[openssh.git] / entropy.c

/*
 * Copyright (c) 2000 Damien Miller.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *      This product includes software developed by Markus Friedl.
 * 4. The name of the author may not be used to endorse or promote products
 *    derived from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include "includes.h"

#include "ssh.h"
#include "xmalloc.h"

#ifdef HAVE_OPENSSL
# include <openssl/rand.h>
# include <openssl/sha.h>
#endif
#ifdef HAVE_SSL
# include <ssl/rand.h>
# include <ssl/sha.h>
#endif

RCSID("$Id$");

#ifdef EGD_SOCKET
#ifndef offsetof
# define offsetof(type, member) ((size_t) &((type *)0)->member)
#endif
/* Collect entropy from EGD */
void get_random_bytes(unsigned char *buf, int len)
{
	static int egd_socket = -1;
	int c;
	char egd_message[2] = { 0x02, 0x00 };
	struct sockaddr_un addr;
	int addr_len;

	memset(&addr, '\0', sizeof(addr));
	addr.sun_family = AF_UNIX;
	
	/* FIXME: compile time check? */
	if (sizeof(EGD_SOCKET) > sizeof(addr.sun_path))
		fatal("Random pool path is too long");
	
	strcpy(addr.sun_path, EGD_SOCKET);
	
	addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(EGD_SOCKET);
	
	if (egd_socket == -1) {
		egd_socket = socket(AF_UNIX, SOCK_STREAM, 0);
		if (egd_socket == -1)
			fatal("Couldn't create AF_UNIX socket: %s", strerror(errno));
		if (connect(egd_socket, (struct sockaddr*)&addr, addr_len) == -1)
			fatal("Couldn't connect to EGD socket \"%s\": %s", addr.sun_path, strerror(errno));
	}	

	if (len > 255)
		fatal("Too many bytes to read from EGD");
	
	/* Send blocking read request to EGD */
	egd_message[1] = len;

	c = atomicio(write, egd_socket, egd_message, sizeof(egd_message));
	if (c == -1)
		fatal("Couldn't write to EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno));

	c = atomicio(read, egd_socket, buf, len);
	if (c <= 0)
		fatal("Couldn't read from EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno));
	
	close(EGD_SOCKET);
}
#else /* !EGD_SOCKET */
#ifdef RANDOM_POOL
/* Collect entropy from /dev/urandom or pipe */
void get_random_bytes(unsigned char *buf, int len)
{
	static int random_pool = -1;
	int c;

	if (random_pool == -1) {
		random_pool = open(RANDOM_POOL, O_RDONLY);
		if (random_pool == -1)
			fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
	}
	
	verbose("randfd: %i", random_pool);

	c = atomicio(read, random_pool, buf, len);
	if (c <= 0)
		fatal("Couldn't read from random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
}
#endif /* RANDOM_POOL */
#endif /* EGD_SOCKET */

#if !defined(EGD_SOCKET) && !defined(RANDOM_POOL)
/* 
 * FIXME: proper entropy estimations. All current values are guesses
 * FIXME: Need timeout for slow moving programs
 * FIXME: More entropy sources
 */

double stir_from_system(void);
double stir_from_programs(void);
double stir_gettimeofday(double entropy_estimate);
double stir_clock(double entropy_estimate);
double stir_rusage(int who, double entropy_estimate);
double hash_output_from_command(const char *path, const char **args, char *hash);

typedef struct
{
	/* Proportion of data that is entropy */
	double rate;
	/* Path to executable */
	const char *path;
	/* argv to pass to executable */
	const char *args[5];
} entropy_source_t;

