[openssh.git] / entropy.c

/*
 * Copyright (c) 2000 Damien Miller.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *      This product includes software developed by Markus Friedl.
 * 4. The name of the author may not be used to endorse or promote products
 *    derived from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include "includes.h"

#include "ssh.h"
#include "xmalloc.h"

#ifdef HAVE_OPENSSL
# include <openssl/rand.h>
# include <openssl/sha.h>
#endif
#ifdef HAVE_SSL
# include <ssl/rand.h>
# include <ssl/sha.h>
#endif

RCSID("$Id$");

#ifdef EGD_SOCKET
#ifndef offsetof
# define offsetof(type, member) ((size_t) &((type *)0)->member)
#endif
/* Collect entropy from EGD */
void get_random_bytes(unsigned char *buf, int len)
{
	static int egd_socket = -1;
	int c;
	char egd_message[2] = { 0x02, 0x00 };
	struct sockaddr_un addr;
	int addr_len;

	memset(&addr, '\0', sizeof(addr));
	addr.sun_family = AF_UNIX;
	
	/* FIXME: compile time check? */
	if (sizeof(EGD_SOCKET) > sizeof(addr.sun_path))
		fatal("Random pool path is too long");
	
	strcpy(addr.sun_path, EGD_SOCKET);
	
	addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(EGD_SOCKET);
	
	if (egd_socket == -1) {
		egd_socket = socket(AF_UNIX, SOCK_STREAM, 0);
		if (egd_socket == -1)
			fatal("Couldn't create AF_UNIX socket: %s", strerror(errno));
		if (connect(egd_socket, (struct sockaddr*)&addr, addr_len) == -1)
			fatal("Couldn't connect to EGD socket \"%s\": %s", addr.sun_path, strerror(errno));
	}	

	if (len > 255)
		fatal("Too many bytes to read from EGD");
	
	/* Send blocking read request to EGD */
	egd_message[1] = len;

	c = atomicio(write, egd_socket, egd_message, sizeof(egd_message));
	if (c == -1)
		fatal("Couldn't write to EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno));

	c = atomicio(read, egd_socket, buf, len);
	if (c <= 0)
		fatal("Couldn't read from EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno));
	
	close(EGD_SOCKET);
}
#else /* !EGD_SOCKET */
#ifdef RANDOM_POOL
/* Collect entropy from /dev/urandom or pipe */
void get_random_bytes(unsigned char *buf, int len)
{
	static int random_pool = -1;
	int c;

	if (random_pool == -1) {
		random_pool = open(RANDOM_POOL, O_RDONLY);
		if (random_pool == -1)
			fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
	}
	
	c = atomicio(read, random_pool, buf, len);
	if (c <= 0)
		fatal("Couldn't read from random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
}
#endif /* RANDOM_POOL */
#endif /* EGD_SOCKET */

#if !defined(EGD_SOCKET) && !defined(RANDOM_POOL)
/* 
 * FIXME: proper entropy estimations. All current values are guesses
 * FIXME: Need timeout for slow moving programs
 * FIXME: More entropy sources
 */

double stir_from_system(void);
double stir_from_programs(void);
double stir_gettimeofday(double entropy_estimate);
double stir_clock(double entropy_estimate);
double stir_rusage(int who, double entropy_estimate);
double hash_output_from_command(const char *path, const char **args, char *hash);

typedef struct
{
	/* Proportion of data that is entropy */
	double rate;
	/* Path to executable */
	const char *path;
	/* argv to pass to executable */
	const char *args[5];
} entropy_source_t;

