isc_result_t
dst__openssl_init() {
isc_result_t result;
#ifdef DNS_CRYPTO_LEAKS
CRYPTO_malloc_debug_init();
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
#endif
CRYPTO_set_mem_functions(mem_alloc, mem_realloc, mem_free);
nlocks = CRYPTO_num_locks();
locks = mem_alloc(sizeof(isc_mutex_t) * nlocks);
if (locks == NULL)
return (ISC_R_NOMEMORY);
result = isc_mutexblock_init(locks, nlocks);
if (result != ISC_R_SUCCESS)
goto cleanup_mutexalloc;
CRYPTO_set_locking_callback(lock_callback);
CRYPTO_set_id_callback(id_callback);
rm = mem_alloc(sizeof(RAND_METHOD));
if (rm == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup_mutexinit;
}
rm->seed = NULL;
rm->bytes = entropy_get;
rm->cleanup = NULL;
rm->add = entropy_add;
rm->pseudorand = entropy_getpseudo;
rm->status = entropy_status;
#ifdef USE_ENGINE
e = ENGINE_new();
if (e == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup_rm;
}
ENGINE_set_RAND(e, rm);
RAND_set_rand_method(rm);
#else
RAND_set_rand_method(rm);
#endif /* USE_ENGINE */
return (ISC_R_SUCCESS);
#ifdef USE_ENGINE
cleanup_rm:
mem_free(rm);
#endif
cleanup_mutexinit:
CRYPTO_set_locking_callback(NULL);
DESTROYMUTEXBLOCK(locks, nlocks);
cleanup_mutexalloc:
mem_free(locks);
return (result);
}
/*
* OpenSSL random should re-feeded occasionally. From /dev/urandom
* preferably.
*/
static void
init_openssl_rand(void)
{
if (RAND_get_rand_method() == NULL)
{
#ifdef HAVE_RAND_OPENSSL
RAND_set_rand_method(RAND_OpenSSL());
#else
RAND_set_rand_method(RAND_SSLeay());
#endif
}
openssl_random_init = 1;
}
int restore_rand(void)
{
if (!RAND_set_rand_method(old_rand))
return 0;
else
return 1;
}
/*
* OpenSSL random should re-feeded occasionally. From /dev/urandom
* preferably.
*/
static void
init_openssl_rand(void)
{
if (RAND_get_rand_method() == NULL)
RAND_set_rand_method(RAND_SSLeay());
openssl_random_init = 1;
}
void RAND_cleanup(void)
{
const RAND_METHOD *meth = RAND_get_rand_method();
if (meth && meth->cleanup)
meth->cleanup();
RAND_set_rand_method(NULL);
}
void set_random_seed_for_testing(const fc::sha512& new_seed)
{
_warn();
RAND_set_rand_method(&deterministic_rand_vtable);
seed = new_seed;
return;
}
void RAND_cleanup(void)
{
const RAND_METHOD *meth = RAND_get_rand_method();
if (meth && meth->cleanup)
meth->cleanup();
#ifndef OPERA_SMALL_VERSION
RAND_set_rand_method(NULL);
#endif // !OPERA_SMALL_VERSION
}
void rand_cleanup_int(void)
{
const RAND_METHOD *meth = default_RAND_meth;
if (meth && meth->cleanup)
meth->cleanup();
RAND_set_rand_method(NULL);
CRYPTO_THREAD_lock_free(rand_meth_lock);
#ifndef OPENSSL_NO_ENGINE
CRYPTO_THREAD_lock_free(rand_engine_lock);
#endif
}
int FIPS_mode_set(int r)
{
OPENSSL_init();
#ifdef OPENSSL_FIPS
#ifndef FIPS_AUTH_USER_PASS
#define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password"
#endif
if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS))
return 0;
if (r)
RAND_set_rand_method(FIPS_rand_get_method());
else
RAND_set_rand_method(NULL);
return 1;
#else
if (r == 0)
return 1;
CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED);
return 0;
#endif
}
void ENGINE_cleanup(void)
{
if(int_cleanup_check(0))
{
sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack,
engine_cleanup_cb_free);
cleanup_stack = NULL;
}
/* FIXME: This should be handled (somehow) through RAND, eg. by it
