[openssh.git] / entropy.c

/*
 * Copyright (c) 2000 Damien Miller.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *      This product includes software developed by Markus Friedl.
 * 4. The name of the author may not be used to endorse or promote products
 *    derived from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include "includes.h"

#include "ssh.h"
#include "xmalloc.h"

#ifdef HAVE_OPENSSL
# include <openssl/rand.h>
# include <openssl/sha.h>
#endif
#ifdef HAVE_SSL
# include <ssl/rand.h>
# include <ssl/sha.h>
#endif

RCSID("$Id$");

#ifdef EGD_SOCKET
#ifndef offsetof
# define offsetof(type, member) ((size_t) &((type *)0)->member)
#endif
/* Collect entropy from EGD */
void get_random_bytes(unsigned char *buf, int len)
{
	static int egd_socket = -1;
	int c;
	char egd_message[2] = { 0x02, 0x00 };
	struct sockaddr_un addr;
	int addr_len;

	memset(&addr, '\0', sizeof(addr));
	addr.sun_family = AF_UNIX;
	
	/* FIXME: compile time check? */
	if (sizeof(EGD_SOCKET) > sizeof(addr.sun_path))
		fatal("Random pool path is too long");
	
	strcpy(addr.sun_path, EGD_SOCKET);
	
	addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(EGD_SOCKET);
	
	if (egd_socket == -1) {
		egd_socket = socket(AF_UNIX, SOCK_STREAM, 0);
		if (egd_socket == -1)
			fatal("Couldn't create AF_UNIX socket: %s", strerror(errno));
		if (connect(egd_socket, (struct sockaddr*)&addr, addr_len) == -1)
			fatal("Couldn't connect to EGD socket \"%s\": %s", addr.sun_path, strerror(errno));
	}	

	if (len > 255)
		fatal("Too many bytes to read from EGD");
	
	/* Send blocking read request to EGD */
	egd_message[1] = len;

	c = atomicio(write, egd_socket, egd_message, sizeof(egd_message));
	if (c == -1)
		fatal("Couldn't write to EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno));

	c = atomicio(read, egd_socket, buf, len);
	if (c <= 0)
		fatal("Couldn't read from EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno));
	
	close(EGD_SOCKET);
}
#else /* !EGD_SOCKET */
#ifdef RANDOM_POOL
/* Collect entropy from /dev/urandom or pipe */
void get_random_bytes(unsigned char *buf, int len)
{
	static int random_pool = -1;
	int c;

	if (random_pool == -1) {
		random_pool = open(RANDOM_POOL, O_RDONLY);
		if (random_pool == -1)
			fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
	}
	
	c = atomicio(read, random_pool, buf, len);
	if (c <= 0)
		fatal("Couldn't read from random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
}
#endif /* RANDOM_POOL */
#endif /* EGD_SOCKET */

#if !defined(EGD_SOCKET) && !defined(RANDOM_POOL)
/* 
 * FIXME: proper entropy estimations. All current values are guesses
 * FIXME: Need timeout for slow moving programs
 * FIXME: More entropy sources
 */

double stir_from_system(void);
double stir_from_programs(void);
double stir_gettimeofday(double entropy_estimate);
double stir_clock(double entropy_estimate);
double stir_rusage(int who, double entropy_estimate);
double hash_output_from_command(const char *path, const char **args, char *hash);

typedef struct
{
	/* Proportion of data that is entropy */
	double rate;
	/* Path to executable */
	const char *path;
	/* argv to pass to executable */
	const char *args[5];
} entropy_source_t;