entropy_source_t entropy_sources[] = {
#ifdef PROG_LS
	{ 0.002, PROG_LS,       { "ls", "-alni", "/var/log", NULL } },
	{ 0.002, PROG_LS,       { "ls", "-alni", "/var/adm", NULL } },
	{ 0.002, PROG_LS,       { "ls", "-alni", "/var/mail", NULL } },
	{ 0.002, PROG_LS,       { "ls", "-alni", "/var/spool/mail", NULL } },
	{ 0.002, PROG_LS,       { "ls", "-alni", "/proc", NULL } },
	{ 0.002, PROG_LS,       { "ls", "-alni", "/tmp", NULL } },
#endif
#ifdef PROG_NETSTAT
	{ 0.005, PROG_NETSTAT,  { "netstat","-an", NULL, NULL } },
	{ 0.010, PROG_NETSTAT,  { "netstat","-in", NULL, NULL } },
	{ 0.002, PROG_NETSTAT,  { "netstat","-rn", NULL, NULL } },
	{ 0.002, PROG_NETSTAT,  { "netstat","-s", NULL, NULL } },
#endif
#ifdef PROG_ARP
	{ 0.002, PROG_ARP,      { "arp","-a","-n", NULL } },
#endif
#ifdef PROG_IFCONFIG
	{ 0.002, PROG_IFCONFIG, { "ifconfig", "-a", NULL, NULL } },
#endif
#ifdef PROG_PS
	{ 0.003, PROG_PS,       { "ps", "laxww", NULL, NULL } },
	{ 0.003, PROG_PS,       { "ps", "-al", NULL, NULL } },
	{ 0.003, PROG_PS,       { "ps", "-efl", NULL, NULL } },
#endif
#ifdef PROG_W
	{ 0.005, PROG_W,        { "w", NULL, NULL, NULL } },
#endif
#ifdef PROG_WHO
	{ 0.001, PROG_WHO,      { "who","-i", NULL, NULL } },
#endif
#ifdef PROG_LAST
	{ 0.001, PROG_LAST,     { "last", NULL, NULL, NULL } },
#endif
#ifdef PROG_LASTLOG
	{ 0.001, PROG_LASTLOG,  { "lastlog", NULL, NULL, NULL } },
#endif
#ifdef PROG_DF
	{ 0.010, PROG_DF,       { "df", NULL, NULL, NULL } },
	{ 0.010, PROG_DF,       { "df", "-i", NULL, NULL } },
#endif
#ifdef PROG_VMSTAT
	{ 0.010, PROG_VMSTAT,   { "vmstat", NULL, NULL, NULL } },
#endif
#ifdef PROG_UPTIME
	{ 0.001, PROG_UPTIME,   { "uptime", NULL, NULL, NULL } },
#endif
#ifdef PROG_IPCS
	{ 0.001, PROG_IPCS,     { "-a", NULL, NULL, NULL } },
#endif
#ifdef PROG_TAIL
	{ 0.001, PROG_TAIL,     { "tail", "-200", "/var/log/messages", NULL, NULL } },
	{ 0.001, PROG_TAIL,     { "tail", "-200", "/var/log/syslog", NULL, NULL } },
	{ 0.001, PROG_TAIL,     { "tail", "-200", "/var/adm/messages", NULL, NULL } },
	{ 0.001, PROG_TAIL,     { "tail", "-200", "/var/adm/syslog", NULL, NULL } },
	{ 0.001, PROG_TAIL,     { "tail", "-200", "/var/log/maillog", NULL, NULL } },
	{ 0.001, PROG_TAIL,     { "tail", "-200", "/var/adm/maillog", NULL, NULL } },
#endif
	{ 0.000, NULL,          { NULL, NULL, NULL, NULL, NULL } },
};


double 
stir_from_system(void)
{
	double total_entropy_estimate;
	long int i;
	
	total_entropy_estimate = 0;
	
	i = getpid();
	RAND_add(&i, sizeof(i), 0.1);
	total_entropy_estimate += 0.1;
	
	i = getppid();
	RAND_add(&i, sizeof(i), 0.1);
	total_entropy_estimate += 0.1;

	i = getuid();
	RAND_add(&i, sizeof(i), 0.0);
	i = getgid();
	RAND_add(&i, sizeof(i), 0.0);

	total_entropy_estimate += stir_gettimeofday(1.0);
	total_entropy_estimate += stir_clock(0.2);
	total_entropy_estimate += stir_rusage(RUSAGE_SELF, 2.0);

	return(total_entropy_estimate);
}

double 
stir_from_programs(void)
{
	int i;
	int c;
	double entropy_estimate;
	double total_entropy_estimate;
	char hash[SHA_DIGEST_LENGTH];

	/*
	 * Run through list of programs twice to catch differences
	 */
	total_entropy_estimate = 0;
	for(i = 0; i < 2; i++) {
		c = 0;
		while (entropy_sources[c].path != NULL) {
			/* Hash output from command */
			entropy_estimate = hash_output_from_command(entropy_sources[c].path,
				entropy_sources[c].args, hash);

