1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
|
/*++
/* NAME
/* tls_prng_dev 3
/* SUMMARY
/* seed OpenSSL PRNG from entropy device
/* SYNOPSIS
/* #include <tls_prng_src.h>
/*
/* TLS_PRNG_SRC *tls_prng_dev_open(name, timeout)
/* const char *name;
/* int timeout;
/*
/* ssize_t tls_prng_dev_read(dev, length)
/* TLS_PRNG_SRC *dev;
/* size_t length;
/*
/* int tls_prng_dev_close(dev)
/* TLS_PRNG_SRC *dev;
/* DESCRIPTION
/* tls_prng_dev_open() opens the specified entropy device
/* and returns a handle that should be used with all subsequent
/* access.
/*
/* tls_prng_dev_read() reads the requested number of bytes from
/* the entropy device and updates the OpenSSL PRNG.
/*
/* tls_prng_dev_close() closes the specified entropy device
/* and releases memory that was allocated for the handle.
/*
/* Arguments:
/* .IP name
/* The pathname of the entropy device.
/* .IP length
/* The number of bytes to read from the entropy device.
/* Request lengths will be truncated at 255 bytes.
/* .IP timeout
/* Time limit on individual I/O operations.
/* DIAGNOSTICS
/* tls_prng_dev_open() returns a null pointer on error.
/*
/* tls_prng_dev_read() returns -1 on error, the number
/* of bytes received on success.
/*
/* tls_prng_dev_close() returns -1 on error, 0 on success.
/*
/* In all cases the errno variable indicates the type of error.
/* LICENSE
/* .ad
/* .fi
/* The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*--*/
/* System library. */
#include <sys_defs.h>
#include <fcntl.h>
#include <unistd.h>
#include <limits.h>
#include <errno.h>
#ifndef UCHAR_MAX
#define UCHAR_MAX 0xff
#endif
/* OpenSSL library. */
#ifdef USE_TLS
#include <openssl/rand.h> /* For the PRNG */
/* Utility library. */
#include <msg.h>
#include <mymalloc.h>
#include <connect.h>
#include <iostuff.h>
/* TLS library. */
#include <tls_prng.h>
/* tls_prng_dev_open - open entropy device */
TLS_PRNG_SRC *tls_prng_dev_open(const char *name, int timeout)
{
const char *myname = "tls_prng_dev_open";
TLS_PRNG_SRC *dev;
int fd;
if ((fd = open(name, O_RDONLY, 0)) < 0) {
if (msg_verbose)
msg_info("%s: cannot open entropy device %s: %m", myname, name);
return (0);
} else {
dev = (TLS_PRNG_SRC *) mymalloc(sizeof(*dev));
dev->fd = fd;
dev->name = mystrdup(name);
dev->timeout = timeout;
if (msg_verbose)
msg_info("%s: opened entropy device %s", myname, name);
return (dev);
}
}
/* tls_prng_dev_read - update internal PRNG from device */
ssize_t tls_prng_dev_read(TLS_PRNG_SRC *dev, size_t len)
{
const char *myname = "tls_prng_dev_read";
unsigned char buffer[UCHAR_MAX];
ssize_t count;
size_t rand_bytes;
if (len <= 0)
msg_panic("%s: bad read length: %ld", myname, (long) len);
if (len > sizeof(buffer))
rand_bytes = sizeof(buffer);
else
rand_bytes = len;
errno = 0;
count = timed_read(dev->fd, buffer, rand_bytes, dev->timeout, (void *) 0);
if (count > 0) {
if (msg_verbose)
msg_info("%s: read %ld bytes from entropy device %s",
myname, (long) count, dev->name);
RAND_seed(buffer, count);
} else {
if (msg_verbose)
msg_info("%s: cannot read %ld bytes from entropy device %s: %m",
myname, (long) rand_bytes, dev->name);
}
return (count);
}
/* tls_prng_dev_close - disconnect from EGD server */
int tls_prng_dev_close(TLS_PRNG_SRC *dev)
{
const char *myname = "tls_prng_dev_close";
int err;
if (msg_verbose)
msg_info("%s: close entropy device %s", myname, dev->name);
err = close(dev->fd);
myfree(dev->name);
myfree((void *) dev);
return (err);
}
#endif
|