1 files changed, 155 insertions, 0 deletions
diff --git a/src/tls/tls_prng_dev.c b/src/tls/tls_prng_dev.c
new file mode 100644
index 0000000..47abf47
--- /dev/null
+++ b/src/tls/tls_prng_dev.c
@@ -0,0 +1,155 @@
+/*++
+/* NAME
+/*	tls_prng_dev 3
+/* SUMMARY
+/*	seed OpenSSL PRNG from entropy device
+/* SYNOPSIS
+/*	#include <tls_prng_src.h>
+/*
+/*	TLS_PRNG_SRC *tls_prng_dev_open(name, timeout)
+/*	const char *name;
+/*	int	timeout;
+/*
+/*	ssize_t tls_prng_dev_read(dev, length)
+/*	TLS_PRNG_SRC *dev;
+/*	size_t length;
+/*
+/*	int	tls_prng_dev_close(dev)
+/*	TLS_PRNG_SRC *dev;
+/* DESCRIPTION
+/*	tls_prng_dev_open() opens the specified entropy device
+/*	and returns a handle that should be used with all subsequent
+/*	access.
+/*
+/*	tls_prng_dev_read() reads the requested number of bytes from
+/*	the entropy device and updates the OpenSSL PRNG.
+/*
+/*	tls_prng_dev_close() closes the specified entropy device
+/*	and releases memory that was allocated for the handle.
+/*
+/*	Arguments:
+/* .IP name
+/*	The pathname of the entropy device.
+/* .IP length
+/*	The number of bytes to read from the entropy device.
+/*	Request lengths will be truncated at 255 bytes.
+/* .IP timeout
+/*	Time limit on individual I/O operations.
+/* DIAGNOSTICS
+/*	tls_prng_dev_open() returns a null pointer on error.
+/*
+/*	tls_prng_dev_read() returns -1 on error, the number
+/*	of bytes received on success.
+/*
+/*	tls_prng_dev_close() returns -1 on error, 0 on success.
+/*
+/*	In all cases the errno variable indicates the type of error.
+/* LICENSE
+/* .ad
+/* .fi
+/*	The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/*	Wietse Venema
+/*	IBM T.J. Watson Research
+/*	P.O. Box 704
+/*	Yorktown Heights, NY 10598, USA
+/*--*/
+
+/* System library. */
+
+#include <sys_defs.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <limits.h>
+#include <errno.h>
+
+#ifndef UCHAR_MAX
+#define UCHAR_MAX 0xff
+#endif
+
+/* OpenSSL library. */
+
+#ifdef USE_TLS
+#include <openssl/rand.h>		/* For the PRNG */
+
+/* Utility library. */
+
+#include <msg.h>
+#include <mymalloc.h>
+#include <connect.h>
+#include <iostuff.h>
+
+/* TLS library. */
+
+#include <tls_prng.h>
+
+/* tls_prng_dev_open - open entropy device */
+
+TLS_PRNG_SRC *tls_prng_dev_open(const char *name, int timeout)
+{
+    const char *myname = "tls_prng_dev_open";
+    TLS_PRNG_SRC *dev;
+    int     fd;
+
+    if ((fd = open(name, O_RDONLY, 0)) < 0) {
+	if (msg_verbose)
+	    msg_info("%s: cannot open entropy device %s: %m", myname, name);
+	return (0);
+    } else {
+	dev = (TLS_PRNG_SRC *) mymalloc(sizeof(*dev));
+	dev->fd = fd;
+	dev->name = mystrdup(name);
+	dev->timeout = timeout;
+	if (msg_verbose)
+	    msg_info("%s: opened entropy device %s", myname, name);
+	return (dev);
+    }
+}
+
+/* tls_prng_dev_read - update internal PRNG from device */
+
+ssize_t tls_prng_dev_read(TLS_PRNG_SRC *dev, size_t len)
+{
+    const char *myname = "tls_prng_dev_read";
+    unsigned char buffer[UCHAR_MAX];
+    ssize_t count;
+    size_t  rand_bytes;
+
+    if (len <= 0)
+	msg_panic("%s: bad read length: %ld", myname, (long) len);
+
+    if (len > sizeof(buffer))
+	rand_bytes = sizeof(buffer);
+    else
+	rand_bytes = len;
+    errno = 0;
+    count = timed_read(dev->fd, buffer, rand_bytes, dev->timeout, (void *) 0);
+    if (count > 0) {
+	if (msg_verbose)
+	    msg_info("%s: read %ld bytes from entropy device %s",
+		     myname, (long) count, dev->name);
+	RAND_seed(buffer, count);
+    } else {
+	if (msg_verbose)
+	    msg_info("%s: cannot read %ld bytes from entropy device %s: %m",
+		     myname, (long) rand_bytes, dev->name);
+    }
+    return (count);
+}
+
+/* tls_prng_dev_close - disconnect from EGD server */
+
+int     tls_prng_dev_close(TLS_PRNG_SRC *dev)
+{
+    const char *myname = "tls_prng_dev_close";
+    int     err;
+
+    if (msg_verbose)
+	msg_info("%s: close entropy device %s", myname, dev->name);
+    err = close(dev->fd);
+    myfree(dev->name);
+    myfree((void *) dev);
+    return (err);
+}
+
+#endif