entropy_source_t entropy_sources[] = {
#ifdef PROG_LS
	{ 0.002, PROG_LS,       { "ls", "-alni", "/var/log", NULL } },
	{ 0.002, PROG_LS,       { "ls", "-alni", "/var/adm", NULL } },
	{ 0.002, PROG_LS,       { "ls", "-alni", "/var/mail", NULL } },
	{ 0.002, PROG_LS,       { "ls", "-alni", "/var/spool/mail", NULL } },
	{ 0.002, PROG_LS,       { "ls", "-alni", "/proc", NULL } },
	{ 0.002, PROG_LS,       { "ls", "-alni", "/tmp", NULL } },
#endif
#ifdef PROG_NETSTAT
	{ 0.005, PROG_NETSTAT,  { "netstat","-an", NULL, NULL } },
	{ 0.010, PROG_NETSTAT,  { "netstat","-in", NULL, NULL } },
	{ 0.002, PROG_NETSTAT,  { "netstat","-rn", NULL, NULL } },
	{ 0.002, PROG_NETSTAT,  { "netstat","-s", NULL, NULL } },
#endif
#ifdef PROG_ARP
	{ 0.002, PROG_ARP,      { "arp","-a","-n", NULL } },
#endif
#ifdef PROG_IFCONFIG
	{ 0.002, PROG_IFCONFIG, { "ifconfig", "-a", NULL, NULL } },
#endif
#ifdef PROG_PS
	{ 0.003, PROG_PS,       { "ps", "laxww", NULL, NULL } },
	{ 0.003, PROG_PS,       { "ps", "-al", NULL, NULL } },
	{ 0.003, PROG_PS,       { "ps", "-efl", NULL, NULL } },
#endif
#ifdef PROG_W
	{ 0.005, PROG_W,        { "w", NULL, NULL, NULL } },
#endif
#ifdef PROG_WHO
	{ 0.001, PROG_WHO,      { "who","-i", NULL, NULL } },
#endif
#ifdef PROG_LAST
	{ 0.001, PROG_LAST,     { "last", NULL, NULL, NULL } },
#endif
#ifdef PROG_LASTLOG
	{ 0.001, PROG_LASTLOG,  { "lastlog", NULL, NULL, NULL } },
#endif
#ifdef PROG_DF
	{ 0.010, PROG_DF,       { "df", NULL, NULL, NULL } },
	{ 0.010, PROG_DF,       { "df", "-i", NULL, NULL } },
#endif
#ifdef PROG_VMSTAT
	{ 0.010, PROG_VMSTAT,   { "vmstat", NULL, NULL, NULL } },
#endif
#ifdef PROG_UPTIME
	{ 0.001, PROG_UPTIME,   { "uptime", NULL, NULL, NULL } },
#endif
#ifdef PROG_IPCS
	{ 0.001, PROG_IPCS,     { "-a", NULL, NULL, NULL } },
#endif
#ifdef PROG_TAIL
	{ 0.001, PROG_TAIL,     { "tail", "-200", "/var/log/messages", NULL, NULL } },
	{ 0.001, PROG_TAIL,     { "tail", "-200", "/var/log/syslog", NULL, NULL } },
	{ 0.001, PROG_TAIL,     { "tail", "-200", "/var/adm/messages", NULL, NULL } },
	{ 0.001, PROG_TAIL,     { "tail", "-200", "/var/adm/syslog", NULL, NULL } },
	{ 0.001, PROG_TAIL,     { "tail", "-200", "/var/log/maillog", NULL, NULL } },
	{ 0.001, PROG_TAIL,     { "tail", "-200", "/var/adm/maillog", NULL, NULL } },
#endif
	{ 0.000, NULL,          { NULL, NULL, NULL, NULL, NULL } },
};

double 
stir_from_system(void)
{
	double total_entropy_estimate;
	long int i;
	
	total_entropy_estimate = 0;
	
	i = getpid();
	RAND_add(&i, sizeof(i), 0.1);
	total_entropy_estimate += 0.1;
	
	i = getppid();
	RAND_add(&i, sizeof(i), 0.1);
	total_entropy_estimate += 0.1;

	i = getuid();
	RAND_add(&i, sizeof(i), 0.0);
	i = getgid();
	RAND_add(&i, sizeof(i), 0.0);

	total_entropy_estimate += stir_gettimeofday(1.0);
	total_entropy_estimate += stir_clock(0.2);
	total_entropy_estimate += stir_rusage(RUSAGE_SELF, 2.0);

	return(total_entropy_estimate);
}

double 
stir_from_programs(void)
{
	int i;
	int c;
	double entropy_estimate;
	double total_entropy_estimate;
	char hash[SHA_DIGEST_LENGTH];

	/*
	 * Run through list of programs twice to catch differences
	 */
	total_entropy_estimate = 0;
	for(i = 0; i < 2; i++) {
		c = 0;
		while (entropy_sources[c].path != NULL) {
			/* Hash output from command */
			entropy_estimate = hash_output_from_command(entropy_sources[c].path,
				entropy_sources[c].args, hash);

			/* Scale back entropy estimate according to command's rate */
			entropy_estimate *= entropy_sources[c].rate;
 