entropy_source_t entropy_sources[] = {
#ifdef PROG_LS
	{ 0.002, PROG_LS,       { "ls", "-alni", "/var/log", NULL } },
	{ 0.002, PROG_LS,       { "ls", "-alni", "/var/adm", NULL } },
	{ 0.002, PROG_LS,       { "ls", "-alni", "/var/mail", NULL } },
	{ 0.002, PROG_LS,       { "ls", "-alni", "/var/spool/mail", NULL } },
	{ 0.002, PROG_LS,       { "ls", "-alni", "/proc", NULL } },
	{ 0.002, PROG_LS,       { "ls", "-alni", "/tmp", NULL } },
#endif
#ifdef PROG_NETSTAT
	{ 0.005, PROG_NETSTAT,  { "netstat","-an", NULL, NULL } },
	{ 0.010, PROG_NETSTAT,  { "netstat","-in", NULL, NULL } },
	{ 0.002, PROG_NETSTAT,  { "netstat","-rn", NULL, NULL } },
	{ 0.002, PROG_NETSTAT,  { "netstat","-s", NULL, NULL } },
#endif
#ifdef PROG_ARP
	{ 0.002, PROG_ARP,      { "arp","-a","-n", NULL } },
#endif
#ifdef PROG_IFCONFIG
	{ 0.002, PROG_IFCONFIG, { "ifconfig", "-a", NULL, NULL } },
#endif
#ifdef PROG_PS
	{ 0.003, PROG_PS,       { "ps", "laxww", NULL, NULL } },
	{ 0.003, PROG_PS,       { "ps", "-al", NULL, NULL } },
	{ 0.003, PROG_PS,       { "ps", "-efl", NULL, NULL } },
#endif
#ifdef PROG_W
	{ 0.005, PROG_W,        { "w", NULL, NULL, NULL } },
#endif
#ifdef PROG_WHO
	{ 0.001, PROG_WHO,      { "who","-i", NULL, NULL } },
#endif
#ifdef PROG_LAST
	{ 0.001, PROG_LAST,     { "last", NULL, NULL, NULL } },
#endif
#ifdef PROG_LASTLOG
	{ 0.001, PROG_LASTLOG,  { "lastlog", NULL, NULL, NULL } },
#endif
#ifdef PROG_DF
	{ 0.010, PROG_DF,       { "df", NULL, NULL, NULL } },
	{ 0.010, PROG_DF,       { "df", "-i", NULL, NULL } },
#endif
#ifdef PROG_VMSTAT
	{ 0.010, PROG_VMSTAT,   { "vmstat", NULL, NULL, NULL } },
#endif
#ifdef PROG_UPTIME
	{ 0.001, PROG_UPTIME,   { "uptime", NULL, NULL, NULL } },
#endif
#ifdef PROG_IPCS
	{ 0.001, PROG_IPCS,     { "-a", NULL, NULL, NULL } },
#endif
#ifdef PROG_TAIL
	{ 0.001, PROG_TAIL,     { "tail", "-200", "/var/log/messages", NULL, NULL } },
	{ 0.001, PROG_TAIL,     { "tail", "-200", "/var/log/syslog", NULL, NULL } },
	{ 0.001, PROG_TAIL,     { "tail", "-200", "/var/adm/messages", NULL, NULL } },
	{ 0.001, PROG_TAIL,     { "tail", "-200", "/var/adm/syslog", NULL, NULL } },
	{ 0.001, PROG_TAIL,     { "tail", "-200", "/var/log/maillog", NULL, NULL } },
	{ 0.001, PROG_TAIL,     { "tail", "-200", "/var/adm/maillog", NULL, NULL } },
#endif
	{ 0.000, NULL,          { NULL, NULL, NULL, NULL, NULL } },
};


double 
stir_from_system(void)
{
	double total_entropy_estimate;
	long int i;
	
	total_entropy_estimate = 0;
	
	i = getpid();
	RAND_add(&i, sizeof(i), 0.1);
	total_entropy_estimate += 0.1;
	
	i = getppid();
	RAND_add(&i, sizeof(i), 0.1);
	total_entropy_estimate += 0.1;

	i = getuid();
	RAND_add(&i, sizeof(i), 0.0);
	i = getgid();
	RAND_add(&i, sizeof(i), 0.0);

	total_entropy_estimate += stir_gettimeofday(1.0);
	total_entropy_estimate += stir_clock(0.2);
	total_entropy_estimate += stir_rusage(RUSAGE_SELF, 2.0);

	return(total_entropy_estimate);
}

double 
stir_from_programs(void)
{
	int i;
	int c;
	double entropy_estimate;
	double total_entropy_estimate;
	char hash[SHA_DIGEST_LENGTH];

	/*
	 * Run through list of programs twice to catch differences
	 */
	total_entropy_estimate = 0;
	for(i = 0; i < 2; i++) {
		c = 0;
		while (entropy_sources[c].path != NULL) {
			/* Hash output from command */
			entropy_estimate = hash_output_from_command(entropy_sources[c].path,
				entropy_sources[c].args, hash);