* registering a cleanup callback. */
RAND_set_rand_method(NULL);
}
void setup_rng()
{
RAND_METHOD ios_rand {
ios_rand_seed,
ios_rand_bytes,
ios_rand_cleanup,
ios_rand_add,
ios_rand_pseudorand,
ios_rand_status
};
RAND_set_rand_method(&ios_rand);
}
/* called after g_module_check_init(), after shadow searches for __shadow_plugin_init__ */
void __shadow_plugin_init__(ShadowFunctionTable* shadowlibFuncs) {
/* save the shadow functions we will use */
scallion.shadowlibFuncs = shadowlibFuncs;
/* tell shadow which functions it should call to manage nodes */
shadowlibFuncs->registerPlugin(&_scallion_new, &_scallion_free, &_scallion_notify);
shadowlibFuncs->log(SHADOW_LOG_LEVEL_INFO, __FUNCTION__, "finished registering scallion plug-in state");
/* setup openssl locks */
#define OPENSSL_THREAD_DEFINES
#include <openssl/opensslconf.h>
#if defined(OPENSSL_THREADS)
/* thread support enabled */
/* make sure openssl uses Shadow's random sources and make crypto thread-safe */
const RAND_METHOD* shadowRandomMethod = NULL;
CRYPTO_lock_func shadowLockFunc = NULL;
CRYPTO_id_func shadowIdFunc = NULL;
int nLocks = CRYPTO_num_locks();
gboolean success = shadowlibFuncs->cryptoSetup(nLocks, (gpointer*)&shadowLockFunc,
(gpointer*)&shadowIdFunc, (gconstpointer*)&shadowRandomMethod);
if(!success) {
/* ok, lets see if we can get shadow function pointers through LD_PRELOAD */
shadowRandomMethod = RAND_get_rand_method();
shadowLockFunc = CRYPTO_get_locking_callback();
shadowIdFunc = CRYPTO_get_id_callback();
}
CRYPTO_set_locking_callback(shadowLockFunc);
CRYPTO_set_id_callback(shadowIdFunc);
RAND_set_rand_method(shadowRandomMethod);
shadowlibFuncs->log(SHADOW_LOG_LEVEL_INFO, __FUNCTION__, "finished initializing crypto thread state");
#else
/* no thread support */
shadowlibFuncs->log(SHADOW_LOG_LEVEL_CRITICAL, __FUNCTION__, "please rebuild openssl with threading support. expect segfaults.");
#endif
/* setup libevent locks */
#ifdef EVTHREAD_USE_PTHREADS_IMPLEMENTED
if(evthread_use_pthreads()) {
shadowlibFuncs->log(SHADOW_LOG_LEVEL_CRITICAL, __FUNCTION__, "error in evthread_use_pthreads()");
}
shadowlibFuncs->log(SHADOW_LOG_LEVEL_MESSAGE, __FUNCTION__, "finished initializing event thread state evthread_use_pthreads()");
#else
shadowlibFuncs->log(SHADOW_LOG_LEVEL_CRITICAL, __FUNCTION__, "please rebuild libevent with threading support, or link with event_pthread. expect segfaults.");
#endif
}
static int change_rand(void)
{
/* save old rand method */
if (!TEST_ptr(old_rand = RAND_get_rand_method()))
return 0;
fake_rand = *old_rand;
/* use own random function */
fake_rand.bytes = fbytes;
/* set new RAND_METHOD */
if (!TEST_true(RAND_set_rand_method(&fake_rand)))
return 0;
return 1;
}
void rand_cleanup_int(void)
{
const RAND_METHOD *meth = default_RAND_meth;
if (meth != NULL && meth->cleanup != NULL)
meth->cleanup();
RAND_set_rand_method(NULL);
#ifndef OPENSSL_NO_ENGINE
CRYPTO_THREAD_lock_free(rand_engine_lock);
#endif
CRYPTO_THREAD_lock_free(rand_meth_lock);
CRYPTO_THREAD_lock_free(rand_bytes.lock);
if (rand_bytes.secure)
OPENSSL_secure_clear_free(rand_bytes.buff, rand_bytes.size);
else
OPENSSL_clear_free(rand_bytes.buff, rand_bytes.size);
}
int RAND_set_rand_engine(ENGINE *engine)
{
const RAND_METHOD *tmp_meth = NULL;
if (engine) {