			/* Upper bound of entropy estimate is SHA_DIGEST_LENGTH */
			if (entropy_estimate > SHA_DIGEST_LENGTH)
				entropy_estimate = SHA_DIGEST_LENGTH;

 			/* * Scale back estimates for subsequent passes through list */
			entropy_estimate /= 10.0 * (i + 1.0);
			
			/* Stir it in */
			RAND_add(hash, sizeof(hash), entropy_estimate);

/* FIXME: turn this off later */
#if 1
			debug("Got %0.2f bytes of entropy from %s", entropy_estimate, 
				entropy_sources[c].path);
#endif

			total_entropy_estimate += entropy_estimate;

			/* Execution times should be a little unpredictable */
			total_entropy_estimate += stir_gettimeofday(0.05);
			total_entropy_estimate += stir_clock(0.05);
			total_entropy_estimate += stir_rusage(RUSAGE_SELF, 0.1);
			total_entropy_estimate += stir_rusage(RUSAGE_CHILDREN, 0.1);
			
			c++;
		}
	}
	
	return(total_entropy_estimate);
}

double
stir_gettimeofday(double entropy_estimate)
{
	struct timeval tv;
	
	if (gettimeofday(&tv, NULL) == -1)
		fatal("Couldn't gettimeofday: %s", strerror(errno));

	RAND_add(&tv, sizeof(tv), entropy_estimate);
	
	return(entropy_estimate);
}

double
stir_clock(double entropy_estimate)
{
#ifdef HAVE_CLOCK
	clock_t c;
	
	c = clock();
	RAND_add(&c, sizeof(c), entropy_estimate);
	
	return(entropy_estimate);
#else /* _HAVE_CLOCK */
	return(0);
#endif /* _HAVE_CLOCK */
}

double
stir_rusage(int who, double entropy_estimate)
{
#ifdef HAVE_GETRUSAGE
	struct rusage ru;
	
   if (getrusage(who, &ru) == -1)
		fatal("Couldn't getrusage: %s", strerror(errno));

	RAND_add(&ru, sizeof(ru), 0.1);

	return(entropy_estimate);
#else /* _HAVE_GETRUSAGE */
	return(0);
#endif /* _HAVE_GETRUSAGE */
}

double
hash_output_from_command(const char *path, const char **args, char *hash)
{
	static int devnull = -1;
	int p[2];
	pid_t pid;
	int status;
	char buf[2048];
	int bytes_read;
	int total_bytes_read;
	SHA_CTX sha;
	
	if (devnull == -1) {
		devnull = open("/dev/null", O_RDWR);
		if (devnull == -1)
			fatal("Couldn't open /dev/null: %s", strerror(errno));
	}
	
	if (pipe(p) == -1)
		fatal("Couldn't open pipe: %s", strerror(errno));

	switch (pid = fork()) {
		case -1: /* Error */
			close(p[0]);
			close(p[1]);
			fatal("Couldn't fork: %s", strerror(errno));
			/* NOTREACHED */
		case 0: /* Child */
			close(0);
			close(1);
			close(2);
			dup2(devnull, 0);
			dup2(p[1], 1);
			dup2(p[1], 2);
			close(p[0]);
			close(p[1]);
			close(devnull);

			execv(path, (char**)args);
			debug("(child) Couldn't exec '%s': %s", path, strerror(errno));
			_exit(-1);
		default: /* Parent */
			break;
	}

	RAND_add(&pid, sizeof(&pid), 0.0);

	close(p[1]);

	/* Hash output from child */
	SHA1_Init(&sha);
	total_bytes_read = 0;
	while ((bytes_read = read(p[0], buf, sizeof(buf)))	> 0) {
		SHA1_Update(&sha, buf, bytes_read);
		total_bytes_read += bytes_read;
		RAND_add(&bytes_read, sizeof(&bytes_read), 0.0);
	}
	SHA1_Final(hash, &sha);

	close(p[0]);
	
	if (waitpid(pid, &status, 0) == -1) {
		error("Couldn't wait for child '%s' completion: %s", path, 
			strerror(errno));
		return(-1);
	}

	RAND_add(&status, sizeof(&status), 0.0);

	if (!WIFEXITED(status) || (WEXITSTATUS(status) != 0))
		return(0.0);
	else
		return(total_bytes_read);
}
#endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */

#if defined(EGD_SOCKET) || defined(RANDOM_POOL)
/*
 * Seed OpenSSL's random number pool from Kernel random number generator
 * or EGD
 */
void
seed_rng(void)
{
	char buf[32];
	
	debug("Seeding random number generator");
	get_random_bytes(buf, sizeof(buf));
	RAND_add(buf, sizeof(buf), sizeof(buf));
	memset(buf, '\0', sizeof(buf));
}
#else /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */
/*
 * Conditionally Seed OpenSSL's random number pool syscalls and program output
 */
void
seed_rng(void)
{
	debug("Seeding random number generator.");
	debug("OpenSSL random status is now %i\n", RAND_status());
	debug("%i bytes from system calls", (int)stir_from_system());
	debug("%i bytes from programs", (int)stir_from_programs());
	debug("OpenSSL random status is now %i\n", RAND_status());
}
#endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */
Commit	Line	Data
bfc9a610	1	/*
	2	* Copyright (c) 2000 Damien Miller. All rights reserved.
	3	*
	4	* Redistribution and use in source and binary forms, with or without
	5	* modification, are permitted provided that the following conditions
	6	* are met:
	7	* 1. Redistributions of source code must retain the above copyright
	8	* notice, this list of conditions and the following disclaimer.
	9	* 2. Redistributions in binary form must reproduce the above copyright
	10	* notice, this list of conditions and the following disclaimer in the
	11	* documentation and/or other materials provided with the distribution.
	12	* 3. All advertising materials mentioning features or use of this software
	13	* must display the following acknowledgement:
	14	* This product includes software developed by Markus Friedl.
	15	* 4. The name of the author may not be used to endorse or promote products
	16	* derived from this software without specific prior written permission.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	19	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	20	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	21	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	22	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	23	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	24	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	25	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	26	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	27	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	28	*/
	29
	30	#include "includes.h"
	31
	32	#include "ssh.h"
	33	#include "xmalloc.h"
	34
	35	#ifdef HAVE_OPENSSL
	36	# include <openssl/rand.h>
	37	# include <openssl/sha.h>
	38	#endif
	39	#ifdef HAVE_SSL
	40	# include <ssl/rand.h>
	41	# include <ssl/sha.h>
	42	#endif
	43
	44	RCSID("$Id$");
	45
	46	#ifdef EGD_SOCKET
	47	#ifndef offsetof
	48	# define offsetof(type, member) ((size_t) &((type *)0)->member)
	49	#endif
	50	/* Collect entropy from EGD */
	51	void get_random_bytes(unsigned char *buf, int len)
	52	{
	53	static int egd_socket = -1;
	54	int c;
	55	char egd_message[2] = { 0x02, 0x00 };
	56	struct sockaddr_un addr;
	57	int addr_len;
	58
	59	memset(&addr, '\0', sizeof(addr));
	60	addr.sun_family = AF_UNIX;
	61
	62	/* FIXME: compile time check? */
	63	if (sizeof(EGD_SOCKET) > sizeof(addr.sun_path))
	64	fatal("Random pool path is too long");
65
66	strcpy(addr.sun_path, EGD_SOCKET);
67
68	addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(EGD_SOCKET);
69
70	if (egd_socket == -1) {
71	egd_socket = socket(AF_UNIX, SOCK_STREAM, 0);
72	if (egd_socket == -1)
73	fatal("Couldn't create AF_UNIX socket: %s", strerror(errno));
