[openssh.git] / entropy.c

/*
 * Copyright (c) 2000 Damien Miller.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *      This product includes software developed by Markus Friedl.
 * 4. The name of the author may not be used to endorse or promote products
 *    derived from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include "includes.h"

#include "ssh.h"
#include "xmalloc.h"

#include <openssl/rand.h>
#include <openssl/sha.h>

RCSID("$Id$");

#ifdef EGD_SOCKET
#ifndef offsetof
# define offsetof(type, member) ((size_t) &((type *)0)->member)
#endif
/* Collect entropy from EGD */
void get_random_bytes(unsigned char *buf, int len)
{
	static int egd_socket = -1;
	int c;
	char egd_message[2] = { 0x02, 0x00 };
	struct sockaddr_un addr;
	int addr_len;

	memset(&addr, '\0', sizeof(addr));
	addr.sun_family = AF_UNIX;
	
	/* FIXME: compile time check? */
	if (sizeof(EGD_SOCKET) > sizeof(addr.sun_path))
		fatal("Random pool path is too long");
	
	strcpy(addr.sun_path, EGD_SOCKET);
	
	addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(EGD_SOCKET);
	
	if (egd_socket == -1) {
		egd_socket = socket(AF_UNIX, SOCK_STREAM, 0);
		if (egd_socket == -1)
			fatal("Couldn't create AF_UNIX socket: %s", strerror(errno));
		if (connect(egd_socket, (struct sockaddr*)&addr, addr_len) == -1)
			fatal("Couldn't connect to EGD socket \"%s\": %s", addr.sun_path, strerror(errno));
	}	

	if (len > 255)
		fatal("Too many bytes to read from EGD");
	
	/* Send blocking read request to EGD */
	egd_message[1] = len;

	c = atomicio(write, egd_socket, egd_message, sizeof(egd_message));
	if (c == -1)
		fatal("Couldn't write to EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno));

	c = atomicio(read, egd_socket, buf, len);
	if (c <= 0)
		fatal("Couldn't read from EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno));
	
	close(EGD_SOCKET);
}
#else /* !EGD_SOCKET */
#ifdef RANDOM_POOL
/* Collect entropy from /dev/urandom or pipe */
void get_random_bytes(unsigned char *buf, int len)
{
	static int random_pool = -1;
	int c;

	if (random_pool == -1) {
		random_pool = open(RANDOM_POOL, O_RDONLY);
		if (random_pool == -1)
			fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
	}
	
	c = atomicio(read, random_pool, buf, len);
	if (c <= 0)
		fatal("Couldn't read from random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
}
#endif /* RANDOM_POOL */
#endif /* EGD_SOCKET */

#if !defined(EGD_SOCKET) && !defined(RANDOM_POOL)
/* 
 * FIXME: proper entropy estimations. All current values are guesses
 * FIXME: Need timeout for slow moving programs
 * FIXME: More entropy sources
 */

double stir_from_system(void);
double stir_from_programs(void);
double stir_gettimeofday(double entropy_estimate);
double stir_clock(double entropy_estimate);
double stir_rusage(int who, double entropy_estimate);
double hash_output_from_command(const char *path, const char **args, char *hash);

typedef struct
{
	/* Proportion of data that is entropy */
	double rate;
	/* Path to executable */
	const char *path;
	/* argv to pass to executable */
	const char *args[5];
} entropy_source_t;

