const RAND_METHOD *RAND_get_rand_method(void)
{
#ifdef OPERA_SMALL_VERSION
return RAND_SSLeay();
#else
if (!default_RAND_meth)
{
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = ENGINE_get_default_RAND();
if(e)
{
default_RAND_meth = ENGINE_get_RAND(e);
if(!default_RAND_meth)
{
ENGINE_finish(e);
e = NULL;
}
}
if(e)
funct_ref = e;
else
#endif
default_RAND_meth = RAND_SSLeay();
}
return default_RAND_meth;
#endif // OPERA_SMALL_VERSION
}
const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth)
{
if (!*pmeth)
{
ENGINE *e = ENGINE_get_default_RAND();
if(e)
{
*pmeth = ENGINE_get_RAND(e);
if(!*pmeth)
{
ENGINE_finish(e);
e = NULL;
}
}
if(e)
funct_ref = e;
else
if(FIPS_mode())
*pmeth=FIPS_rand_method();
else
*pmeth = RAND_SSLeay();
}
if(FIPS_mode()
&& *pmeth != FIPS_rand_check())
{
RANDerr(RAND_F_ENG_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
return 0;
}
return *pmeth;
}
/*
* OpenSSL random should re-feeded occasionally. From /dev/urandom
* preferably.
*/
static void
init_openssl_rand(void)
{
if (RAND_get_rand_method() == NULL)
RAND_set_rand_method(RAND_SSLeay());
openssl_random_init = 1;
}
const RAND_METHOD *RAND_get_rand_method(void)
{
#ifdef OPENSSL_FIPS
if(FIPS_mode()
&& default_RAND_meth != FIPS_rand_check())
{
RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
return 0;
}
#endif
if (!default_RAND_meth)
{
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = ENGINE_get_default_RAND();
if(e)
{
default_RAND_meth = ENGINE_get_RAND(e);
if(!default_RAND_meth)
{
ENGINE_finish(e);
e = NULL;
}
}
if(e)
funct_ref = e;
else
#endif
default_RAND_meth = RAND_SSLeay();
}
return default_RAND_meth;
}
/**
*
* \brief Generates a random bytes stream. The ATECCX08 TRNG is
* used to seed a standard OpenSSL PRNG (RAND_SSLeay()),
* which is used to produce the random stream then. The
* PRNG is reseeded after MAX_RAND_BYTES are generated
*
* \param[out] buf - a pointer to buffer for the random byte
* stream. The caller must allocate enough space in the
* buffer in order to fit all generated bytes.
* \param[in] num - number of bytes to generate
* \return 1 for success
*/
static int RAND_eccx08_rand_bytes(unsigned char *buf, int num)
{
int rc = 0;
uint32_t atcab_buf[TLS_RANDOM_SIZE / sizeof(uint32_t)];
double entropy;
RAND_METHOD *meth_rand = RAND_SSLeay();
ATCA_STATUS status = ATCA_GEN_FAIL;
#ifdef USE_ECCX08
if (total_num > MAX_RAND_BYTES) {
total_num = 0;
}
if (total_num == 0) {
eccx08_debug("RAND_eccx08_rand_bytes() - hw\n");
status = atcatls_init(pCfg);
if (status != ATCA_SUCCESS) goto done;
status = atcatls_random((uint8_t *)atcab_buf);
if (status != ATCA_SUCCESS) goto done;
status = atcatls_finish();
if (status != ATCA_SUCCESS) goto done;
entropy = (double)atcab_buf[0];
meth_rand->add(buf, num, entropy);
}
total_num += num;
#else // USE_ECCX08
eccx08_debug("RAND_eccx08_rand_bytes() - sw\n");
#endif // USE_ECCX08
rc = meth_rand->bytes(buf, num);
done:
return (rc);
}
static int ubsec_rand_bytes(unsigned char * buf,
int num)
{
int ret = 0,
fd;
if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
{
const RAND_METHOD *meth;
UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_UNIT_FAILURE);
num = p_UBSEC_ubsec_bits_to_bytes(num);
meth = RAND_SSLeay();
meth->seed(buf, num);
ret = meth->bytes(buf, num);
goto err;
}
num *= 8; /* bytes to bits */
if (p_UBSEC_rng_ioctl(fd,
UBSEC_RNG_DIRECT,
buf,
&num) != 0)
{
/* Hardware's a no go, failover to software */
const RAND_METHOD *meth;
UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_REQUEST_FAILED);
p_UBSEC_ubsec_close(fd);
num = p_UBSEC_ubsec_bits_to_bytes(num);
meth = RAND_SSLeay();
meth->seed(buf, num);
ret = meth->bytes(buf, num);
goto err;
}
p_UBSEC_ubsec_close(fd);
ret = 1;
err:
return(ret);
}
/*
* OpenSSL random should re-feeded occasionally. From /dev/urandom
* preferably.