			/* Scale back entropy estimate according to command's rate */
			entropy_estimate *= entropy_sources[c].rate;
 
			/* Upper bound of entropy estimate is SHA_DIGEST_LENGTH */
			if (entropy_estimate > SHA_DIGEST_LENGTH)
				entropy_estimate = SHA_DIGEST_LENGTH;

 			/* * Scale back estimates for subsequent passes through list */
			entropy_estimate /= 10.0 * (i + 1.0);
			
			/* Stir it in */
			RAND_add(hash, sizeof(hash), entropy_estimate);

/* FIXME: turn this off later */
#if 1
			debug("Got %0.2f bytes of entropy from %s", entropy_estimate, 
				entropy_sources[c].path);
#endif

			total_entropy_estimate += entropy_estimate;

			/* Execution times should be a little unpredictable */
			total_entropy_estimate += stir_gettimeofday(0.05);
			total_entropy_estimate += stir_clock(0.05);
			total_entropy_estimate += stir_rusage(RUSAGE_SELF, 0.1);
			total_entropy_estimate += stir_rusage(RUSAGE_CHILDREN, 0.1);
			
			c++;
		}
	}
	
	return(total_entropy_estimate);
}

double
stir_gettimeofday(double entropy_estimate)
{
	struct timeval tv;
	
	if (gettimeofday(&tv, NULL) == -1)
		fatal("Couldn't gettimeofday: %s", strerror(errno));

	RAND_add(&tv, sizeof(tv), entropy_estimate);
	
	return(entropy_estimate);
}

double
stir_clock(double entropy_estimate)
{
#ifdef HAVE_CLOCK
	clock_t c;
	
	c = clock();
	RAND_add(&c, sizeof(c), entropy_estimate);
	
	return(entropy_estimate);
#else /* _HAVE_CLOCK */
	return(0);
#endif /* _HAVE_CLOCK */
}

double
stir_rusage(int who, double entropy_estimate)
{
#ifdef HAVE_GETRUSAGE
	struct rusage ru;
	
   if (getrusage(who, &ru) == -1)
		fatal("Couldn't getrusage: %s", strerror(errno));

	RAND_add(&ru, sizeof(ru), 0.1);

	return(entropy_estimate);
#else /* _HAVE_GETRUSAGE */
	return(0);
#endif /* _HAVE_GETRUSAGE */
}

double
hash_output_from_command(const char *path, const char **args, char *hash)
{
	static int devnull = -1;
	int p[2];
	pid_t pid;
	int status;
	char buf[2048];
	int bytes_read;
	int total_bytes_read;
	SHA_CTX sha;
	
	if (devnull == -1) {
		devnull = open("/dev/null", O_RDWR);
		if (devnull == -1)
			fatal("Couldn't open /dev/null: %s", strerror(errno));
	}
	
	if (pipe(p) == -1)
		fatal("Couldn't open pipe: %s", strerror(errno));

	switch (pid = fork()) {
		case -1: /* Error */
			close(p[0]);
			close(p[1]);
			fatal("Couldn't fork: %s", strerror(errno));
			/* NOTREACHED */
		case 0: /* Child */
			close(0);
			close(1);
			close(2);
			dup2(devnull, 0);
			dup2(p[1], 1);
			dup2(p[1], 2);
			close(p[0]);
			close(p[1]);
			close(devnull);

			execv(path, (char**)args);
			debug("(child) Couldn't exec '%s': %s", path, strerror(errno));
			_exit(-1);
		default: /* Parent */
			break;
	}

	RAND_add(&pid, sizeof(&pid), 0.0);

	close(p[1]);

	/* Hash output from child */
	SHA1_Init(&sha);
	total_bytes_read = 0;
	while ((bytes_read = read(p[0], buf, sizeof(buf)))	> 0) {
		SHA1_Update(&sha, buf, bytes_read);
		total_bytes_read += bytes_read;
		RAND_add(&bytes_read, sizeof(&bytes_read), 0.0);
	}
	SHA1_Final(hash, &sha);

	close(p[0]);
	
	if (waitpid(pid, &status, 0) == -1) {
		error("Couldn't wait for child '%s' completion: %s", path, 
			strerror(errno));
		return(-1);
	}

	RAND_add(&status, sizeof(&status), 0.0);

	if (!WIFEXITED(status) || (WEXITSTATUS(status) != 0))
		return(0.0);
	else
		return(total_bytes_read);
}
#endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */

#if defined(EGD_SOCKET) || defined(RANDOM_POOL)
/*
 * Seed OpenSSL's random number pool from Kernel random number generator
 * or EGD
 */
void
seed_rng(void)
{
	char buf[32];
	
	debug("Seeding random number generator");
	get_random_bytes(buf, sizeof(buf));
	RAND_add(buf, sizeof(buf), sizeof(buf));
	memset(buf, '\0', sizeof(buf));
}
#else /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */
/*
 * Conditionally Seed OpenSSL's random number pool syscalls and program output
 */
void
seed_rng(void)
{
	if (!RAND_status()) {
		debug("Seeding random number generator.");
		debug("%i bytes from system calls", (int)stir_from_system());
		debug("%i bytes from programs", (int)stir_from_programs());
		debug("OpenSSL random status is now %i\n", RAND_status());
	}
}
#endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */
Commit	Line	Data
bfc9a610	1	/*
	2	* Copyright (c) 2000 Damien Miller. All rights reserved.
	3	*
	4	* Redistribution and use in source and binary forms, with or without
	5	* modification, are permitted provided that the following conditions
	6	* are met:
	7	* 1. Redistributions of source code must retain the above copyright
	8	* notice, this list of conditions and the following disclaimer.
	9	* 2. Redistributions in binary form must reproduce the above copyright
	10	* notice, this list of conditions and the following disclaimer in the
	11	* documentation and/or other materials provided with the distribution.
	12	* 3. All advertising materials mentioning features or use of this software
	13	* must display the following acknowledgement:
	14	* This product includes software developed by Markus Friedl.
	15	* 4. The name of the author may not be used to endorse or promote products
	16	* derived from this software without specific prior written permission.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	19	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	20	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	21	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	22	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	23	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	24	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	25	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	26	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	27	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	28	*/
	29
	30	#include "includes.h"
	31
	32	#include "ssh.h"
	33	#include "xmalloc.h"
	34
	35	#ifdef HAVE_OPENSSL
	36	# include <openssl/rand.h>
	37	# include <openssl/sha.h>
	38	#endif
	39	#ifdef HAVE_SSL
	40	# include <ssl/rand.h>
	41	# include <ssl/sha.h>
	42	#endif
	43
	44	RCSID("$Id$");
	45
	46	#ifdef EGD_SOCKET
	47	#ifndef offsetof
	48	# define offsetof(type, member) ((size_t) &((type *)0)->member)
	49	#endif
	50	/* Collect entropy from EGD */
	51	void get_random_bytes(unsigned char *buf, int len)
	52	{
	53	static int egd_socket = -1;
	54	int c;
	55	char egd_message[2] = { 0x02, 0x00 };
	56	struct sockaddr_un addr;
	57	int addr_len;
	58
	59	memset(&addr, '\0', sizeof(addr));
	60	addr.sun_family = AF_UNIX;
	61
	62	/* FIXME: compile time check? */
	63	if (sizeof(EGD_SOCKET) > sizeof(addr.sun_path))
	64	fatal("Random pool path is too long");
65
66	strcpy(addr.sun_path, EGD_SOCKET);
67
68	addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(EGD_SOCKET);
69
70	if (egd_socket == -1) {
71	egd_socket = socket(AF_UNIX, SOCK_STREAM, 0);
72	if (egd_socket == -1)