entropy_source_t entropy_sources[] = {
#ifdef PROG_LS
	{ 0.002, PROG_LS,       { "ls", "-alni", "/var/log", NULL } },
	{ 0.002, PROG_LS,       { "ls", "-alni", "/var/adm", NULL } },
	{ 0.002, PROG_LS,       { "ls", "-alni", "/var/mail", NULL } },
	{ 0.002, PROG_LS,       { "ls", "-alni", "/var/spool/mail", NULL } },
	{ 0.002, PROG_LS,       { "ls", "-alni", "/proc", NULL } },
	{ 0.002, PROG_LS,       { "ls", "-alni", "/tmp", NULL } },
#endif
#ifdef PROG_NETSTAT
	{ 0.005, PROG_NETSTAT,  { "netstat","-an", NULL, NULL } },
	{ 0.010, PROG_NETSTAT,  { "netstat","-in", NULL, NULL } },
	{ 0.002, PROG_NETSTAT,  { "netstat","-rn", NULL, NULL } },
	{ 0.002, PROG_NETSTAT,  { "netstat","-s", NULL, NULL } },
#endif
#ifdef PROG_ARP
	{ 0.002, PROG_ARP,      { "arp","-a","-n", NULL } },
#endif
#ifdef PROG_IFCONFIG
	{ 0.002, PROG_IFCONFIG, { "ifconfig", "-a", NULL, NULL } },
#endif
#ifdef PROG_PS
	{ 0.003, PROG_PS,       { "ps", "laxww", NULL, NULL } },
	{ 0.003, PROG_PS,       { "ps", "-al", NULL, NULL } },
	{ 0.003, PROG_PS,       { "ps", "-efl", NULL, NULL } },
#endif
#ifdef PROG_W
	{ 0.005, PROG_W,        { "w", NULL, NULL, NULL } },
#endif
#ifdef PROG_WHO
	{ 0.001, PROG_WHO,      { "who","-i", NULL, NULL } },
#endif
#ifdef PROG_LAST
	{ 0.001, PROG_LAST,     { "last", NULL, NULL, NULL } },
#endif
#ifdef PROG_LASTLOG
	{ 0.001, PROG_LASTLOG,  { "lastlog", NULL, NULL, NULL } },
#endif
#ifdef PROG_DF
	{ 0.010, PROG_DF,       { "df", NULL, NULL, NULL } },
	{ 0.010, PROG_DF,       { "df", "-i", NULL, NULL } },
#endif
#ifdef PROG_VMSTAT
	{ 0.010, PROG_VMSTAT,   { "vmstat", NULL, NULL, NULL } },
#endif
#ifdef PROG_UPTIME
	{ 0.001, PROG_UPTIME,   { "uptime", NULL, NULL, NULL } },
#endif
#ifdef PROG_IPCS
	{ 0.001, PROG_IPCS,     { "-a", NULL, NULL, NULL } },
#endif
#ifdef PROG_TAIL
	{ 0.001, PROG_TAIL,     { "tail", "-200", "/var/log/messages", NULL, NULL } },
	{ 0.001, PROG_TAIL,     { "tail", "-200", "/var/log/syslog", NULL, NULL } },
	{ 0.001, PROG_TAIL,     { "tail", "-200", "/var/adm/messages", NULL, NULL } },
	{ 0.001, PROG_TAIL,     { "tail", "-200", "/var/adm/syslog", NULL, NULL } },
	{ 0.001, PROG_TAIL,     { "tail", "-200", "/var/log/maillog", NULL, NULL } },
	{ 0.001, PROG_TAIL,     { "tail", "-200", "/var/adm/maillog", NULL, NULL } },
#endif
	{ 0.000, NULL,          { NULL, NULL, NULL, NULL, NULL } },
};

double 
stir_from_system(void)
{
	double total_entropy_estimate;
	long int i;
	
	total_entropy_estimate = 0;
	
	i = getpid();
	RAND_add(&i, sizeof(i), 0.1);
	total_entropy_estimate += 0.1;
	
	i = getppid();
	RAND_add(&i, sizeof(i), 0.1);
	total_entropy_estimate += 0.1;

	i = getuid();
	RAND_add(&i, sizeof(i), 0.0);
	i = getgid();
	RAND_add(&i, sizeof(i), 0.0);

	total_entropy_estimate += stir_gettimeofday(1.0);
	total_entropy_estimate += stir_clock(0.2);
	total_entropy_estimate += stir_rusage(RUSAGE_SELF, 2.0);

	return(total_entropy_estimate);
}

double 
stir_from_programs(void)
{
	int i;
	int c;
	double entropy_estimate;
	double total_entropy_estimate;
	char hash[SHA_DIGEST_LENGTH];

	/*
	 * Run through list of programs twice to catch differences
	 */
	total_entropy_estimate = 0;
	for(i = 0; i < 2; i++) {
		c = 0;
		while (entropy_sources[c].path != NULL) {
			/* Hash output from command */
			entropy_estimate = hash_output_from_command(entropy_sources[c].path,
				entropy_sources[c].args, hash);

			/* Scale back entropy estimate according to command's rate */
			entropy_estimate *= entropy_sources[c].rate;
 
			/* Upper bound of entropy estimate is SHA_DIGEST_LENGTH */
			if (entropy_estimate > SHA_DIGEST_LENGTH)
				entropy_estimate = SHA_DIGEST_LENGTH;

