1 /*++ 2 /* NAME 3 /* tls_seed 3 4 /* SUMMARY 5 /* TLS PRNG seeding routines 6 /* SYNOPSIS 7 /* #define TLS_INTERNAL 8 /* #include <tls.h> 9 /* 10 /* int tls_ext_seed(nbytes) 11 /* int nbytes; 12 /* 13 /* void tls_int_seed() 14 /* DESCRIPTION 15 /* tls_ext_seed() requests the specified number of bytes 16 /* from the tlsmgr(8) PRNG pool and updates the local PRNG. 17 /* The result is zero in case of success, -1 otherwise. 18 /* 19 /* tls_int_seed() mixes the process ID and time of day into 20 /* the PRNG pool. This adds a few bits of entropy with each 21 /* call, provided that the calls aren't made frequently. 22 /* LICENSE 23 /* .ad 24 /* .fi 25 /* The Secure Mailer license must be distributed with this 26 /* software. 27 /* AUTHOR(S) 28 /* Wietse Venema 29 /* IBM T.J. Watson Research 30 /* P.O. Box 704 31 /* Yorktown Heights, NY 10598, USA 32 /*--*/ 33 34 /* System library. */ 35 36 #include <sys_defs.h> 37 #include <sys/time.h> /* gettimeofday() */ 38 #include <unistd.h> /* getpid() */ 39 40 #ifdef USE_TLS 41 42 /* OpenSSL library. */ 43 44 #include <openssl/rand.h> /* RAND_seed() */ 45 46 /* Utility library. */ 47 48 #include <msg.h> 49 #include <vstring.h> 50 51 /* TLS library. */ 52 53 #include <tls_mgr.h> 54 #define TLS_INTERNAL 55 #include <tls.h> 56 57 /* Application-specific. */ 58 59 /* tls_int_seed - add entropy to the pool by adding the time and PID */ 60 tls_int_seed(void)61void tls_int_seed(void) 62 { 63 static struct { 64 pid_t pid; 65 struct timeval tv; 66 } randseed; 67 68 if (randseed.pid == 0) 69 randseed.pid = getpid(); 70 GETTIMEOFDAY(&randseed.tv); 71 RAND_seed(&randseed, sizeof(randseed)); 72 } 73 74 /* tls_ext_seed - request entropy from tlsmgr(8) server */ 75 tls_ext_seed(int nbytes)76int tls_ext_seed(int nbytes) 77 { 78 VSTRING *buf; 79 int status; 80 81 buf = vstring_alloc(nbytes); 82 status = tls_mgr_seed(buf, nbytes); 83 RAND_seed(vstring_str(buf), VSTRING_LEN(buf)); 84 vstring_free(buf); 85 return (status == TLS_MGR_STAT_OK ? 0 : -1); 86 } 87 88 #endif 89