73	fatal("Couldn't create AF_UNIX socket: %s", strerror(errno));
74	if (connect(egd_socket, (struct sockaddr*)&addr, addr_len) == -1)
75	fatal("Couldn't connect to EGD socket \"%s\": %s", addr.sun_path, strerror(errno));
76	}
77
78	if (len > 255)
79	fatal("Too many bytes to read from EGD");
80
81	/* Send blocking read request to EGD */
82	egd_message[1] = len;
83
84	c = atomicio(write, egd_socket, egd_message, sizeof(egd_message));
85	if (c == -1)
86	fatal("Couldn't write to EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno));
87
88	c = atomicio(read, egd_socket, buf, len);
89	if (c <= 0)
90	fatal("Couldn't read from EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno));
91
92	close(EGD_SOCKET);
93	}
94	#else /* !EGD_SOCKET */
95	#ifdef RANDOM_POOL
96	/* Collect entropy from /dev/urandom or pipe */
97	void get_random_bytes(unsigned char *buf, int len)
98	{
99	static int random_pool = -1;
100	int c;
101
102	if (random_pool == -1) {
103	random_pool = open(RANDOM_POOL, O_RDONLY);
104	if (random_pool == -1)
105	fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
106	}
107
bfc9a610	108	c = atomicio(read, random_pool, buf, len);
	109	if (c <= 0)
	110	fatal("Couldn't read from random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
	111	}
	112	#endif /* RANDOM_POOL */
	113	#endif /* EGD_SOCKET */
	114
	115	#if !defined(EGD_SOCKET) && !defined(RANDOM_POOL)
	116	/*
	117	* FIXME: proper entropy estimations. All current values are guesses
	118	* FIXME: Need timeout for slow moving programs
	119	* FIXME: More entropy sources
	120	*/
	121
	122	double stir_from_system(void);
	123	double stir_from_programs(void);
	124	double stir_gettimeofday(double entropy_estimate);
	125	double stir_clock(double entropy_estimate);
	126	double stir_rusage(int who, double entropy_estimate);
	127	double hash_output_from_command(const char path, const char args, char hash);
	128
	129	typedef struct
	130	{
	131	/* Proportion of data that is entropy */
	132	double rate;
	133	/* Path to executable */
	134	const char *path;
	135	/* argv to pass to executable */
	136	const char *args[5];
	137	} entropy_source_t;
	138
	139	entropy_source_t entropy_sources[] = {
	140	#ifdef PROG_LS
	141	{ 0.002, PROG_LS, { "ls", "-alni", "/var/log", NULL } },
	142	{ 0.002, PROG_LS, { "ls", "-alni", "/var/adm", NULL } },
	143	{ 0.002, PROG_LS, { "ls", "-alni", "/var/mail", NULL } },
	144	{ 0.002, PROG_LS, { "ls", "-alni", "/var/spool/mail", NULL } },
	145	{ 0.002, PROG_LS, { "ls", "-alni", "/proc", NULL } },
	146	{ 0.002, PROG_LS, { "ls", "-alni", "/tmp", NULL } },
	147	#endif
	148	#ifdef PROG_NETSTAT
	149	{ 0.005, PROG_NETSTAT, { "netstat","-an", NULL, NULL } },
	150	{ 0.010, PROG_NETSTAT, { "netstat","-in", NULL, NULL } },
	151	{ 0.002, PROG_NETSTAT, { "netstat","-rn", NULL, NULL } },
	152	{ 0.002, PROG_NETSTAT, { "netstat","-s", NULL, NULL } },
	153	#endif
	154	#ifdef PROG_ARP
	155	{ 0.002, PROG_ARP, { "arp","-a","-n", NULL } },
	156	#endif
	157	#ifdef PROG_IFCONFIG
	158	{ 0.002, PROG_IFCONFIG, { "ifconfig", "-a", NULL, NULL } },
	159	#endif
	160	#ifdef PROG_PS
	161	{ 0.003, PROG_PS, { "ps", "laxww", NULL, NULL } },
	162	{ 0.003, PROG_PS, { "ps", "-al", NULL, NULL } },
	163	{ 0.003, PROG_PS, { "ps", "-efl", NULL, NULL } },
	164	#endif
	165	#ifdef PROG_W
	166	{ 0.005, PROG_W, { "w", NULL, NULL, NULL } },
	167	#endif
	168	#ifdef PROG_WHO
	169	{ 0.001, PROG_WHO, { "who","-i", NULL, NULL } },
	170	#endif
	171	#ifdef PROG_LAST
172	{ 0.001, PROG_LAST, { "last", NULL, NULL, NULL } },