*/
static void
init_openssl_rand(void)
{
if (RAND_get_rand_method() == NULL)
{
#ifdef HAVE_RAND_OPENSSL
RAND_set_rand_method(RAND_OpenSSL());
#else
RAND_set_rand_method(RAND_SSLeay());
#endif
}
openssl_random_init = 1;
}
static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
int entropy, size_t min_len, size_t max_len)
{
/* Round up request to multiple of block size */
min_len = ((min_len + 19) / 20) * 20;
*pout = OPENSSL_malloc(min_len);
if (!*pout)
return 0;
if (RAND_SSLeay()->bytes(*pout, min_len) <= 0)
{
OPENSSL_free(*pout);
*pout = NULL;
return 0;
}
return min_len;
}
static ENGINE *
sc_get_engine(void)
{
static ENGINE *smart_engine = NULL;
if ((smart_engine = ENGINE_new()) == NULL)
fatal("ENGINE_new failed");
ENGINE_set_id(smart_engine, "sectok");
ENGINE_set_name(smart_engine, "libsectok");
ENGINE_set_RSA(smart_engine, sc_get_rsa_method());
ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method());
ENGINE_set_DH(smart_engine, DH_get_default_openssl_method());
ENGINE_set_RAND(smart_engine, RAND_SSLeay());
ENGINE_set_BN_mod_exp(smart_engine, BN_mod_exp);
return smart_engine;
}
static const RAND_METHOD *fips_RAND_get_rand_method(const RAND_METHOD **pmeth)
{
if (!*pmeth)
{
if(FIPS_mode())
*pmeth=FIPS_rand_method();
else
*pmeth = RAND_SSLeay();
}
if(FIPS_mode()
&& *pmeth != FIPS_rand_check())
{
RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
return 0;
}
return *pmeth;
}
/**
*
* \brief Initialize the RAND method for ateccx08 engine
*
* \return 1 for success
*/
int eccx08_rand_init(void)
{
const RAND_METHOD *meth_rand = RAND_SSLeay();
eccx08_debug("eccx08_rand_init()\n");
/*
* We use OpenSSL (SSLeay) meth to supply what we don't provide ;-*)
*/
eccx08_rand.seed = meth_rand->seed;
eccx08_rand.cleanup = meth_rand->cleanup;
#ifndef USE_ECCX08
eccx08_rand.bytes = meth_rand->bytes;
eccx08_rand.add = meth_rand->add;
eccx08_rand.pseudorand = meth_rand->pseudorand;
eccx08_rand.status = meth_rand->status;
#endif // USE_ECCX08
return 1;
}
/* This internal function is used by ENGINE_openssl() and possibly by the
* "dynamic" ENGINE support too */
static int bind_helper(ENGINE *e)
{
if(!ENGINE_set_id(e, engine_openssl_id)
|| !ENGINE_set_name(e, engine_openssl_name)
#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
#ifndef OPENSSL_NO_RSA
|| !ENGINE_set_RSA(e, RSA_get_default_method())
#endif
#ifndef OPENSSL_NO_DSA
|| !ENGINE_set_DSA(e, DSA_get_default_method())
#endif
#ifndef OPENSSL_NO_ECDH
|| !ENGINE_set_ECDH(e, ECDH_OpenSSL())
#endif
#ifndef OPENSSL_NO_ECDSA
|| !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())
#endif
#ifndef OPENSSL_NO_DH
|| !ENGINE_set_DH(e, DH_get_default_method())
#endif
|| !ENGINE_set_RAND(e, RAND_SSLeay())
#ifdef TEST_ENG_OPENSSL_RC4
|| !ENGINE_set_ciphers(e, openssl_ciphers)
#endif
#ifdef TEST_ENG_OPENSSL_SHA
|| !ENGINE_set_digests(e, openssl_digests)
#endif
#endif
//MS:
#ifndef OPENSSL_NO_STDIO
#ifdef TEST_ENG_OPENSSL_PKEY
