src/tls/tls_prng_file.c

*e89934bbSchristos/*	$NetBSD: tls_prng_file.c,v 1.2 2017/02/14 01:16:48 christos Exp $	*/
41fbaed0Stron
41fbaed0Stron/*++
41fbaed0Stron/* NAME
41fbaed0Stron/*	tls_prng_file 3
41fbaed0Stron/* SUMMARY
41fbaed0Stron/*	seed OpenSSL PRNG from entropy file
41fbaed0Stron/* SYNOPSIS
41fbaed0Stron/*	#include <tls_prng_src.h>
41fbaed0Stron/*
41fbaed0Stron/*	TLS_PRNG_SRC *tls_prng_file_open(name, timeout)
41fbaed0Stron/*	const char *name;
41fbaed0Stron/*	int	timeout;
41fbaed0Stron/*
41fbaed0Stron/*	ssize_t tls_prng_file_read(fh, length)
41fbaed0Stron/*	TLS_PRNG_SRC *fh;
41fbaed0Stron/*	size_t length;
41fbaed0Stron/*
41fbaed0Stron/*	int	tls_prng_file_close(fh)
41fbaed0Stron/*	TLS_PRNG_SRC *fh;
41fbaed0Stron/* DESCRIPTION
41fbaed0Stron/*	tls_prng_file_open() open the specified file and returns
41fbaed0Stron/*	a handle that should be used with all subsequent access.
41fbaed0Stron/*
41fbaed0Stron/*	tls_prng_file_read() reads the requested number of bytes from
41fbaed0Stron/*	the entropy file and updates the OpenSSL PRNG. The file is not
41fbaed0Stron/*	locked for shared or exclusive access.
41fbaed0Stron/*
41fbaed0Stron/*	tls_prng_file_close() closes the specified entropy file
41fbaed0Stron/*	and releases memory that was allocated for the handle.
41fbaed0Stron/*
41fbaed0Stron/*	Arguments:
41fbaed0Stron/* .IP name
41fbaed0Stron/*	The pathname of the entropy file.
41fbaed0Stron/* .IP length
41fbaed0Stron/*	The number of bytes to read from the entropy file.
41fbaed0Stron/* .IP timeout
41fbaed0Stron/*	Time limit on individual I/O operations.
41fbaed0Stron/* DIAGNOSTICS
41fbaed0Stron/*	tls_prng_file_open() returns a null pointer on error.
41fbaed0Stron/*
41fbaed0Stron/*	tls_prng_file_read() returns -1 on error, the number
41fbaed0Stron/*	of bytes received on success.
41fbaed0Stron/*
41fbaed0Stron/*	tls_prng_file_close() returns -1 on error, 0 on success.
41fbaed0Stron/*
41fbaed0Stron/*	In all cases the errno variable indicates the type of error.
41fbaed0Stron/* LICENSE
41fbaed0Stron/* .ad
41fbaed0Stron/* .fi
41fbaed0Stron/*	The Secure Mailer license must be distributed with this software.