 			/* * Scale back estimates for subsequent passes through list */
			entropy_estimate /= 10.0 * (i + 1.0);
			
			/* Stir it in */
			RAND_add(hash, sizeof(hash), entropy_estimate);

/* FIXME: turn this off later */
#if 1
			debug("Got %0.2f bytes of entropy from %s", entropy_estimate, 
				entropy_sources[c].path);
#endif

			total_entropy_estimate += entropy_estimate;

			/* Execution times should be a little unpredictable */
			total_entropy_estimate += stir_gettimeofday(0.05);
			total_entropy_estimate += stir_clock(0.05);
			total_entropy_estimate += stir_rusage(RUSAGE_SELF, 0.1);
			total_entropy_estimate += stir_rusage(RUSAGE_CHILDREN, 0.1);
			
			c++;
		}
	}
	
	return(total_entropy_estimate);
}

double
stir_gettimeofday(double entropy_estimate)
{
	struct timeval tv;
	
	if (gettimeofday(&tv, NULL) == -1)
		fatal("Couldn't gettimeofday: %s", strerror(errno));

	RAND_add(&tv, sizeof(tv), entropy_estimate);
	
	return(entropy_estimate);
}

double
stir_clock(double entropy_estimate)
{
#ifdef HAVE_CLOCK
	clock_t c;
	
	c = clock();
	RAND_add(&c, sizeof(c), entropy_estimate);
	
	return(entropy_estimate);
#else /* _HAVE_CLOCK */
	return(0);
#endif /* _HAVE_CLOCK */
}

double
stir_rusage(int who, double entropy_estimate)
{
#ifdef HAVE_GETRUSAGE
	struct rusage ru;
	
   if (getrusage(who, &ru) == -1)
		fatal("Couldn't getrusage: %s", strerror(errno));

	RAND_add(&ru, sizeof(ru), 0.1);

	return(entropy_estimate);
#else /* _HAVE_GETRUSAGE */
	return(0);
#endif /* _HAVE_GETRUSAGE */
}

double
hash_output_from_command(const char *path, const char **args, char *hash)
{
	static int devnull = -1;
	int p[2];
	pid_t pid;
	int status;
	char buf[2048];
	int bytes_read;
	int total_bytes_read;
	SHA_CTX sha;
	
	if (devnull == -1) {
		devnull = open("/dev/null", O_RDWR);
		if (devnull == -1)
			fatal("Couldn't open /dev/null: %s", strerror(errno));
	}
	
	if (pipe(p) == -1)
		fatal("Couldn't open pipe: %s", strerror(errno));

	switch (pid = fork()) {
		case -1: /* Error */
			close(p[0]);
			close(p[1]);
			fatal("Couldn't fork: %s", strerror(errno));
			/* NOTREACHED */
		case 0: /* Child */
			close(0);
			close(1);
			close(2);
			dup2(devnull, 0);
			dup2(p[1], 1);
			dup2(p[1], 2);
			close(p[0]);
			close(p[1]);
			close(devnull);

			execv(path, (char**)args);
			debug("(child) Couldn't exec '%s': %s", path, strerror(errno));
			_exit(-1);
		default: /* Parent */
			break;
	}

	RAND_add(&pid, sizeof(&pid), 0.0);

	close(p[1]);

	/* Hash output from child */
	SHA1_Init(&sha);
	total_bytes_read = 0;
	while ((bytes_read = read(p[0], buf, sizeof(buf)))	> 0) {
		SHA1_Update(&sha, buf, bytes_read);
		total_bytes_read += bytes_read;
		RAND_add(&bytes_read, sizeof(&bytes_read), 0.0);
	}
	SHA1_Final(hash, &sha);

	close(p[0]);
	
	if (waitpid(pid, &status, 0) == -1) {
		error("Couldn't wait for child '%s' completion: %s", path, 
			strerror(errno));
		return(-1);
	}

	RAND_add(&status, sizeof(&status), 0.0);

	if (!WIFEXITED(status) || (WEXITSTATUS(status) != 0))
		return(0.0);
	else
		return(total_bytes_read);
}
#endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */

#if defined(EGD_SOCKET) || defined(RANDOM_POOL)
/*
 * Seed OpenSSL's random number pool from Kernel random number generator
 * or EGD
 */
void
seed_rng(void)
{
	char buf[32];
	
	debug("Seeding random number generator");
	get_random_bytes(buf, sizeof(buf));
	RAND_add(buf, sizeof(buf), sizeof(buf));
	memset(buf, '\0', sizeof(buf));
}
#else /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */
/*
 * Conditionally Seed OpenSSL's random number pool syscalls and program output
 */
void
seed_rng(void)
{
	debug("Seeding random number generator.");
	debug("OpenSSL random status is now %i\n", RAND_status());
	debug("%i bytes from system calls", (int)stir_from_system());
	debug("%i bytes from programs", (int)stir_from_programs());
	debug("OpenSSL random status is now %i\n", RAND_status());
}
#endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */
Commit	Line	Data
bfc9a610	1	/*
	2	* Copyright (c) 2000 Damien Miller. All rights reserved.
	3	*
	4	* Redistribution and use in source and binary forms, with or without
	5	* modification, are permitted provided that the following conditions
	6	* are met:
	7	* 1. Redistributions of source code must retain the above copyright
	8	* notice, this list of conditions and the following disclaimer.
	9	* 2. Redistributions in binary form must reproduce the above copyright
	10	* notice, this list of conditions and the following disclaimer in the
	11	* documentation and/or other materials provided with the distribution.
	12	* 3. All advertising materials mentioning features or use of this software
	13	* must display the following acknowledgement:
	14	* This product includes software developed by Markus Friedl.
	15	* 4. The name of the author may not be used to endorse or promote products
	16	* derived from this software without specific prior written permission.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	19	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	20	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	21	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	22	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	23	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	24	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	25	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	26	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	27	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	28	*/
	29
	30	#include "includes.h"
	31
	32	#include "ssh.h"
	33	#include "xmalloc.h"
	34
35484284	35	#include <openssl/rand.h>
35484284	36	#include <openssl/sha.h>
bfc9a610	37
	38	RCSID("$Id$");
	39
	40	#ifdef EGD_SOCKET
	41	#ifndef offsetof
	42	# define offsetof(type, member) ((size_t) &((type *)0)->member)
	43	#endif
	44	/* Collect entropy from EGD */
	45	void get_random_bytes(unsigned char *buf, int len)
	46	{
	47	static int egd_socket = -1;
	48	int c;
	49	char egd_message[2] = { 0x02, 0x00 };
	50	struct sockaddr_un addr;
	51	int addr_len;
	52
	53	memset(&addr, '\0', sizeof(addr));
	54	addr.sun_family = AF_UNIX;
	55
	56	/* FIXME: compile time check? */
	57	if (sizeof(EGD_SOCKET) > sizeof(addr.sun_path))
	58	fatal("Random pool path is too long");
	59
	60	strcpy(addr.sun_path, EGD_SOCKET);
	61
	62	addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(EGD_SOCKET);
	63
	64	if (egd_socket == -1) {
	65	egd_socket = socket(AF_UNIX, SOCK_STREAM, 0);
	66	if (egd_socket == -1)
	67	fatal("Couldn't create AF_UNIX socket: %s", strerror(errno));
	68	if (connect(egd_socket, (struct sockaddr*)&addr, addr_len) == -1)