			/* Scale back entropy estimate according to command's rate */
			entropy_estimate *= entropy_sources[c].rate;
 
			/* Upper bound of entropy estimate is SHA_DIGEST_LENGTH */
			if (entropy_estimate > SHA_DIGEST_LENGTH)
				entropy_estimate = SHA_DIGEST_LENGTH;

 			/* * Scale back estimates for subsequent passes through list */
			entropy_estimate /= 10.0 * (i + 1.0);
			
			/* Stir it in */
			RAND_add(hash, sizeof(hash), entropy_estimate);

/* FIXME: turn this off later */
#if 1
			debug("Got %0.2f bytes of entropy from %s", entropy_estimate, 
				entropy_sources[c].path);
#endif

			total_entropy_estimate += entropy_estimate;

			/* Execution times should be a little unpredictable */
			total_entropy_estimate += stir_gettimeofday(0.05);
			total_entropy_estimate += stir_clock(0.05);
			total_entropy_estimate += stir_rusage(RUSAGE_SELF, 0.1);
			total_entropy_estimate += stir_rusage(RUSAGE_CHILDREN, 0.1);
			
			c++;
		}
	}
	
	return(total_entropy_estimate);
}

double
stir_gettimeofday(double entropy_estimate)
{
	struct timeval tv;
	
	if (gettimeofday(&tv, NULL) == -1)
		fatal("Couldn't gettimeofday: %s", strerror(errno));

	RAND_add(&tv, sizeof(tv), entropy_estimate);
	
	return(entropy_estimate);
}

double
stir_clock(double entropy_estimate)
{
#ifdef HAVE_CLOCK
	clock_t c;
	
	c = clock();
	RAND_add(&c, sizeof(c), entropy_estimate);
	
	return(entropy_estimate);
#else /* _HAVE_CLOCK */
	return(0);
#endif /* _HAVE_CLOCK */
}

double
stir_rusage(int who, double entropy_estimate)
{
#ifdef HAVE_GETRUSAGE
	struct rusage ru;
	
   if (getrusage(who, &ru) == -1)
		fatal("Couldn't getrusage: %s", strerror(errno));

	RAND_add(&ru, sizeof(ru), 0.1);

	return(entropy_estimate);
#else /* _HAVE_GETRUSAGE */
	return(0);
#endif /* _HAVE_GETRUSAGE */
}

double
hash_output_from_command(const char *path, const char **args, char *hash)
{
	static int devnull = -1;
	int p[2];
	pid_t pid;
	int status;
	char buf[2048];
	int bytes_read;
	int total_bytes_read;
	SHA_CTX sha;
	
	if (devnull == -1) {
		devnull = open("/dev/null", O_RDWR);
		if (devnull == -1)
			fatal("Couldn't open /dev/null: %s", strerror(errno));
	}
	
	if (pipe(p) == -1)
		fatal("Couldn't open pipe: %s", strerror(errno));

	switch (pid = fork()) {
		case -1: /* Error */
			close(p[0]);
			close(p[1]);
			fatal("Couldn't fork: %s", strerror(errno));
			/* NOTREACHED */
		case 0: /* Child */
			close(0);
			close(1);
			close(2);
			dup2(devnull, 0);
			dup2(p[1], 1);
			dup2(p[1], 2);
			close(p[0]);
			close(p[1]);
			close(devnull);

			execv(path, (char**)args);
			debug("(child) Couldn't exec '%s': %s", path, strerror(errno));
			_exit(-1);
		default: /* Parent */
			break;
	}

	RAND_add(&pid, sizeof(&pid), 0.0);

	close(p[1]);

	/* Hash output from child */
	SHA1_Init(&sha);
	total_bytes_read = 0;
	while ((bytes_read = read(p[0], buf, sizeof(buf)))	> 0) {
		SHA1_Update(&sha, buf, bytes_read);
		total_bytes_read += bytes_read;
		RAND_add(&bytes_read, sizeof(&bytes_read), 0.0);
	}
	SHA1_Final(hash, &sha);

	close(p[0]);
	
	if (waitpid(pid, &status, 0) == -1) {
		error("Couldn't wait for child '%s' completion: %s", path, 
			strerror(errno));
		return(-1);
	}