if (!ENGINE_init(engine))
return 0;
tmp_meth = ENGINE_get_RAND(engine);
if (!tmp_meth) {
ENGINE_finish(engine);
return 0;
}
}
/* This function releases any prior ENGINE so call it first */
RAND_set_rand_method(tmp_meth);
funct_ref = engine;
return 1;
}
int change_rand(void)
{
/* save old rand method */
if ((old_rand = RAND_get_rand_method()) == NULL)
return 0;
fake_rand.seed = old_rand->seed;
fake_rand.cleanup = old_rand->cleanup;
fake_rand.add = old_rand->add;
fake_rand.status = old_rand->status;
/* use own random function */
fake_rand.bytes = fbytes;
fake_rand.pseudorand = old_rand->bytes;
/* set new RAND_METHOD */
if (!RAND_set_rand_method(&fake_rand))
return 0;
return 1;
}
int ssl_configure(GLOBAL_OPTIONS *global) { /* configure global SSL settings */
#ifdef USE_FIPS
if(FIPS_mode()!=global->option.fips) {
RAND_set_rand_method(NULL); /* reset RAND methods */
if(!FIPS_mode_set(global->option.fips)) {
ERR_load_crypto_strings();
sslerror("FIPS_mode_set");
return 1;
}
}
s_log(LOG_NOTICE, "FIPS mode %s",
global->option.fips ? "enabled" : "disabled");
#endif /* USE_FIPS */
#ifndef OPENSSL_NO_COMP
if(compression_init(global))
return 1;
#endif /* OPENSSL_NO_COMP */
if(prng_init(global))
return 1;
s_log(LOG_DEBUG, "PRNG seeded successfully");
return 0; /* SUCCESS */
}
int RAND_set_rand_engine(ENGINE *engine)
{
const RAND_METHOD *tmp_meth = NULL;
if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))
return 0;
if (engine) {
if (!ENGINE_init(engine))
return 0;
tmp_meth = ENGINE_get_RAND(engine);
if (tmp_meth == NULL) {
ENGINE_finish(engine);
return 0;
}
}
CRYPTO_THREAD_write_lock(rand_engine_lock);
/* This function releases any prior ENGINE so call it first */
RAND_set_rand_method(tmp_meth);
funct_ref = engine;
CRYPTO_THREAD_unlock(rand_engine_lock);
return 1;
}
int
main(int argc, char **argv)
{
int idx = 0;
char *buffer;
char path[MAXPATHLEN];
setprogname(argv[0]);
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &idx))
usage(1);
if (help_flag)
usage(0);
if(version_flag){
print_version(NULL);
exit(0);
}
if (argc != idx)
usage(1);
buffer = emalloc(len);
if (rand_method) {
if (0) {
}
#ifndef NO_RAND_FORTUNA_METHOD
else if (strcasecmp(rand_method, "fortuna") == 0)
RAND_set_rand_method(RAND_fortuna_method());
#endif
#ifndef NO_RAND_UNIX_METHOD
else if (strcasecmp(rand_method, "unix") == 0)
RAND_set_rand_method(RAND_unix_method());
#endif
#ifdef WIN32
else if (strcasecmp(rand_method, "w32crypto") == 0)
RAND_set_rand_method(RAND_w32crypto_method());
#endif
else
errx(1, "unknown method %s", rand_method);
}
if (RAND_file_name(path, sizeof(path)) == NULL)
errx(1, "RAND_file_name failed");
if (RAND_status() != 1)
errx(1, "random not ready yet");
if (RAND_bytes(buffer, len) != 1)
errx(1, "RAND_bytes");
if (filename)
rk_dumpdata(filename, buffer, len);
/* head vs tail */
if (len >= 100000) {
unsigned bytes[256];
unsigned bits[8];
size_t bit, i;
double res;
double slen = sqrt((double)len);
memset(bits, 0, sizeof(bits));
memset(bytes, 0, sizeof(bytes));
for (i = 0; i < len; i++) {
unsigned char c = ((unsigned char *)buffer)[i];
bytes[c]++;
for (bit = 0; bit < 8 && c; bit++) {
if (c & 1)
bits[bit]++;
c = c >> 1;
}
}
/*
* The count for each bit value has a mean of n*p = len/2,
* and a standard deviation of sqrt(n*p*q) ~ sqrt(len/4).