	69	fatal("Couldn't connect to EGD socket \"%s\": %s", addr.sun_path, strerror(errno));
	70	}
	71
	72	if (len > 255)
	73	fatal("Too many bytes to read from EGD");
	74
	75	/* Send blocking read request to EGD */
	76	egd_message[1] = len;
	77
	78	c = atomicio(write, egd_socket, egd_message, sizeof(egd_message));
	79	if (c == -1)
	80	fatal("Couldn't write to EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno));
	81
	82	c = atomicio(read, egd_socket, buf, len);
	83	if (c <= 0)
	84	fatal("Couldn't read from EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno));
	85
	86	close(EGD_SOCKET);
	87	}
	88	#else /* !EGD_SOCKET */
	89	#ifdef RANDOM_POOL
	90	/* Collect entropy from /dev/urandom or pipe */
	91	void get_random_bytes(unsigned char *buf, int len)
	92	{
	93	static int random_pool = -1;
	94	int c;
	95
	96	if (random_pool == -1) {
	97	random_pool = open(RANDOM_POOL, O_RDONLY);
	98	if (random_pool == -1)
	99	fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
	100	}
101
bfc9a610	102	c = atomicio(read, random_pool, buf, len);
	103	if (c <= 0)
	104	fatal("Couldn't read from random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
	105	}
	106	#endif /* RANDOM_POOL */
	107	#endif /* EGD_SOCKET */
	108
	109	#if !defined(EGD_SOCKET) && !defined(RANDOM_POOL)
	110	/*
	111	* FIXME: proper entropy estimations. All current values are guesses
	112	* FIXME: Need timeout for slow moving programs
	113	* FIXME: More entropy sources
	114	*/
	115
	116	double stir_from_system(void);
	117	double stir_from_programs(void);
	118	double stir_gettimeofday(double entropy_estimate);
	119	double stir_clock(double entropy_estimate);
	120	double stir_rusage(int who, double entropy_estimate);
	121	double hash_output_from_command(const char path, const char args, char hash);
	122
	123	typedef struct
	124	{
	125	/* Proportion of data that is entropy */
	126	double rate;
	127	/* Path to executable */
	128	const char *path;
	129	/* argv to pass to executable */
	130	const char *args[5];
	131	} entropy_source_t;
	132
	133	entropy_source_t entropy_sources[] = {
	134	#ifdef PROG_LS
	135	{ 0.002, PROG_LS, { "ls", "-alni", "/var/log", NULL } },
	136	{ 0.002, PROG_LS, { "ls", "-alni", "/var/adm", NULL } },
	137	{ 0.002, PROG_LS, { "ls", "-alni", "/var/mail", NULL } },
	138	{ 0.002, PROG_LS, { "ls", "-alni", "/var/spool/mail", NULL } },
	139	{ 0.002, PROG_LS, { "ls", "-alni", "/proc", NULL } },
	140	{ 0.002, PROG_LS, { "ls", "-alni", "/tmp", NULL } },
	141	#endif
	142	#ifdef PROG_NETSTAT
	143	{ 0.005, PROG_NETSTAT, { "netstat","-an", NULL, NULL } },
	144	{ 0.010, PROG_NETSTAT, { "netstat","-in", NULL, NULL } },
	145	{ 0.002, PROG_NETSTAT, { "netstat","-rn", NULL, NULL } },
	146	{ 0.002, PROG_NETSTAT, { "netstat","-s", NULL, NULL } },
	147	#endif
	148	#ifdef PROG_ARP
	149	{ 0.002, PROG_ARP, { "arp","-a","-n", NULL } },
	150	#endif
	151	#ifdef PROG_IFCONFIG
	152	{ 0.002, PROG_IFCONFIG, { "ifconfig", "-a", NULL, NULL } },
	153	#endif
	154	#ifdef PROG_PS
	155	{ 0.003, PROG_PS, { "ps", "laxww", NULL, NULL } },
	156	{ 0.003, PROG_PS, { "ps", "-al", NULL, NULL } },
	157	{ 0.003, PROG_PS, { "ps", "-efl", NULL, NULL } },
	158	#endif
	159	#ifdef PROG_W
	160	{ 0.005, PROG_W, { "w", NULL, NULL, NULL } },
	161	#endif
	162	#ifdef PROG_WHO
	163	{ 0.001, PROG_WHO, { "who","-i", NULL, NULL } },
	164	#endif
	165	#ifdef PROG_LAST
166	{ 0.001, PROG_LAST, { "last", NULL, NULL, NULL } },
167	#endif
168	#ifdef PROG_LASTLOG
