summaryrefslogtreecommitdiffstats
path: root/src/tls/tls_seed.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/tls/tls_seed.c')
-rw-r--r--src/tls/tls_seed.c88
1 files changed, 88 insertions, 0 deletions
diff --git a/src/tls/tls_seed.c b/src/tls/tls_seed.c
new file mode 100644
index 0000000..edb7cd9
--- /dev/null
+++ b/src/tls/tls_seed.c
@@ -0,0 +1,88 @@
+/*++
+/* NAME
+/* tls_seed 3
+/* SUMMARY
+/* TLS PRNG seeding routines
+/* SYNOPSIS
+/* #define TLS_INTERNAL
+/* #include <tls.h>
+/*
+/* int tls_ext_seed(nbytes)
+/* int nbytes;
+/*
+/* void tls_int_seed()
+/* DESCRIPTION
+/* tls_ext_seed() requests the specified number of bytes
+/* from the tlsmgr(8) PRNG pool and updates the local PRNG.
+/* The result is zero in case of success, -1 otherwise.
+/*
+/* tls_int_seed() mixes the process ID and time of day into
+/* the PRNG pool. This adds a few bits of entropy with each
+/* call, provided that the calls aren't made frequently.
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this
+/* software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*--*/
+
+/* System library. */
+
+#include <sys_defs.h>
+#include <sys/time.h> /* gettimeofday() */
+#include <unistd.h> /* getpid() */
+
+#ifdef USE_TLS
+
+/* OpenSSL library. */
+
+#include <openssl/rand.h> /* RAND_seed() */
+
+/* Utility library. */
+
+#include <msg.h>
+#include <vstring.h>
+
+/* TLS library. */
+
+#include <tls_mgr.h>
+#define TLS_INTERNAL
+#include <tls.h>
+
+/* Application-specific. */
+
+/* tls_int_seed - add entropy to the pool by adding the time and PID */
+
+void tls_int_seed(void)
+{
+ static struct {
+ pid_t pid;
+ struct timeval tv;
+ } randseed;
+
+ if (randseed.pid == 0)
+ randseed.pid = getpid();
+ GETTIMEOFDAY(&randseed.tv);
+ RAND_seed(&randseed, sizeof(randseed));
+}
+
+/* tls_ext_seed - request entropy from tlsmgr(8) server */
+
+int tls_ext_seed(int nbytes)
+{
+ VSTRING *buf;
+ int status;
+
+ buf = vstring_alloc(nbytes);
+ status = tls_mgr_seed(buf, nbytes);
+ RAND_seed(vstring_str(buf), VSTRING_LEN(buf));
+ vstring_free(buf);
+ return (status == TLS_MGR_STAT_OK ? 0 : -1);
+}
+
+#endif