/*++
/* NAME
/*	tls_seed 3
/* SUMMARY
/*	TLS PRNG seeding routines
/* SYNOPSIS
/*	#define TLS_INTERNAL
/*	#include <tls.h>
/*
/*	int	tls_ext_seed(nbytes)
/*	int	nbytes;
/*
/*	void	tls_int_seed()
/* DESCRIPTION
/*	tls_ext_seed() requests the specified number of bytes
/*	from the tlsmgr(8) PRNG pool and updates the local PRNG.
/*	The result is zero in case of success, -1 otherwise.
/*
/*	tls_int_seed() mixes the process ID and time of day into
/*	the PRNG pool. This adds a few bits of entropy with each
/*	call, provided that the calls aren't made frequently.
/* LICENSE
/* .ad
/* .fi
/*	The Secure Mailer license must be distributed with this
/*	software.
/* AUTHOR(S)
/*	Wietse Venema
/*	IBM T.J. Watson Research
/*	P.O. Box 704
/*	Yorktown Heights, NY 10598, USA
/*--*/

/* System library. */

#include <sys_defs.h>
#include <sys/time.h>			/* gettimeofday() */
#include <unistd.h>			/* getpid() */

#ifdef USE_TLS

/* OpenSSL library. */

#include <openssl/rand.h>		/* RAND_seed() */

/* Utility library. */

#include <msg.h>
#include <vstring.h>

/* TLS library. */

#include <tls_mgr.h>
#define TLS_INTERNAL
#include <tls.h>

/* Application-specific. */

/* tls_int_seed - add entropy to the pool by adding the time and PID */

void    tls_int_seed(void)
{
    static struct {
	pid_t   pid;
	struct timeval tv;
    }       randseed;

    if (randseed.pid == 0)
	randseed.pid = getpid();
    GETTIMEOFDAY(&randseed.tv);
    RAND_seed(&randseed, sizeof(randseed));
}

/* tls_ext_seed - request entropy from tlsmgr(8) server */

int     tls_ext_seed(int nbytes)
{
    VSTRING *buf;
    int     status;

    buf = vstring_alloc(nbytes);
    status = tls_mgr_seed(buf, nbytes);
    RAND_seed(vstring_str(buf), VSTRING_LEN(buf));
    vstring_free(buf);
    return (status == TLS_MGR_STAT_OK ? 0 : -1);
}

#endif