74	if (connect(egd_socket, (struct sockaddr*)&addr, addr_len) == -1)
75	fatal("Couldn't connect to EGD socket \"%s\": %s", addr.sun_path, strerror(errno));
76	}
77
78	if (len > 255)
79	fatal("Too many bytes to read from EGD");
80
81	/* Send blocking read request to EGD */
82	egd_message[1] = len;
83
84	c = atomicio(write, egd_socket, egd_message, sizeof(egd_message));
85	if (c == -1)
86	fatal("Couldn't write to EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno));
87
88	c = atomicio(read, egd_socket, buf, len);
89	if (c <= 0)
90	fatal("Couldn't read from EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno));
91
92	close(EGD_SOCKET);
93	}
94	#else /* !EGD_SOCKET */
95	#ifdef RANDOM_POOL
96	/* Collect entropy from /dev/urandom or pipe */
97	void get_random_bytes(unsigned char *buf, int len)
98	{
99	static int random_pool = -1;
100	int c;
101
102	if (random_pool == -1) {
103	random_pool = open(RANDOM_POOL, O_RDONLY);
104	if (random_pool == -1)
105	fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
106	}
107
bfc9a610	108	c = atomicio(read, random_pool, buf, len);
	109	if (c <= 0)
	110	fatal("Couldn't read from random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
	111	}
	112	#endif /* RANDOM_POOL */
	113	#endif /* EGD_SOCKET */
	114
	115	#if !defined(EGD_SOCKET) && !defined(RANDOM_POOL)
	116	/*
	117	* FIXME: proper entropy estimations. All current values are guesses
	118	* FIXME: Need timeout for slow moving programs
	119	* FIXME: More entropy sources
	120	*/
	121
	122	double stir_from_system(void);
	123	double stir_from_programs(void);
	124	double stir_gettimeofday(double entropy_estimate);
	125	double stir_clock(double entropy_estimate);
	126	double stir_rusage(int who, double entropy_estimate);
	127	double hash_output_from_command(const char path, const char args, char hash);
	128
	129	typedef struct
	130	{
	131	/* Proportion of data that is entropy */
	132	double rate;
	133	/* Path to executable */
	134	const char *path;
	135	/* argv to pass to executable */
	136	const char *args[5];
	137	} entropy_source_t;
	138
	139	entropy_source_t entropy_sources[] = {
	140	#ifdef PROG_LS
	141	{ 0.002, PROG_LS, { "ls", "-alni", "/var/log", NULL } },
	142	{ 0.002, PROG_LS, { "ls", "-alni", "/var/adm", NULL } },
	143	{ 0.002, PROG_LS, { "ls", "-alni", "/var/mail", NULL } },
	144	{ 0.002, PROG_LS, { "ls", "-alni", "/var/spool/mail", NULL } },
	145	{ 0.002, PROG_LS, { "ls", "-alni", "/proc", NULL } },
	146	{ 0.002, PROG_LS, { "ls", "-alni", "/tmp", NULL } },
	147	#endif
	148	#ifdef PROG_NETSTAT
	149	{ 0.005, PROG_NETSTAT, { "netstat","-an", NULL, NULL } },
	150	{ 0.010, PROG_NETSTAT, { "netstat","-in", NULL, NULL } },
	151	{ 0.002, PROG_NETSTAT, { "netstat","-rn", NULL, NULL } },
	152	{ 0.002, PROG_NETSTAT, { "netstat","-s", NULL, NULL } },
	153	#endif
	154	#ifdef PROG_ARP
	155	{ 0.002, PROG_ARP, { "arp","-a","-n", NULL } },
	156	#endif
	157	#ifdef PROG_IFCONFIG
	158	{ 0.002, PROG_IFCONFIG, { "ifconfig", "-a", NULL, NULL } },
	159	#endif
	160	#ifdef PROG_PS
	161	{ 0.003, PROG_PS, { "ps", "laxww", NULL, NULL } },
	162	{ 0.003, PROG_PS, { "ps", "-al", NULL, NULL } },
	163	{ 0.003, PROG_PS, { "ps", "-efl", NULL, NULL } },
	164	#endif
	165	#ifdef PROG_W
	166	{ 0.005, PROG_W, { "w", NULL, NULL, NULL } },
	167	#endif
	168	#ifdef PROG_WHO
	169	{ 0.001, PROG_WHO, { "who","-i", NULL, NULL } },
	170	#endif
	171	#ifdef PROG_LAST
172	{ 0.001, PROG_LAST, { "last", NULL, NULL, NULL } },
173	#endif
174	#ifdef PROG_LASTLOG