* Normalizing by dividing by "n*p", we get a mean of 1 and
* a standard deviation of sqrt(q/n*p) = 1/sqrt(len).
*
* A 5.33-sigma event happens 1 time in 10 million.
* A 5.73-sigma event happens 1 time in 100 million.
* A 6.11-sigma event happens 1 time in 1000 million.
*
* We tolerate 5.33-sigma events (we have 8 not entirely
* independent chances of skewed results) and want to fail
* with a good RNG less often than 1 time in million.
*/
for (bit = 0; bit < 8; bit++) {
res = slen * fabs(1.0 - 2 * (double)bits[bit] / len);
if (res > 5.33)
errx(1, "head%d vs tail%d: %.1f-sigma (%d of %d)",
(int)bit, (int)bit, res, bits[bit], len);
printf("head vs tails bit%d: %f-sigma\n", (int)bit, res);
}
/*
* The count of each byte value has a mean of n*p = len/256,
* and a standard deviation of sqrt(n*p*q) ~ sqrt(len/256).
* Normalizing by dividing by "n*p", we get a mean of 1 and
* a standard deviation of sqrt(q/n*p) ~ 16/sqrt(len).
*
* We tolerate 5.73-sigma events (we have 256 not entirely
* independent chances of skewed results). Note, for example,
* a 5.2-sigma event was observed in ~5,000 runs.
*/
for (i = 0; i < 256; i++) {
res = (slen / 16) * fabs(1.0 - 256 * (double)bytes[i] / len);
if (res > 5.73)
errx(1, "byte %d: %.1f-sigma (%d of %d)",
(int) i, res, bytes[i], len);
printf("byte %d: %f-sigma\n", (int)i, res);
}
}
isc_result_t
dst__openssl_init(const char *engine) {
isc_result_t result;
#ifdef USE_ENGINE
ENGINE *re;
#else
UNUSED(engine);
#endif
#ifdef DNS_CRYPTO_LEAKS
CRYPTO_malloc_debug_init();
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
#endif
CRYPTO_set_mem_functions(mem_alloc, mem_realloc, mem_free);
nlocks = CRYPTO_num_locks();
locks = mem_alloc(sizeof(isc_mutex_t) * nlocks);
if (locks == NULL)
return (ISC_R_NOMEMORY);
result = isc_mutexblock_init(locks, nlocks);
if (result != ISC_R_SUCCESS)
goto cleanup_mutexalloc;
CRYPTO_set_locking_callback(lock_callback);
#if OPENSSL_VERSION_NUMBER < 0x10100000L
CRYPTO_set_id_callback(id_callback);
#endif
ERR_load_crypto_strings();
rm = mem_alloc(sizeof(RAND_METHOD));
if (rm == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup_mutexinit;
}
rm->seed = NULL;
rm->bytes = entropy_get;
rm->cleanup = NULL;
rm->add = entropy_add;
rm->pseudorand = entropy_getpseudo;
rm->status = entropy_status;
#ifdef USE_ENGINE
OPENSSL_config(NULL);
if (engine != NULL && *engine == '\0')
engine = NULL;
if (engine != NULL) {
e = ENGINE_by_id(engine);
if (e == NULL) {
result = DST_R_NOENGINE;
goto cleanup_rm;
}
/* This will init the engine. */
if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
result = DST_R_NOENGINE;
goto cleanup_rm;
}
}
re = ENGINE_get_default_RAND();
if (re == NULL) {