173	#endif
174	#ifdef PROG_LASTLOG
175	{ 0.001, PROG_LASTLOG, { "lastlog", NULL, NULL, NULL } },
176	#endif
177	#ifdef PROG_DF
178	{ 0.010, PROG_DF, { "df", NULL, NULL, NULL } },
179	{ 0.010, PROG_DF, { "df", "-i", NULL, NULL } },
180	#endif
181	#ifdef PROG_VMSTAT
182	{ 0.010, PROG_VMSTAT, { "vmstat", NULL, NULL, NULL } },
183	#endif
184	#ifdef PROG_UPTIME
185	{ 0.001, PROG_UPTIME, { "uptime", NULL, NULL, NULL } },
186	#endif
187	#ifdef PROG_IPCS
188	{ 0.001, PROG_IPCS, { "-a", NULL, NULL, NULL } },
189	#endif
190	#ifdef PROG_TAIL
191	{ 0.001, PROG_TAIL, { "tail", "-200", "/var/log/messages", NULL, NULL } },
192	{ 0.001, PROG_TAIL, { "tail", "-200", "/var/log/syslog", NULL, NULL } },
193	{ 0.001, PROG_TAIL, { "tail", "-200", "/var/adm/messages", NULL, NULL } },
194	{ 0.001, PROG_TAIL, { "tail", "-200", "/var/adm/syslog", NULL, NULL } },
195	{ 0.001, PROG_TAIL, { "tail", "-200", "/var/log/maillog", NULL, NULL } },
196	{ 0.001, PROG_TAIL, { "tail", "-200", "/var/adm/maillog", NULL, NULL } },
197	#endif
198	{ 0.000, NULL, { NULL, NULL, NULL, NULL, NULL } },
199	};
200
201
202	double
203	stir_from_system(void)
204	{
205	double total_entropy_estimate;
206	long int i;
207
208	total_entropy_estimate = 0;
209
210	i = getpid();
211	RAND_add(&i, sizeof(i), 0.1);
212	total_entropy_estimate += 0.1;
213
214	i = getppid();
215	RAND_add(&i, sizeof(i), 0.1);
216	total_entropy_estimate += 0.1;
217
218	i = getuid();
219	RAND_add(&i, sizeof(i), 0.0);
220	i = getgid();
221	RAND_add(&i, sizeof(i), 0.0);
222
223	total_entropy_estimate += stir_gettimeofday(1.0);
224	total_entropy_estimate += stir_clock(0.2);
225	total_entropy_estimate += stir_rusage(RUSAGE_SELF, 2.0);
226
227	return(total_entropy_estimate);
228	}
229
230	double
231	stir_from_programs(void)
232	{
233	int i;
234	int c;
235	double entropy_estimate;
236	double total_entropy_estimate;
237	char hash[SHA_DIGEST_LENGTH];
238
239	/*
240	* Run through list of programs twice to catch differences
241	*/
242	total_entropy_estimate = 0;
243	for(i = 0; i < 2; i++) {
244	c = 0;
245	while (entropy_sources[c].path != NULL) {
246	/* Hash output from command */
247	entropy_estimate = hash_output_from_command(entropy_sources[c].path,
248	entropy_sources[c].args, hash);
249
250	/* Scale back entropy estimate according to command's rate */
251	entropy_estimate *= entropy_sources[c].rate;
252
253	/* Upper bound of entropy estimate is SHA_DIGEST_LENGTH */
254	if (entropy_estimate > SHA_DIGEST_LENGTH)
255	entropy_estimate = SHA_DIGEST_LENGTH;
256
257	/* * Scale back estimates for subsequent passes through list */
258	entropy_estimate /= 10.0 * (i + 1.0);
259
260	/* Stir it in */
261	RAND_add(hash, sizeof(hash), entropy_estimate);
262
263	/* FIXME: turn this off later */
264	#if 1
265	debug("Got %0.2f bytes of entropy from %s", entropy_estimate,
266	entropy_sources[c].path);
267	#endif
268
269	total_entropy_estimate += entropy_estimate;
270
271	/* Execution times should be a little unpredictable */
272	total_entropy_estimate += stir_gettimeofday(0.05);
273	total_entropy_estimate += stir_clock(0.05);
274	total_entropy_estimate += stir_rusage(RUSAGE_SELF, 0.1);
275	total_entropy_estimate += stir_rusage(RUSAGE_CHILDREN, 0.1);
276
277	c++;
278	}
279	}
280
281	return(total_entropy_estimate);
282	}
283
284	double
285	stir_gettimeofday(double entropy_estimate)
286	{
287	struct timeval tv;
288
289	if (gettimeofday(&tv, NULL) == -1)
290	fatal("Couldn't gettimeofday: %s", strerror(errno));