41fbaed0Stron/* AUTHOR(S)
41fbaed0Stron/*	Wietse Venema
41fbaed0Stron/*	IBM T.J. Watson Research
41fbaed0Stron/*	P.O. Box 704
41fbaed0Stron/*	Yorktown Heights, NY 10598, USA
41fbaed0Stron/*--*/
41fbaed0Stron
41fbaed0Stron/* System library. */
41fbaed0Stron
41fbaed0Stron#include <sys_defs.h>
41fbaed0Stron#include <fcntl.h>
41fbaed0Stron#include <unistd.h>
41fbaed0Stron#include <limits.h>
41fbaed0Stron#include <errno.h>
41fbaed0Stron
41fbaed0Stron/* OpenSSL library. */
41fbaed0Stron
41fbaed0Stron#ifdef USE_TLS
41fbaed0Stron#include <openssl/rand.h>		/* For the PRNG */
41fbaed0Stron
41fbaed0Stron/* Utility library. */
41fbaed0Stron
41fbaed0Stron#include <msg.h>
41fbaed0Stron#include <mymalloc.h>
41fbaed0Stron#include <connect.h>
41fbaed0Stron#include <iostuff.h>
41fbaed0Stron
41fbaed0Stron/* TLS library. */
41fbaed0Stron
41fbaed0Stron#include <tls_prng.h>
41fbaed0Stron
41fbaed0Stron/* tls_prng_file_open - open entropy file */
41fbaed0Stron
41fbaed0StronTLS_PRNG_SRC *tls_prng_file_open(const char *name, int timeout)
41fbaed0Stron{
41fbaed0Stron    const char *myname = "tls_prng_file_open";
41fbaed0Stron    TLS_PRNG_SRC *fh;
41fbaed0Stron    int     fd;
41fbaed0Stron
41fbaed0Stron    if ((fd = open(name, O_RDONLY, 0)) < 0) {
41fbaed0Stron	if (msg_verbose)
41fbaed0Stron	    msg_info("%s: cannot open entropy file %s: %m", myname, name);
41fbaed0Stron	return (0);
41fbaed0Stron    } else {
41fbaed0Stron	fh = (TLS_PRNG_SRC *) mymalloc(sizeof(*fh));
41fbaed0Stron	fh->fd = fd;
41fbaed0Stron	fh->name = mystrdup(name);
41fbaed0Stron	fh->timeout = timeout;
41fbaed0Stron	if (msg_verbose)
41fbaed0Stron	    msg_info("%s: opened entropy file %s", myname, name);
41fbaed0Stron	return (fh);
41fbaed0Stron    }
41fbaed0Stron}
41fbaed0Stron
41fbaed0Stron/* tls_prng_file_read - update internal PRNG from entropy file */
41fbaed0Stron
41fbaed0Stronssize_t tls_prng_file_read(TLS_PRNG_SRC *fh, size_t len)
41fbaed0Stron{
41fbaed0Stron    const char *myname = "tls_prng_file_read";
41fbaed0Stron    char    buffer[8192];
41fbaed0Stron    ssize_t to_read;
41fbaed0Stron    ssize_t count;
41fbaed0Stron
41fbaed0Stron    if (msg_verbose)
41fbaed0Stron	msg_info("%s: seed internal pool from file %s", myname, fh->name);
41fbaed0Stron
41fbaed0Stron    if (lseek(fh->fd, 0, SEEK_SET) < 0) {
41fbaed0Stron	if (msg_verbose)
41fbaed0Stron	    msg_info("cannot seek entropy file %s: %m", fh->name);
41fbaed0Stron	return (-1);
41fbaed0Stron    }
41fbaed0Stron    errno = 0;
41fbaed0Stron    for (to_read = len; to_read > 0; to_read -= count) {
41fbaed0Stron	if ((count = timed_read(fh->fd, buffer, to_read > sizeof(buffer) ?
41fbaed0Stron				sizeof(buffer) : to_read,
41fbaed0Stron				fh->timeout, (void *) 0)) < 0) {
41fbaed0Stron	    if (msg_verbose)
41fbaed0Stron		msg_info("cannot read entropy file %s: %m", fh->name);
41fbaed0Stron	    return (-1);
41fbaed0Stron	}
41fbaed0Stron	if (count == 0)
41fbaed0Stron	    break;
41fbaed0Stron	RAND_seed(buffer, count);
41fbaed0Stron    }
41fbaed0Stron    if (msg_verbose)
41fbaed0Stron	msg_info("read %ld bytes from entropy file %s: %m",
41fbaed0Stron		 (long) (len - to_read), fh->name);
41fbaed0Stron    return (len - to_read);
41fbaed0Stron}
41fbaed0Stron
41fbaed0Stron/* tls_prng_file_close - close entropy file */
41fbaed0Stron
41fbaed0Stronint     tls_prng_file_close(TLS_PRNG_SRC *fh)
41fbaed0Stron{
41fbaed0Stron    const char *myname = "tls_prng_file_close";
41fbaed0Stron    int     err;
41fbaed0Stron
41fbaed0Stron    if (msg_verbose)
41fbaed0Stron	msg_info("%s: close entropy file %s", myname, fh->name);
41fbaed0Stron    err = close(fh->fd);
41fbaed0Stron    myfree(fh->name);
e262b48eSchristos    myfree((void *) fh);
41fbaed0Stron    return (err);
41fbaed0Stron}
41fbaed0Stron
41fbaed0Stron#endif