re = ENGINE_new();
if (re == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup_rm;
}
ENGINE_set_RAND(re, rm);
ENGINE_set_default_RAND(re);
ENGINE_free(re);
} else
ENGINE_finish(re);
#else
RAND_set_rand_method(rm);
#endif /* USE_ENGINE */
return (ISC_R_SUCCESS);
#ifdef USE_ENGINE
cleanup_rm:
if (e != NULL)
ENGINE_free(e);
e = NULL;
mem_free(rm);
rm = NULL;
#endif
cleanup_mutexinit:
CRYPTO_set_locking_callback(NULL);
DESTROYMUTEXBLOCK(locks, nlocks);
cleanup_mutexalloc:
mem_free(locks);
locks = NULL;
return (result);
}
isc_result_t
dst__openssl_init() {
isc_result_t result;
#ifdef USE_ENGINE
/* const char *name; */
ENGINE *re;
#endif
#ifdef DNS_CRYPTO_LEAKS
CRYPTO_malloc_debug_init();
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
#endif
CRYPTO_set_mem_functions(mem_alloc, mem_realloc, mem_free);
nlocks = CRYPTO_num_locks();
locks = mem_alloc(sizeof(isc_mutex_t) * nlocks);
if (locks == NULL)
return (ISC_R_NOMEMORY);
result = isc_mutexblock_init(locks, nlocks);
if (result != ISC_R_SUCCESS)
goto cleanup_mutexalloc;
CRYPTO_set_locking_callback(lock_callback);
CRYPTO_set_id_callback(id_callback);
rm = mem_alloc(sizeof(RAND_METHOD));
if (rm == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup_mutexinit;
}
rm->seed = NULL;
rm->bytes = entropy_get;
rm->cleanup = NULL;
rm->add = entropy_add;
rm->pseudorand = entropy_getpseudo;
rm->status = entropy_status;
#ifdef USE_ENGINE
OPENSSL_config(NULL);
#ifdef USE_PKCS11
#ifndef PKCS11_SO_PATH
#define PKCS11_SO_PATH "/usr/local/lib/engines/engine_pkcs11.so"
#endif
#ifndef PKCS11_MODULE_PATH
#define PKCS11_MODULE_PATH "/usr/lib/libpkcs11.so"
#endif
{
/*
* to use this to config the PIN, add in openssl.cnf:
* - at the beginning: "openssl_conf = openssl_def"
* - at any place these sections:
* [ openssl_def ]
* engines = engine_section
* [ engine_section ]
* pkcs11 = pkcs11_section
* [ pkcs11_section ]
* PIN = my___pin
*/
const char *pre_cmds[] = {
"SO_PATH", PKCS11_SO_PATH,
"LOAD", NULL,
"MODULE_PATH", PKCS11_MODULE_PATH
};
const char *post_cmds[] = {
/* "PIN", "my___pin" */
};
result = dst__openssl_load_engine("pkcs11", "pkcs11",
pre_cmds, 0,
post_cmds, /*1*/ 0);
if (result != ISC_R_SUCCESS)
goto cleanup_rm;
}
#endif /* USE_PKCS11 */
if (engine_id != NULL) {
e = ENGINE_by_id(engine_id);
if (e == NULL) {
result = ISC_R_NOTFOUND;
goto cleanup_rm;
}
if (!ENGINE_init(e)) {
result = ISC_R_FAILURE;
ENGINE_free(e);
goto cleanup_rm;
}
ENGINE_set_default(e, ENGINE_METHOD_ALL);
ENGINE_free(e);
} else {
ENGINE_register_all_complete();
for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) {
/*
* Something weird here. If we call ENGINE_finish()
* ENGINE_get_default_RAND() will fail.