	RAND_add(&status, sizeof(&status), 0.0);

	if (!WIFEXITED(status) || (WEXITSTATUS(status) != 0))
		return(0.0);
	else
		return(total_bytes_read);
}
#endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */

#if defined(EGD_SOCKET) || defined(RANDOM_POOL)
/*
 * Seed OpenSSL's random number pool from Kernel random number generator
 * or EGD
 */
void
seed_rng(void)
{
	char buf[32];
	
	debug("Seeding random number generator");
	get_random_bytes(buf, sizeof(buf));
	RAND_add(buf, sizeof(buf), sizeof(buf));
	memset(buf, '\0', sizeof(buf));
}
#else /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */
/*
 * Conditionally Seed OpenSSL's random number pool syscalls and program output
 */
void
seed_rng(void)
{
	if (!RAND_status()) {
		debug("Seeding random number generator.");
		debug("%i bytes from system calls", (int)stir_from_system());
		debug("%i bytes from programs", (int)stir_from_programs());
		debug("OpenSSL random status is now %i\n", RAND_status());
	}
}
#endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */
Commit	Line	Data
bfc9a610	1	/*
	2	* Copyright (c) 2000 Damien Miller. All rights reserved.
	3	*
	4	* Redistribution and use in source and binary forms, with or without
	5	* modification, are permitted provided that the following conditions
	6	* are met:
	7	* 1. Redistributions of source code must retain the above copyright
	8	* notice, this list of conditions and the following disclaimer.
	9	* 2. Redistributions in binary form must reproduce the above copyright
	10	* notice, this list of conditions and the following disclaimer in the
	11	* documentation and/or other materials provided with the distribution.
	12	* 3. All advertising materials mentioning features or use of this software
	13	* must display the following acknowledgement:
	14	* This product includes software developed by Markus Friedl.
	15	* 4. The name of the author may not be used to endorse or promote products
	16	* derived from this software without specific prior written permission.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	19	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	20	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	21	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	22	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	23	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	24	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	25	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	26	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	27	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	28	*/
	29
	30	#include "includes.h"
	31
	32	#include "ssh.h"
	33	#include "xmalloc.h"
	34
	35	#ifdef HAVE_OPENSSL
	36	# include <openssl/rand.h>
	37	# include <openssl/sha.h>
	38	#endif
	39	#ifdef HAVE_SSL
	40	# include <ssl/rand.h>
	41	# include <ssl/sha.h>
	42	#endif
	43
	44	RCSID("$Id$");
	45
	46	#ifdef EGD_SOCKET
	47	#ifndef offsetof
	48	# define offsetof(type, member) ((size_t) &((type *)0)->member)
	49	#endif
	50	/* Collect entropy from EGD */
	51	void get_random_bytes(unsigned char *buf, int len)
	52	{
	53	static int egd_socket = -1;
	54	int c;
	55	char egd_message[2] = { 0x02, 0x00 };
	56	struct sockaddr_un addr;
	57	int addr_len;
	58
	59	memset(&addr, '\0', sizeof(addr));
	60	addr.sun_family = AF_UNIX;
	61
	62	/* FIXME: compile time check? */
	63	if (sizeof(EGD_SOCKET) > sizeof(addr.sun_path))
	64	fatal("Random pool path is too long");
65
66	strcpy(addr.sun_path, EGD_SOCKET);
67
68	addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(EGD_SOCKET);
