1*41fbaed0Stron /* $NetBSD: tls_seed.c,v 1.1.1.1 2009/06/23 10:08:57 tron Exp $ */ 2*41fbaed0Stron 3*41fbaed0Stron /*++ 4*41fbaed0Stron /* NAME 5*41fbaed0Stron /* tls_seed 3 6*41fbaed0Stron /* SUMMARY 7*41fbaed0Stron /* TLS PRNG seeding routines 8*41fbaed0Stron /* SYNOPSIS 9*41fbaed0Stron /* #define TLS_INTERNAL 10*41fbaed0Stron /* #include <tls.h> 11*41fbaed0Stron /* 12*41fbaed0Stron /* int tls_ext_seed(nbytes) 13*41fbaed0Stron /* int nbytes; 14*41fbaed0Stron /* 15*41fbaed0Stron /* void tls_int_seed() 16*41fbaed0Stron /* DESCRIPTION 17*41fbaed0Stron /* tls_ext_seed() requests the specified number of bytes 18*41fbaed0Stron /* from the tlsmgr(8) PRNG pool and updates the local PRNG. 19*41fbaed0Stron /* The result is zero in case of success, -1 otherwise. 20*41fbaed0Stron /* 21*41fbaed0Stron /* tls_int_seed() mixes the process ID and time of day into 22*41fbaed0Stron /* the PRNG pool. This adds a few bits of entropy with each 23*41fbaed0Stron /* call, provided that the calls aren't made frequently. 24*41fbaed0Stron /* LICENSE 25*41fbaed0Stron /* .ad 26*41fbaed0Stron /* .fi 27*41fbaed0Stron /* The Secure Mailer license must be distributed with this 28*41fbaed0Stron /* software. 29*41fbaed0Stron /* AUTHOR(S) 30*41fbaed0Stron /* Wietse Venema 31*41fbaed0Stron /* IBM T.J. Watson Research 32*41fbaed0Stron /* P.O. Box 704 33*41fbaed0Stron /* Yorktown Heights, NY 10598, USA 34*41fbaed0Stron /*--*/ 35*41fbaed0Stron 36*41fbaed0Stron /* System library. */ 37*41fbaed0Stron 38*41fbaed0Stron #include <sys_defs.h> 39*41fbaed0Stron #include <sys/time.h> /* gettimeofday() */ 40*41fbaed0Stron #include <unistd.h> /* getpid() */ 41*41fbaed0Stron 42*41fbaed0Stron #ifdef USE_TLS 43*41fbaed0Stron 44*41fbaed0Stron /* OpenSSL library. */ 45*41fbaed0Stron 46*41fbaed0Stron #include <openssl/rand.h> /* RAND_seed() */ 47*41fbaed0Stron 48*41fbaed0Stron /* Utility library. */ 49*41fbaed0Stron 50*41fbaed0Stron #include <msg.h> 51*41fbaed0Stron #include <vstring.h> 52*41fbaed0Stron 53*41fbaed0Stron /* TLS library. */ 54*41fbaed0Stron 55*41fbaed0Stron #include <tls_mgr.h> 56*41fbaed0Stron #define TLS_INTERNAL 57*41fbaed0Stron #include <tls.h> 58*41fbaed0Stron 59*41fbaed0Stron /* Application-specific. */ 60*41fbaed0Stron 61*41fbaed0Stron /* tls_int_seed - add entropy to the pool by adding the time and PID */ 62*41fbaed0Stron tls_int_seed(void)63*41fbaed0Stronvoid tls_int_seed(void) 64*41fbaed0Stron { 65*41fbaed0Stron static struct { 66*41fbaed0Stron pid_t pid; 67*41fbaed0Stron struct timeval tv; 68*41fbaed0Stron } randseed; 69*41fbaed0Stron 70*41fbaed0Stron if (randseed.pid == 0) 71*41fbaed0Stron randseed.pid = getpid(); 72*41fbaed0Stron GETTIMEOFDAY(&randseed.tv); 73*41fbaed0Stron RAND_seed(&randseed, sizeof(randseed)); 74*41fbaed0Stron } 75*41fbaed0Stron 76*41fbaed0Stron /* tls_ext_seed - request entropy from tlsmgr(8) server */ 77*41fbaed0Stron tls_ext_seed(int nbytes)78*41fbaed0Stronint tls_ext_seed(int nbytes) 79*41fbaed0Stron { 80*41fbaed0Stron VSTRING *buf; 81*41fbaed0Stron int status; 82*41fbaed0Stron 83*41fbaed0Stron buf = vstring_alloc(nbytes); 84*41fbaed0Stron status = tls_mgr_seed(buf, nbytes); 85*41fbaed0Stron RAND_seed(vstring_str(buf), VSTRING_LEN(buf)); 86*41fbaed0Stron vstring_free(buf); 87*41fbaed0Stron return (status == TLS_MGR_STAT_OK ? 0 : -1); 88*41fbaed0Stron } 89*41fbaed0Stron 90*41fbaed0Stron #endif 91