1/*++ 2/* NAME 3/* tls_seed 3 4/* SUMMARY 5/* TLS PRNG seeding routines 6/* SYNOPSIS 7/* #define TLS_INTERNAL 8/* #include <tls.h> 9/* 10/* int tls_ext_seed(nbytes) 11/* int nbytes; 12/* 13/* void tls_int_seed() 14/* DESCRIPTION 15/* tls_ext_seed() requests the specified number of bytes 16/* from the tlsmgr(8) PRNG pool and updates the local PRNG. 17/* The result is zero in case of success, -1 otherwise. 18/* 19/* tls_int_seed() mixes the process ID and time of day into 20/* the PRNG pool. This adds a few bits of entropy with each 21/* call, provided that the calls aren't made frequently. 22/* LICENSE 23/* .ad 24/* .fi 25/* The Secure Mailer license must be distributed with this 26/* software. 27/* AUTHOR(S) 28/* Wietse Venema 29/* IBM T.J. Watson Research 30/* P.O. Box 704 31/* Yorktown Heights, NY 10598, USA 32/*--*/ 33 34/* System library. */ 35 36#include <sys_defs.h> 37#include <sys/time.h> /* gettimeofday() */ 38#include <unistd.h> /* getpid() */ 39 40#ifdef USE_TLS 41 42/* OpenSSL library. */ 43 44#include <openssl/rand.h> /* RAND_seed() */ 45 46/* Utility library. */ 47 48#include <msg.h> 49#include <vstring.h> 50 51/* TLS library. */ 52 53#include <tls_mgr.h> 54#define TLS_INTERNAL 55#include <tls.h> 56 57/* Application-specific. */ 58 59/* tls_int_seed - add entropy to the pool by adding the time and PID */ 60 61void tls_int_seed(void) 62{ 63 static struct { 64 pid_t pid; 65 struct timeval tv; 66 } randseed; 67 68 if (randseed.pid == 0) 69 randseed.pid = getpid(); 70 GETTIMEOFDAY(&randseed.tv); 71 RAND_seed(&randseed, sizeof(randseed)); 72} 73 74/* tls_ext_seed - request entropy from tlsmgr(8) server */ 75 76int tls_ext_seed(int nbytes) 77{ 78 VSTRING *buf; 79 int status; 80 81 buf = vstring_alloc(nbytes); 82 status = tls_mgr_seed(buf, nbytes); 83 RAND_seed(vstring_str(buf), VSTRING_LEN(buf)); 84 vstring_free(buf); 85 return (status == TLS_MGR_STAT_OK ? 0 : -1); 86} 87 88#endif 89