69
70	if (egd_socket == -1) {
71	egd_socket = socket(AF_UNIX, SOCK_STREAM, 0);
72	if (egd_socket == -1)
73	fatal("Couldn't create AF_UNIX socket: %s", strerror(errno));
74	if (connect(egd_socket, (struct sockaddr*)&addr, addr_len) == -1)
75	fatal("Couldn't connect to EGD socket \"%s\": %s", addr.sun_path, strerror(errno));
76	}
77
78	if (len > 255)
79	fatal("Too many bytes to read from EGD");
80
81	/* Send blocking read request to EGD */
82	egd_message[1] = len;
83
84	c = atomicio(write, egd_socket, egd_message, sizeof(egd_message));
85	if (c == -1)
86	fatal("Couldn't write to EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno));
87
88	c = atomicio(read, egd_socket, buf, len);
89	if (c <= 0)
90	fatal("Couldn't read from EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno));
91
92	close(EGD_SOCKET);
93	}
94	#else /* !EGD_SOCKET */
95	#ifdef RANDOM_POOL
96	/* Collect entropy from /dev/urandom or pipe */
97	void get_random_bytes(unsigned char *buf, int len)
98	{
99	static int random_pool = -1;
100	int c;
101
102	if (random_pool == -1) {
103	random_pool = open(RANDOM_POOL, O_RDONLY);
104	if (random_pool == -1)
105	fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
106	}
107
108	verbose("randfd: %i", random_pool);
109
110	c = atomicio(read, random_pool, buf, len);
111	if (c <= 0)
112	fatal("Couldn't read from random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
113	}
114	#endif /* RANDOM_POOL */
115	#endif /* EGD_SOCKET */
116
117	#if !defined(EGD_SOCKET) && !defined(RANDOM_POOL)
118	/*
119	* FIXME: proper entropy estimations. All current values are guesses
120	* FIXME: Need timeout for slow moving programs
121	* FIXME: More entropy sources
122	*/
123
124	double stir_from_system(void);
125	double stir_from_programs(void);
126	double stir_gettimeofday(double entropy_estimate);
127	double stir_clock(double entropy_estimate);
128	double stir_rusage(int who, double entropy_estimate);
129	double hash_output_from_command(const char path, const char args, char hash);
130
131	typedef struct
132	{
133	/* Proportion of data that is entropy */
134	double rate;
135	/* Path to executable */
136	const char *path;
137	/* argv to pass to executable */
138	const char *args[5];
139	} entropy_source_t;
140
141	entropy_source_t entropy_sources[] = {
142	#ifdef PROG_LS
143	{ 0.002, PROG_LS, { "ls", "-alni", "/var/log", NULL } },
144	{ 0.002, PROG_LS, { "ls", "-alni", "/var/adm", NULL } },
145	{ 0.002, PROG_LS, { "ls", "-alni", "/var/mail", NULL } },
146	{ 0.002, PROG_LS, { "ls", "-alni", "/var/spool/mail", NULL } },
147	{ 0.002, PROG_LS, { "ls", "-alni", "/proc", NULL } },
148	{ 0.002, PROG_LS, { "ls", "-alni", "/tmp", NULL } },
149	#endif
150	#ifdef PROG_NETSTAT
151	{ 0.005, PROG_NETSTAT, { "netstat","-an", NULL, NULL } },
152	{ 0.010, PROG_NETSTAT, { "netstat","-in", NULL, NULL } },
153	{ 0.002, PROG_NETSTAT, { "netstat","-rn", NULL, NULL } },
154	{ 0.002, PROG_NETSTAT, { "netstat","-s", NULL, NULL } },
155	#endif
156	#ifdef PROG_ARP
157	{ 0.002, PROG_ARP, { "arp","-a","-n", NULL } },
158	#endif
159	#ifdef PROG_IFCONFIG
160	{ 0.002, PROG_IFCONFIG, { "ifconfig", "-a", NULL, NULL } },
161	#endif
162	#ifdef PROG_PS
163	{ 0.003, PROG_PS, { "ps", "laxww", NULL, NULL } },
164	{ 0.003, PROG_PS, { "ps", "-al", NULL, NULL } },
165	{ 0.003, PROG_PS, { "ps", "-efl", NULL, NULL } },
166	#endif
167	#ifdef PROG_W
168	{ 0.005, PROG_W, { "w", NULL, NULL, NULL } },
169	#endif
170	#ifdef PROG_WHO
171	{ 0.001, PROG_WHO, { "who","-i", NULL, NULL } },