291
292	RAND_add(&tv, sizeof(tv), entropy_estimate);
293
294	return(entropy_estimate);
295	}
296
297	double
298	stir_clock(double entropy_estimate)
299	{
300	#ifdef HAVE_CLOCK
301	clock_t c;
302
303	c = clock();
304	RAND_add(&c, sizeof(c), entropy_estimate);
305
306	return(entropy_estimate);
307	#else /* _HAVE_CLOCK */
308	return(0);
309	#endif /* _HAVE_CLOCK */
310	}
311
312	double
313	stir_rusage(int who, double entropy_estimate)
314	{
315	#ifdef HAVE_GETRUSAGE
316	struct rusage ru;
317
318	if (getrusage(who, &ru) == -1)
319	fatal("Couldn't getrusage: %s", strerror(errno));
320
321	RAND_add(&ru, sizeof(ru), 0.1);
322
323	return(entropy_estimate);
324	#else /* _HAVE_GETRUSAGE */
325	return(0);
326	#endif /* _HAVE_GETRUSAGE */
327	}
328
329	double
330	hash_output_from_command(const char path, const char args, char hash)
331	{
332	static int devnull = -1;
333	int p[2];
334	pid_t pid;
335	int status;
336	char buf[2048];
337	int bytes_read;
338	int total_bytes_read;
339	SHA_CTX sha;
340
341	if (devnull == -1) {
342	devnull = open("/dev/null", O_RDWR);
343	if (devnull == -1)
344	fatal("Couldn't open /dev/null: %s", strerror(errno));
345	}
346
347	if (pipe(p) == -1)
348	fatal("Couldn't open pipe: %s", strerror(errno));
349
350	switch (pid = fork()) {
351	case -1: /* Error */
352	close(p[0]);
353	close(p[1]);
354	fatal("Couldn't fork: %s", strerror(errno));
355	/* NOTREACHED */
356	case 0: /* Child */
357	close(0);
358	close(1);
359	close(2);
360	dup2(devnull, 0);
361	dup2(p[1], 1);
362	dup2(p[1], 2);
363	close(p[0]);
364	close(p[1]);
365	close(devnull);
366
367	execv(path, (char**)args);
368	debug("(child) Couldn't exec '%s': %s", path, strerror(errno));
369	_exit(-1);
370	default: /* Parent */
371	break;
372	}
373
374	RAND_add(&pid, sizeof(&pid), 0.0);
375
376	close(p[1]);
377
378	/* Hash output from child */
379	SHA1_Init(&sha);
380	total_bytes_read = 0;
381	while ((bytes_read = read(p[0], buf, sizeof(buf))) > 0) {
382	SHA1_Update(&sha, buf, bytes_read);
383	total_bytes_read += bytes_read;
384	RAND_add(&bytes_read, sizeof(&bytes_read), 0.0);
385	}
386	SHA1_Final(hash, &sha);
387
388	close(p[0]);
389
390	if (waitpid(pid, &status, 0) == -1) {
391	error("Couldn't wait for child '%s' completion: %s", path,
392	strerror(errno));
393	return(-1);
394	}
395
396	RAND_add(&status, sizeof(&status), 0.0);
397
398	if (!WIFEXITED(status) \|\| (WEXITSTATUS(status) != 0))
399	return(0.0);
400	else
401	return(total_bytes_read);
402	}
403	#endif /* defined(EGD_SOCKET) \|\| defined(RANDOM_POOL) */
404
405	#if defined(EGD_SOCKET) \|\| defined(RANDOM_POOL)
406	/*
407	* Seed OpenSSL's random number pool from Kernel random number generator
408	* or EGD
409	*/
410	void
411	seed_rng(void)
412	{
413	char buf[32];
414
415	debug("Seeding random number generator");
416	get_random_bytes(buf, sizeof(buf));
417	RAND_add(buf, sizeof(buf), sizeof(buf));
418	memset(buf, '\0', sizeof(buf));
419	}
420	#else /* defined(EGD_SOCKET) \|\| defined(RANDOM_POOL) */
421	/*
422	* Conditionally Seed OpenSSL's random number pool syscalls and program output
423	*/
424	void
425	seed_rng(void)
426	{
427	if (!RAND_status()) {
428	debug("Seeding random number generator.");
429	debug("%i bytes from system calls", (int)stir_from_system());
430	debug("%i bytes from programs", (int)stir_from_programs());
431	debug("OpenSSL random status is now %i\n", RAND_status());
432	}
433	}
434	#endif /* defined(EGD_SOCKET) \|\| defined(RANDOM_POOL) */