, "can't daemonize: %s\n",
 				strerror(errno));
 			return 1;
 		}
-
-		openlog("rngd", 0, LOG_DAEMON);
 	}
 
 	do_loop(arguments->random_step,
diff --git a/rngd.h b/rngd.h
index bcc6f59..60a9861 100644
--- a/rngd.h
+++ b/rngd.h
@@ -45,6 +45,8 @@ struct arguments {
 	int fill_watermark;
 	double poll_timeout;
 
+	int quiet;
+	int verbose;
 	int daemon;
 	int enable_tpm;
 };
diff --git a/rngd_entsource.c b/rngd_entsource.c
index 9d07691..0b2bb59 100644
--- a/rngd_entsource.c
+++ b/rngd_entsource.c
@@ -125,6 +125,13 @@ int xread_tpm(void *buf, size_t size, struct rng *ent_src)
 			goto error_out;
 		}
 		r = read(ent_src->rng_fd, temp_buf,size);
+		if (r <= 0) {
+			message(LOG_ERR|LOG_INFO,
+			"Error reading from TPM, no entropy gathered");
+			retval = -1;
+			goto error_out;
+		}
+
 		r = (r - TPM_GET_RNG_OVERHEAD);
 		bytes_read = bytes_read + r;
 		if (bytes_read > size) {
@@ -184,6 +191,8 @@ int init_tpm_entropy_source(struct rng *ent_src)
 {
 	ent_src->rng_fd = open(ent_src->rng_name, O_RDWR);
 	if (ent_src->rng_fd == -1) {
+		message(LOG_ERR|LOG_INFO,"Unable to open file: %s",
+			ent_src->rng_name);
 		return 1;
 	}
 	src_list_add(ent_src);