172	#endif
173	#ifdef PROG_LAST
174	{ 0.001, PROG_LAST, { "last", NULL, NULL, NULL } },
175	#endif
176	#ifdef PROG_LASTLOG
177	{ 0.001, PROG_LASTLOG, { "lastlog", NULL, NULL, NULL } },
178	#endif
179	#ifdef PROG_DF
180	{ 0.010, PROG_DF, { "df", NULL, NULL, NULL } },
181	{ 0.010, PROG_DF, { "df", "-i", NULL, NULL } },
182	#endif
183	#ifdef PROG_VMSTAT
184	{ 0.010, PROG_VMSTAT, { "vmstat", NULL, NULL, NULL } },
185	#endif
186	#ifdef PROG_UPTIME
187	{ 0.001, PROG_UPTIME, { "uptime", NULL, NULL, NULL } },
188	#endif
189	#ifdef PROG_IPCS
190	{ 0.001, PROG_IPCS, { "-a", NULL, NULL, NULL } },
191	#endif
192	#ifdef PROG_TAIL
193	{ 0.001, PROG_TAIL, { "tail", "-200", "/var/log/messages", NULL, NULL } },
194	{ 0.001, PROG_TAIL, { "tail", "-200", "/var/log/syslog", NULL, NULL } },
195	{ 0.001, PROG_TAIL, { "tail", "-200", "/var/adm/messages", NULL, NULL } },
196	{ 0.001, PROG_TAIL, { "tail", "-200", "/var/adm/syslog", NULL, NULL } },
197	{ 0.001, PROG_TAIL, { "tail", "-200", "/var/log/maillog", NULL, NULL } },
198	{ 0.001, PROG_TAIL, { "tail", "-200", "/var/adm/maillog", NULL, NULL } },
199	#endif
200	{ 0.000, NULL, { NULL, NULL, NULL, NULL, NULL } },
201	};
202
203
204	double
205	stir_from_system(void)
206	{
207	double total_entropy_estimate;
208	long int i;
209
210	total_entropy_estimate = 0;
211
212	i = getpid();
213	RAND_add(&i, sizeof(i), 0.1);
214	total_entropy_estimate += 0.1;
215
216	i = getppid();
217	RAND_add(&i, sizeof(i), 0.1);
218	total_entropy_estimate += 0.1;
219
220	i = getuid();
221	RAND_add(&i, sizeof(i), 0.0);
222	i = getgid();
223	RAND_add(&i, sizeof(i), 0.0);
224
225	total_entropy_estimate += stir_gettimeofday(1.0);
226	total_entropy_estimate += stir_clock(0.2);
227	total_entropy_estimate += stir_rusage(RUSAGE_SELF, 2.0);
228
229	return(total_entropy_estimate);
230	}
231
232	double
233	stir_from_programs(void)
234	{
235	int i;
236	int c;
237	double entropy_estimate;
238	double total_entropy_estimate;
239	char hash[SHA_DIGEST_LENGTH];
240
241	/*
242	* Run through list of programs twice to catch differences
243	*/
244	total_entropy_estimate = 0;
245	for(i = 0; i < 2; i++) {
246	c = 0;
247	while (entropy_sources[c].path != NULL) {
248	/* Hash output from command */
249	entropy_estimate = hash_output_from_command(entropy_sources[c].path,
250	entropy_sources[c].args, hash);
251
252	/* Scale back entropy estimate according to command's rate */
253	entropy_estimate *= entropy_sources[c].rate;
254
255	/* Upper bound of entropy estimate is SHA_DIGEST_LENGTH */
256	if (entropy_estimate > SHA_DIGEST_LENGTH)
257	entropy_estimate = SHA_DIGEST_LENGTH;
258
259	/* * Scale back estimates for subsequent passes through list */
260	entropy_estimate /= 10.0 * (i + 1.0);
261
262	/* Stir it in */
263	RAND_add(hash, sizeof(hash), entropy_estimate);
264
265	/* FIXME: turn this off later */
266	#if 1
267	debug("Got %0.2f bytes of entropy from %s", entropy_estimate,
268	entropy_sources[c].path);
269	#endif
270
271	total_entropy_estimate += entropy_estimate;
272
273	/* Execution times should be a little unpredictable */
274	total_entropy_estimate += stir_gettimeofday(0.05);
275	total_entropy_estimate += stir_clock(0.05);
276	total_entropy_estimate += stir_rusage(RUSAGE_SELF, 0.1);
277	total_entropy_estimate += stir_rusage(RUSAGE_CHILDREN, 0.1);
278
279	c++;
280	}
281	}
282
283	return(total_entropy_estimate);
284	}
285
286	double
287	stir_gettimeofday(double entropy_estimate)
288	{
289	struct timeval tv;
290
291	if (gettimeofday(&tv, NULL) == -1)