169	{ 0.001, PROG_LASTLOG, { "lastlog", NULL, NULL, NULL } },
170	#endif
171	#ifdef PROG_DF
172	{ 0.010, PROG_DF, { "df", NULL, NULL, NULL } },
173	{ 0.010, PROG_DF, { "df", "-i", NULL, NULL } },
174	#endif
175	#ifdef PROG_VMSTAT
176	{ 0.010, PROG_VMSTAT, { "vmstat", NULL, NULL, NULL } },
177	#endif
178	#ifdef PROG_UPTIME
179	{ 0.001, PROG_UPTIME, { "uptime", NULL, NULL, NULL } },
180	#endif
181	#ifdef PROG_IPCS
182	{ 0.001, PROG_IPCS, { "-a", NULL, NULL, NULL } },
183	#endif
184	#ifdef PROG_TAIL
185	{ 0.001, PROG_TAIL, { "tail", "-200", "/var/log/messages", NULL, NULL } },
186	{ 0.001, PROG_TAIL, { "tail", "-200", "/var/log/syslog", NULL, NULL } },
187	{ 0.001, PROG_TAIL, { "tail", "-200", "/var/adm/messages", NULL, NULL } },
188	{ 0.001, PROG_TAIL, { "tail", "-200", "/var/adm/syslog", NULL, NULL } },
189	{ 0.001, PROG_TAIL, { "tail", "-200", "/var/log/maillog", NULL, NULL } },
190	{ 0.001, PROG_TAIL, { "tail", "-200", "/var/adm/maillog", NULL, NULL } },
191	#endif
192	{ 0.000, NULL, { NULL, NULL, NULL, NULL, NULL } },
193	};
194
bfc9a610	195	double
	196	stir_from_system(void)
	197	{
	198	double total_entropy_estimate;
	199	long int i;
	200
	201	total_entropy_estimate = 0;
	202
	203	i = getpid();
	204	RAND_add(&i, sizeof(i), 0.1);
	205	total_entropy_estimate += 0.1;
	206
	207	i = getppid();
	208	RAND_add(&i, sizeof(i), 0.1);
	209	total_entropy_estimate += 0.1;
	210
	211	i = getuid();
	212	RAND_add(&i, sizeof(i), 0.0);
	213	i = getgid();
	214	RAND_add(&i, sizeof(i), 0.0);
	215
	216	total_entropy_estimate += stir_gettimeofday(1.0);
	217	total_entropy_estimate += stir_clock(0.2);
	218	total_entropy_estimate += stir_rusage(RUSAGE_SELF, 2.0);
	219
	220	return(total_entropy_estimate);
	221	}
	222
	223	double
	224	stir_from_programs(void)
	225	{
	226	int i;
	227	int c;
	228	double entropy_estimate;
	229	double total_entropy_estimate;
	230	char hash[SHA_DIGEST_LENGTH];
	231
	232	/*
	233	* Run through list of programs twice to catch differences
	234	*/
	235	total_entropy_estimate = 0;
	236	for(i = 0; i < 2; i++) {
	237	c = 0;
	238	while (entropy_sources[c].path != NULL) {
	239	/* Hash output from command */
	240	entropy_estimate = hash_output_from_command(entropy_sources[c].path,
	241	entropy_sources[c].args, hash);
	242
	243	/* Scale back entropy estimate according to command's rate */
	244	entropy_estimate *= entropy_sources[c].rate;
	245
	246	/* Upper bound of entropy estimate is SHA_DIGEST_LENGTH */
	247	if (entropy_estimate > SHA_DIGEST_LENGTH)
	248	entropy_estimate = SHA_DIGEST_LENGTH;
	249
	250	/* * Scale back estimates for subsequent passes through list */
	251	entropy_estimate /= 10.0 * (i + 1.0);
	252
	253	/* Stir it in */
	254	RAND_add(hash, sizeof(hash), entropy_estimate);
	255
	256	/* FIXME: turn this off later */
	257	#if 1
	258	debug("Got %0.2f bytes of entropy from %s", entropy_estimate,
259	entropy_sources[c].path);
260	#endif
261
262	total_entropy_estimate += entropy_estimate;
263
264	/* Execution times should be a little unpredictable */
265	total_entropy_estimate += stir_gettimeofday(0.05);
266	total_entropy_estimate += stir_clock(0.05);
267	total_entropy_estimate += stir_rusage(RUSAGE_SELF, 0.1);
268	total_entropy_estimate += stir_rusage(RUSAGE_CHILDREN, 0.1);
269
270	c++;
271	}
272	}
273
274	return(total_entropy_estimate);
275	}
276
277	double
278	stir_gettimeofday(double entropy_estimate)
279	{
280	struct timeval tv;
281
282	if (gettimeofday(&tv, NULL) == -1)
283	fatal("Couldn't gettimeofday: %s", strerror(errno));
284
