tls_seed.c

[詳解]

/*++
/* NAME
/*  tls_seed 3
/* SUMMARY
/*  TLS PRNG seeding routines
/* SYNOPSIS
/*  #define TLS_INTERNAL
/*  #include <tls.h>
/*
/*  int tls_ext_seed(nbytes)
/*  int nbytes;
/*
/*  void    tls_int_seed()
/* DESCRIPTION
/*  tls_ext_seed() requests the specified number of bytes
/*  from the tlsmgr(8) PRNG pool and updates the local PRNG.
/*  The result is zero in case of success, -1 otherwise.
/*
/*  tls_int_seed() mixes the process ID and time of day into
/*  the PRNG pool. This adds a few bits of entropy with each
/*  call, provided that the calls aren't made frequently.
/* LICENSE
/* .ad
/* .fi
/*  The Secure Mailer license must be distributed with this
/*  software.
/* AUTHOR(S)
/*  Wietse Venema
/*  IBM T.J. Watson Research
/*  P.O. Box 704
/*  Yorktown Heights, NY 10598, USA
/*--*/

/* System library. */

#include <sys_defs.h>
#include <sys/time.h>           /* gettimeofday() */
#include <unistd.h>         /* getpid() */

#ifdef USE_TLS

/* OpenSSL library. */

#include <openssl/rand.h>       /* RAND_seed() */

/* Utility library. */

#include <msg.h>
#include <vstring.h>

/* TLS library. */

#include <tls_mgr.h>
#define TLS_INTERNAL
#include <tls.h>

/* Application-specific. */

/* tls_int_seed - add entropy to the pool by adding the time and PID */

void    tls_int_seed(void)
{
    static struct {
    pid_t   pid;
    struct timeval tv;
    }       randseed;

    if (randseed.pid == 0)
    randseed.pid = getpid();
    GETTIMEOFDAY(&randseed.tv);
    RAND_seed(&randseed, sizeof(randseed));
}

/* tls_ext_seed - request entropy from tlsmgr(8) server */

int     tls_ext_seed(int nbytes)
{
    VSTRING *buf;
    int     status;

    buf = vstring_alloc(nbytes);
    status = tls_mgr_seed(buf, nbytes);
    RAND_seed(vstring_str(buf), VSTRING_LEN(buf));
    vstring_free(buf);
    return (status == TLS_MGR_STAT_OK ? 0 : -1);
}

#endif