From b7c15c31519dc44c1f691e0466badd556ffe9423 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 18:18:56 +0200 Subject: Adding upstream version 3.7.10. Signed-off-by: Daniel Baumann --- src/tls/tls_seed.c | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 src/tls/tls_seed.c (limited to 'src/tls/tls_seed.c') diff --git a/src/tls/tls_seed.c b/src/tls/tls_seed.c new file mode 100644 index 0000000..edb7cd9 --- /dev/null +++ b/src/tls/tls_seed.c @@ -0,0 +1,88 @@ +/*++ +/* NAME +/* tls_seed 3 +/* SUMMARY +/* TLS PRNG seeding routines +/* SYNOPSIS +/* #define TLS_INTERNAL +/* #include +/* +/* int tls_ext_seed(nbytes) +/* int nbytes; +/* +/* void tls_int_seed() +/* DESCRIPTION +/* tls_ext_seed() requests the specified number of bytes +/* from the tlsmgr(8) PRNG pool and updates the local PRNG. +/* The result is zero in case of success, -1 otherwise. +/* +/* tls_int_seed() mixes the process ID and time of day into +/* the PRNG pool. This adds a few bits of entropy with each +/* call, provided that the calls aren't made frequently. +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this +/* software. +/* AUTHOR(S) +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA +/*--*/ + +/* System library. */ + +#include +#include /* gettimeofday() */ +#include /* getpid() */ + +#ifdef USE_TLS + +/* OpenSSL library. */ + +#include /* RAND_seed() */ + +/* Utility library. */ + +#include +#include + +/* TLS library. */ + +#include +#define TLS_INTERNAL +#include + +/* Application-specific. */ + +/* tls_int_seed - add entropy to the pool by adding the time and PID */ + +void tls_int_seed(void) +{ + static struct { + pid_t pid; + struct timeval tv; + } randseed; + + if (randseed.pid == 0) + randseed.pid = getpid(); + GETTIMEOFDAY(&randseed.tv); + RAND_seed(&randseed, sizeof(randseed)); +} + +/* tls_ext_seed - request entropy from tlsmgr(8) server */ + +int tls_ext_seed(int nbytes) +{ + VSTRING *buf; + int status; + + buf = vstring_alloc(nbytes); + status = tls_mgr_seed(buf, nbytes); + RAND_seed(vstring_str(buf), VSTRING_LEN(buf)); + vstring_free(buf); + return (status == TLS_MGR_STAT_OK ? 0 : -1); +} + +#endif -- cgit v1.2.3