*/
if (ENGINE_init(e)) {
if (he == NULL)
he = e;
}
}
}
re = ENGINE_get_default_RAND();
if (re == NULL) {
re = ENGINE_new();
if (re == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup_rm;
}
ENGINE_set_RAND(re, rm);
ENGINE_set_default_RAND(re);
ENGINE_free(re);
} else
ENGINE_finish(re);
#else
RAND_set_rand_method(rm);
#endif /* USE_ENGINE */
return (ISC_R_SUCCESS);
#ifdef USE_ENGINE
cleanup_rm:
mem_free(rm);
#endif
cleanup_mutexinit:
CRYPTO_set_locking_callback(NULL);
DESTROYMUTEXBLOCK(locks, nlocks);
cleanup_mutexalloc:
mem_free(locks);
return (result);
}
int
main(int argc, char **argv)
{
int idx = 0;
char *buffer;
char path[MAXPATHLEN];
setprogname(argv[0]);
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &idx))
usage(1);
if (help_flag)
usage(0);
if(version_flag){
print_version(NULL);
exit(0);
}
argc -= idx;
argv += idx;
if (argc != 0)
usage(1);
buffer = emalloc(len);
if (rand_method) {
if (0) {
}
#ifndef NO_RAND_FORTUNA_METHOD
else if (strcasecmp(rand_method, "fortuna") == 0)
RAND_set_rand_method(RAND_fortuna_method());
#endif
#ifndef NO_RAND_UNIX_METHOD
else if (strcasecmp(rand_method, "unix") == 0)
RAND_set_rand_method(RAND_unix_method());
#endif
#ifndef NO_RAND_EGD_METHOD
else if (strcasecmp(rand_method, "egd") == 0)
RAND_set_rand_method(RAND_egd_method());
#endif
#ifdef WIN32
else if (strcasecmp(rand_method, "w32crypto") == 0)
RAND_set_rand_method(RAND_w32crypto_method());
#endif
else
errx(1, "unknown method %s", rand_method);
}
if (RAND_file_name(path, sizeof(path)) == NULL)
errx(1, "RAND_file_name failed");
if (RAND_status() != 1)
errx(1, "random not ready yet");
if (RAND_bytes(buffer, len) != 1)
errx(1, "RAND_bytes");
if (filename)
rk_dumpdata(filename, buffer, len);
/* head vs tail */
if (len >= 100000) {
int bit, i;
double res;
int bits[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
for (i = 0; i < len; i++) {
unsigned char c = ((unsigned char *)buffer)[i];
for (bit = 0; bit < 8 && c; bit++) {
if (c & 1)
bits[bit]++;
c = c >> 1;
}
}
for (bit = 0; bit < 8; bit++) {
res = ((double)abs(len - bits[bit] * 2)) / (double)len;
if (res > 0.005)
errx(1, "head%d vs tail%d > 0.5%%%% %lf == %d vs %d",
bit, bit, res, len, bits[bit]);
printf("head vs tails bit%d: %lf\n", bit, res);
}
}
void set_random_seed_for_testing(const fc::sha512& new_seed)
{
RAND_set_rand_method(RAND_stdlib());
seed = new_seed;
}
void FuzzerSetRand(void)
{
RAND_set_rand_method(&fuzz_rand_method);
}
static int restore_rand(void)
{
if (!TEST_true(RAND_set_rand_method(old_rand)))
return 0;
return 1;
}