175	{ 0.001, PROG_LASTLOG, { "lastlog", NULL, NULL, NULL } },
176	#endif
177	#ifdef PROG_DF
178	{ 0.010, PROG_DF, { "df", NULL, NULL, NULL } },
179	{ 0.010, PROG_DF, { "df", "-i", NULL, NULL } },
180	#endif
181	#ifdef PROG_VMSTAT
182	{ 0.010, PROG_VMSTAT, { "vmstat", NULL, NULL, NULL } },
183	#endif
184	#ifdef PROG_UPTIME
185	{ 0.001, PROG_UPTIME, { "uptime", NULL, NULL, NULL } },
186	#endif
187	#ifdef PROG_IPCS
188	{ 0.001, PROG_IPCS, { "-a", NULL, NULL, NULL } },
189	#endif
190	#ifdef PROG_TAIL
191	{ 0.001, PROG_TAIL, { "tail", "-200", "/var/log/messages", NULL, NULL } },
192	{ 0.001, PROG_TAIL, { "tail", "-200", "/var/log/syslog", NULL, NULL } },
193	{ 0.001, PROG_TAIL, { "tail", "-200", "/var/adm/messages", NULL, NULL } },
194	{ 0.001, PROG_TAIL, { "tail", "-200", "/var/adm/syslog", NULL, NULL } },
195	{ 0.001, PROG_TAIL, { "tail", "-200", "/var/log/maillog", NULL, NULL } },
196	{ 0.001, PROG_TAIL, { "tail", "-200", "/var/adm/maillog", NULL, NULL } },
197	#endif
198	{ 0.000, NULL, { NULL, NULL, NULL, NULL, NULL } },
199	};
200
bfc9a610	201	double
	202	stir_from_system(void)
	203	{
	204	double total_entropy_estimate;
	205	long int i;
	206
	207	total_entropy_estimate = 0;
	208
	209	i = getpid();
	210	RAND_add(&i, sizeof(i), 0.1);
	211	total_entropy_estimate += 0.1;
	212
	213	i = getppid();
	214	RAND_add(&i, sizeof(i), 0.1);
	215	total_entropy_estimate += 0.1;
	216
	217	i = getuid();
	218	RAND_add(&i, sizeof(i), 0.0);
	219	i = getgid();
	220	RAND_add(&i, sizeof(i), 0.0);
	221
	222	total_entropy_estimate += stir_gettimeofday(1.0);
	223	total_entropy_estimate += stir_clock(0.2);
	224	total_entropy_estimate += stir_rusage(RUSAGE_SELF, 2.0);
	225
	226	return(total_entropy_estimate);
	227	}
	228
	229	double
	230	stir_from_programs(void)
	231	{
	232	int i;
	233	int c;
	234	double entropy_estimate;
	235	double total_entropy_estimate;
	236	char hash[SHA_DIGEST_LENGTH];
	237
	238	/*
	239	* Run through list of programs twice to catch differences
	240	*/
	241	total_entropy_estimate = 0;
	242	for(i = 0; i < 2; i++) {
	243	c = 0;
	244	while (entropy_sources[c].path != NULL) {
	245	/* Hash output from command */
	246	entropy_estimate = hash_output_from_command(entropy_sources[c].path,
	247	entropy_sources[c].args, hash);
	248
	249	/* Scale back entropy estimate according to command's rate */
	250	entropy_estimate *= entropy_sources[c].rate;
	251
	252	/* Upper bound of entropy estimate is SHA_DIGEST_LENGTH */
	253	if (entropy_estimate > SHA_DIGEST_LENGTH)
	254	entropy_estimate = SHA_DIGEST_LENGTH;
	255
	256	/* * Scale back estimates for subsequent passes through list */
	257	entropy_estimate /= 10.0 * (i + 1.0);
	258
	259	/* Stir it in */
	260	RAND_add(hash, sizeof(hash), entropy_estimate);
	261
	262	/* FIXME: turn this off later */
	263	#if 1
	264	debug("Got %0.2f bytes of entropy from %s", entropy_estimate,
265	entropy_sources[c].path);
266	#endif
267
268	total_entropy_estimate += entropy_estimate;
269
270	/* Execution times should be a little unpredictable */
271	total_entropy_estimate += stir_gettimeofday(0.05);
272	total_entropy_estimate += stir_clock(0.05);
273	total_entropy_estimate += stir_rusage(RUSAGE_SELF, 0.1);
274	total_entropy_estimate += stir_rusage(RUSAGE_CHILDREN, 0.1);
275
276	c++;
277	}
278	}
279
280	return(total_entropy_estimate);
281	}
282
283	double
284	stir_gettimeofday(double entropy_estimate)
285	{
286	struct timeval tv;
287
288	if (gettimeofday(&tv, NULL) == -1)
289	fatal("Couldn't gettimeofday: %s", strerror(errno));
290