285	RAND_add(&tv, sizeof(tv), entropy_estimate);
286
287	return(entropy_estimate);
288	}
289
290	double
291	stir_clock(double entropy_estimate)
292	{
293	#ifdef HAVE_CLOCK
294	clock_t c;
295
296	c = clock();
297	RAND_add(&c, sizeof(c), entropy_estimate);
298
299	return(entropy_estimate);
300	#else /* _HAVE_CLOCK */
301	return(0);
302	#endif /* _HAVE_CLOCK */
303	}
304
305	double
306	stir_rusage(int who, double entropy_estimate)
307	{
308	#ifdef HAVE_GETRUSAGE
309	struct rusage ru;
310
311	if (getrusage(who, &ru) == -1)
312	fatal("Couldn't getrusage: %s", strerror(errno));
313
314	RAND_add(&ru, sizeof(ru), 0.1);
315
316	return(entropy_estimate);
317	#else /* _HAVE_GETRUSAGE */
318	return(0);
319	#endif /* _HAVE_GETRUSAGE */
320	}
321
322	double
323	hash_output_from_command(const char path, const char args, char hash)
324	{
325	static int devnull = -1;
326	int p[2];
327	pid_t pid;
328	int status;
329	char buf[2048];
330	int bytes_read;
331	int total_bytes_read;
332	SHA_CTX sha;
333
334	if (devnull == -1) {
335	devnull = open("/dev/null", O_RDWR);
336	if (devnull == -1)
337	fatal("Couldn't open /dev/null: %s", strerror(errno));
338	}
339
340	if (pipe(p) == -1)
341	fatal("Couldn't open pipe: %s", strerror(errno));
342
343	switch (pid = fork()) {
344	case -1: /* Error */
345	close(p[0]);
346	close(p[1]);
347	fatal("Couldn't fork: %s", strerror(errno));
348	/* NOTREACHED */
349	case 0: /* Child */
350	close(0);
351	close(1);
352	close(2);
353	dup2(devnull, 0);
354	dup2(p[1], 1);
355	dup2(p[1], 2);
356	close(p[0]);
357	close(p[1]);
358	close(devnull);
359
360	execv(path, (char**)args);
361	debug("(child) Couldn't exec '%s': %s", path, strerror(errno));
362	_exit(-1);
363	default: /* Parent */
364	break;
365	}
366
367	RAND_add(&pid, sizeof(&pid), 0.0);
368
369	close(p[1]);
370
371	/* Hash output from child */
372	SHA1_Init(&sha);
373	total_bytes_read = 0;
374	while ((bytes_read = read(p[0], buf, sizeof(buf))) > 0) {
375	SHA1_Update(&sha, buf, bytes_read);
376	total_bytes_read += bytes_read;
377	RAND_add(&bytes_read, sizeof(&bytes_read), 0.0);
378	}
379	SHA1_Final(hash, &sha);
380
381	close(p[0]);
382
383	if (waitpid(pid, &status, 0) == -1) {
384	error("Couldn't wait for child '%s' completion: %s", path,
385	strerror(errno));
386	return(-1);
387	}
388
389	RAND_add(&status, sizeof(&status), 0.0);
390
391	if (!WIFEXITED(status) \|\| (WEXITSTATUS(status) != 0))
392	return(0.0);
393	else
394	return(total_bytes_read);
395	}
396	#endif /* defined(EGD_SOCKET) \|\| defined(RANDOM_POOL) */
397
398	#if defined(EGD_SOCKET) \|\| defined(RANDOM_POOL)
399	/*
400	* Seed OpenSSL's random number pool from Kernel random number generator
401	* or EGD
402	*/
403	void
404	seed_rng(void)
405	{
406	char buf[32];
407
408	debug("Seeding random number generator");
409	get_random_bytes(buf, sizeof(buf));
410	RAND_add(buf, sizeof(buf), sizeof(buf));
411	memset(buf, '\0', sizeof(buf));
412	}
413	#else /* defined(EGD_SOCKET) \|\| defined(RANDOM_POOL) */
414	/*
415	* Conditionally Seed OpenSSL's random number pool syscalls and program output
416	*/
417	void
418	seed_rng(void)
419	{
6c081128	420	debug("Seeding random number generator.");
	421	debug("OpenSSL random status is now %i\n", RAND_status());
	422	debug("%i bytes from system calls", (int)stir_from_system());
	423	debug("%i bytes from programs", (int)stir_from_programs());
	424	debug("OpenSSL random status is now %i\n", RAND_status());
bfc9a610	425	}
bfc9a610	426	#endif /* defined(EGD_SOCKET) \|\| defined(RANDOM_POOL) */