tls_prng_dev.c

[詳解]

/*++
/* NAME
/*  tls_prng_dev 3
/* SUMMARY
/*  seed OpenSSL PRNG from entropy device
/* SYNOPSIS
/*  #include <tls_prng_src.h>
/*
/*  TLS_PRNG_SRC *tls_prng_dev_open(name, timeout)
/*  const char *name;
/*  int timeout;
/*
/*  ssize_t tls_prng_dev_read(dev, length)
/*  TLS_PRNG_SRC *dev;
/*  size_t length;
/*
/*  int tls_prng_dev_close(dev)
/*  TLS_PRNG_SRC *dev;
/* DESCRIPTION
/*  tls_prng_dev_open() opens the specified entropy device
/*  and returns a handle that should be used with all subsequent
/*  access.
/*
/*  tls_prng_dev_read() reads the requested number of bytes from
/*  the entropy device and updates the OpenSSL PRNG.
/*
/*  tls_prng_dev_close() closes the specified entropy device
/*  and releases memory that was allocated for the handle.
/*
/*  Arguments:
/* .IP name
/*  The pathname of the entropy device.
/* .IP length
/*  The number of bytes to read from the entropy device.
/*  Request lengths will be truncated at 255 bytes.
/* .IP timeout
/*  Time limit on individual I/O operations.
/* DIAGNOSTICS
/*  tls_prng_dev_open() returns a null pointer on error.
/*
/*  tls_prng_dev_read() returns -1 on error, the number
/*  of bytes received on success.
/*
/*  tls_prng_dev_close() returns -1 on error, 0 on success.
/*
/*  In all cases the errno variable indicates the type of error.
/* LICENSE
/* .ad
/* .fi
/*  The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/*  Wietse Venema
/*  IBM T.J. Watson Research
/*  P.O. Box 704
/*  Yorktown Heights, NY 10598, USA
/*--*/

/* System library. */

#include <sys_defs.h>
#include <fcntl.h>
#include <unistd.h>
#include <limits.h>
#include <errno.h>

#ifndef UCHAR_MAX
#define UCHAR_MAX 0xff
#endif

/* OpenSSL library. */

#ifdef USE_TLS
#include <openssl/rand.h>       /* For the PRNG */

/* Utility library. */

#include <msg.h>
#include <mymalloc.h>
#include <connect.h>
#include <iostuff.h>

/* TLS library. */

#include <tls_prng.h>

/* tls_prng_dev_open - open entropy device */

TLS_PRNG_SRC *tls_prng_dev_open(const char *name, int timeout)
{
    const char *myname = "tls_prng_dev_open";
    TLS_PRNG_SRC *dev;
    int     fd;

    if ((fd = open(name, O_RDONLY, 0)) < 0) {
    if (msg_verbose)
        msg_info("%s: cannot open entropy device %s: %m", myname, name);
    return (0);
    } else {
    dev = (TLS_PRNG_SRC *) mymalloc(sizeof(*dev));
    dev->fd = fd;
    dev->name = mystrdup(name);
    dev->timeout = timeout;
    if (msg_verbose)
        msg_info("%s: opened entropy device %s", myname, name);
    return (dev);
    }
}

/* tls_prng_dev_read - update internal PRNG from device */

ssize_t tls_prng_dev_read(TLS_PRNG_SRC *dev, size_t len)
{
    const char *myname = "tls_prng_dev_read";
    unsigned char buffer[UCHAR_MAX];
    ssize_t count;
    size_t  rand_bytes;

    if (len <= 0)
    msg_panic("%s: bad read length: %ld", myname, (long) len);

    if (len > sizeof(buffer))
    rand_bytes = sizeof(buffer);
    else
    rand_bytes = len;
    errno = 0;
    count = timed_read(dev->fd, buffer, rand_bytes, dev->timeout, (void *) 0);
    if (count > 0) {
    if (msg_verbose)
        msg_info("%s: read %ld bytes from entropy device %s",
             myname, (long) count, dev->name);
    RAND_seed(buffer, count);
    } else {
    if (msg_verbose)
        msg_info("%s: cannot read %ld bytes from entropy device %s: %m",
             myname, (long) rand_bytes, dev->name);
    }
    return (count);
}

/* tls_prng_dev_close - disconnect from EGD server */

int     tls_prng_dev_close(TLS_PRNG_SRC *dev)
{
    const char *myname = "tls_prng_dev_close";
    int     err;

    if (msg_verbose)
    msg_info("%s: close entropy device %s", myname, dev->name);
    err = close(dev->fd);
    myfree(dev->name);
    myfree((void *) dev);
    return (err);
}

#endif