291	RAND_add(&tv, sizeof(tv), entropy_estimate);
292
293	return(entropy_estimate);
294	}
295
296	double
297	stir_clock(double entropy_estimate)
298	{
299	#ifdef HAVE_CLOCK
300	clock_t c;
301
302	c = clock();
303	RAND_add(&c, sizeof(c), entropy_estimate);
304
305	return(entropy_estimate);
306	#else /* _HAVE_CLOCK */
307	return(0);
308	#endif /* _HAVE_CLOCK */
309	}
310
311	double
312	stir_rusage(int who, double entropy_estimate)
313	{
314	#ifdef HAVE_GETRUSAGE
315	struct rusage ru;
316
317	if (getrusage(who, &ru) == -1)
318	fatal("Couldn't getrusage: %s", strerror(errno));
319
320	RAND_add(&ru, sizeof(ru), 0.1);
321
322	return(entropy_estimate);
323	#else /* _HAVE_GETRUSAGE */
324	return(0);
325	#endif /* _HAVE_GETRUSAGE */
326	}
327
328	double
329	hash_output_from_command(const char path, const char args, char hash)
330	{
331	static int devnull = -1;
332	int p[2];
333	pid_t pid;
334	int status;
335	char buf[2048];
336	int bytes_read;
337	int total_bytes_read;
338	SHA_CTX sha;
339
340	if (devnull == -1) {
341	devnull = open("/dev/null", O_RDWR);
342	if (devnull == -1)
343	fatal("Couldn't open /dev/null: %s", strerror(errno));
344	}
345
346	if (pipe(p) == -1)
347	fatal("Couldn't open pipe: %s", strerror(errno));
348
349	switch (pid = fork()) {
350	case -1: /* Error */
351	close(p[0]);
352	close(p[1]);
353	fatal("Couldn't fork: %s", strerror(errno));
354	/* NOTREACHED */
355	case 0: /* Child */
356	close(0);
357	close(1);
358	close(2);
359	dup2(devnull, 0);
360	dup2(p[1], 1);
361	dup2(p[1], 2);
362	close(p[0]);
363	close(p[1]);
364	close(devnull);
365
366	execv(path, (char**)args);
367	debug("(child) Couldn't exec '%s': %s", path, strerror(errno));
368	_exit(-1);
369	default: /* Parent */
370	break;
371	}
372
373	RAND_add(&pid, sizeof(&pid), 0.0);
374
375	close(p[1]);
376
377	/* Hash output from child */
378	SHA1_Init(&sha);
379	total_bytes_read = 0;
380	while ((bytes_read = read(p[0], buf, sizeof(buf))) > 0) {
381	SHA1_Update(&sha, buf, bytes_read);
382	total_bytes_read += bytes_read;
383	RAND_add(&bytes_read, sizeof(&bytes_read), 0.0);
384	}
385	SHA1_Final(hash, &sha);
386
387	close(p[0]);
388
389	if (waitpid(pid, &status, 0) == -1) {
390	error("Couldn't wait for child '%s' completion: %s", path,
391	strerror(errno));
392	return(-1);
393	}
394
395	RAND_add(&status, sizeof(&status), 0.0);
396
397	if (!WIFEXITED(status) \|\| (WEXITSTATUS(status) != 0))
398	return(0.0);
399	else
400	return(total_bytes_read);
401	}
402	#endif /* defined(EGD_SOCKET) \|\| defined(RANDOM_POOL) */
403
404	#if defined(EGD_SOCKET) \|\| defined(RANDOM_POOL)
405	/*
406	* Seed OpenSSL's random number pool from Kernel random number generator
407	* or EGD
408	*/
409	void
410	seed_rng(void)
411	{
412	char buf[32];
413
414	debug("Seeding random number generator");
415	get_random_bytes(buf, sizeof(buf));
416	RAND_add(buf, sizeof(buf), sizeof(buf));
417	memset(buf, '\0', sizeof(buf));
418	}
419	#else /* defined(EGD_SOCKET) \|\| defined(RANDOM_POOL) */
420	/*
421	* Conditionally Seed OpenSSL's random number pool syscalls and program output
422	*/
423	void
424	seed_rng(void)
425	{
6c081128	426	debug("Seeding random number generator.");
	427	debug("OpenSSL random status is now %i\n", RAND_status());
	428	debug("%i bytes from system calls", (int)stir_from_system());
	429	debug("%i bytes from programs", (int)stir_from_programs());
	430	debug("OpenSSL random status is now %i\n", RAND_status());
bfc9a610	431	}
bfc9a610	432	#endif /* defined(EGD_SOCKET) \|\| defined(RANDOM_POOL) */