292	fatal("Couldn't gettimeofday: %s", strerror(errno));
293
294	RAND_add(&tv, sizeof(tv), entropy_estimate);
295
296	return(entropy_estimate);
297	}
298
299	double
300	stir_clock(double entropy_estimate)
301	{
302	#ifdef HAVE_CLOCK
303	clock_t c;
304
305	c = clock();
306	RAND_add(&c, sizeof(c), entropy_estimate);
307
308	return(entropy_estimate);
309	#else /* _HAVE_CLOCK */
310	return(0);
311	#endif /* _HAVE_CLOCK */
312	}
313
314	double
315	stir_rusage(int who, double entropy_estimate)
316	{
317	#ifdef HAVE_GETRUSAGE
318	struct rusage ru;
319
320	if (getrusage(who, &ru) == -1)
321	fatal("Couldn't getrusage: %s", strerror(errno));
322
323	RAND_add(&ru, sizeof(ru), 0.1);
324
325	return(entropy_estimate);
326	#else /* _HAVE_GETRUSAGE */
327	return(0);
328	#endif /* _HAVE_GETRUSAGE */
329	}
330
331	double
332	hash_output_from_command(const char path, const char args, char hash)
333	{
334	static int devnull = -1;
335	int p[2];
336	pid_t pid;
337	int status;
338	char buf[2048];
339	int bytes_read;
340	int total_bytes_read;
341	SHA_CTX sha;
342
343	if (devnull == -1) {
344	devnull = open("/dev/null", O_RDWR);
345	if (devnull == -1)
346	fatal("Couldn't open /dev/null: %s", strerror(errno));
347	}
348
349	if (pipe(p) == -1)
350	fatal("Couldn't open pipe: %s", strerror(errno));
351
352	switch (pid = fork()) {
353	case -1: /* Error */
354	close(p[0]);
355	close(p[1]);
356	fatal("Couldn't fork: %s", strerror(errno));
357	/* NOTREACHED */
358	case 0: /* Child */
359	close(0);
360	close(1);
361	close(2);
362	dup2(devnull, 0);
363	dup2(p[1], 1);
364	dup2(p[1], 2);
365	close(p[0]);
366	close(p[1]);
367	close(devnull);
368
369	execv(path, (char**)args);
370	debug("(child) Couldn't exec '%s': %s", path, strerror(errno));
371	_exit(-1);
372	default: /* Parent */
373	break;
374	}
375
376	RAND_add(&pid, sizeof(&pid), 0.0);
377
378	close(p[1]);
379
380	/* Hash output from child */
381	SHA1_Init(&sha);
382	total_bytes_read = 0;
383	while ((bytes_read = read(p[0], buf, sizeof(buf))) > 0) {
384	SHA1_Update(&sha, buf, bytes_read);
385	total_bytes_read += bytes_read;
386	RAND_add(&bytes_read, sizeof(&bytes_read), 0.0);
387	}
388	SHA1_Final(hash, &sha);
389
390	close(p[0]);
391
392	if (waitpid(pid, &status, 0) == -1) {
393	error("Couldn't wait for child '%s' completion: %s", path,
394	strerror(errno));
395	return(-1);
396	}
397
398	RAND_add(&status, sizeof(&status), 0.0);
399
400	if (!WIFEXITED(status) \|\| (WEXITSTATUS(status) != 0))
401	return(0.0);
402	else
403	return(total_bytes_read);
404	}
405	#endif /* defined(EGD_SOCKET) \|\| defined(RANDOM_POOL) */
406
407	#if defined(EGD_SOCKET) \|\| defined(RANDOM_POOL)
408	/*
409	* Seed OpenSSL's random number pool from Kernel random number generator
410	* or EGD
411	*/
412	void
413	seed_rng(void)
414	{
415	char buf[32];
416
417	debug("Seeding random number generator");
418	get_random_bytes(buf, sizeof(buf));
419	RAND_add(buf, sizeof(buf), sizeof(buf));
420	memset(buf, '\0', sizeof(buf));
421	}
422	#else /* defined(EGD_SOCKET) \|\| defined(RANDOM_POOL) */
423	/*
424	* Conditionally Seed OpenSSL's random number pool syscalls and program output
425	*/
426	void
427	seed_rng(void)
428	{
429	if (!RAND_status()) {
430	debug("Seeding random number generator.");
431	debug("%i bytes from system calls", (int)stir_from_system());
432	debug("%i bytes from programs", (int)stir_from_programs());
433	debug("OpenSSL random status is now %i\n", RAND_status());
434	}
435	}
436	#endif /* defined(EGD_SOCKET) \|\| defined(RANDOM_POOL) */