|| !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
#endif
#endif
)
return 0;
/* If we add errors to this ENGINE, ensure the error handling is setup here */
/* openssl_load_error_strings(); */
return 1;
}
static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
{
RAND_SSLeay()->seed(in, inlen);
return 1;
}
static int drbg_rand_add(DRBG_CTX *ctx, const void *in, int inlen,
double entropy)
{
RAND_SSLeay()->add(in, inlen, entropy);
return 1;
}
/* This internal function is used by ENGINE_zencod () and possibly by the
* "dynamic" ENGINE support too ;-)
*/
static int bind_helper ( ENGINE *e )
{
#ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth_rsa ;
#endif
#ifndef OPENSSL_NO_DSA
const DSA_METHOD *meth_dsa ;
#endif
#ifndef OPENSSL_NO_DH
const DH_METHOD *meth_dh ;
#endif
const RAND_METHOD *meth_rand ;
if ( !ENGINE_set_id ( e, engine_zencod_id ) ||
!ENGINE_set_name ( e, engine_zencod_name ) ||
#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA ( e, &zencod_rsa ) ||
#endif
#ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA ( e, &zencod_dsa ) ||
#endif
#ifndef OPENSSL_NO_DH
!ENGINE_set_DH ( e, &zencod_dh ) ||
#endif
!ENGINE_set_RAND ( e, &zencod_rand ) ||
!ENGINE_set_destroy_function ( e, zencod_destroy ) ||
!ENGINE_set_init_function ( e, zencod_init ) ||
!ENGINE_set_finish_function ( e, zencod_finish ) ||
!ENGINE_set_ctrl_function ( e, zencod_ctrl ) ||
!ENGINE_set_cmd_defns ( e, zencod_cmd_defns ) ||
!ENGINE_set_digests ( e, engine_digests ) ||
!ENGINE_set_ciphers ( e, engine_ciphers ) ) {
return 0 ;
}
#ifndef OPENSSL_NO_RSA
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the Zencod-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
* anything "more generic" because something like the RSAref
* code may not hook properly, and if you own one of these
* cards then you have the right to do RSA operations on it
* anyway!
*/
meth_rsa = RSA_PKCS1_SSLeay () ;
zencod_rsa.rsa_pub_enc = meth_rsa->rsa_pub_enc ;
zencod_rsa.rsa_pub_dec = meth_rsa->rsa_pub_dec ;
zencod_rsa.rsa_priv_enc = meth_rsa->rsa_priv_enc ;
zencod_rsa.rsa_priv_dec = meth_rsa->rsa_priv_dec ;
/* meth_rsa->rsa_mod_exp */
/* meth_rsa->bn_mod_exp */
zencod_rsa.init = meth_rsa->init ;
zencod_rsa.finish = meth_rsa->finish ;
#endif
#ifndef OPENSSL_NO_DSA
/* We use OpenSSL meth to supply what we don't provide ;-*)
*/
meth_dsa = DSA_OpenSSL () ;
/* meth_dsa->dsa_do_sign */
zencod_dsa.dsa_sign_setup = meth_dsa->dsa_sign_setup ;
/* meth_dsa->dsa_do_verify */
zencod_dsa.dsa_mod_exp = meth_dsa->dsa_mod_exp ;
/* zencod_dsa.bn_mod_exp = meth_dsa->bn_mod_exp ; */
zencod_dsa.init = meth_dsa->init ;
zencod_dsa.finish = meth_dsa->finish ;
#endif
#ifndef OPENSSL_NO_DH
/* We use OpenSSL meth to supply what we don't provide ;-*)
*/
meth_dh = DH_OpenSSL () ;
/* zencod_dh.generate_key = meth_dh->generate_key ; */
/* zencod_dh.compute_key = meth_dh->compute_key ; */
/* zencod_dh.bn_mod_exp = meth_dh->bn_mod_exp ; */
zencod_dh.init = meth_dh->init ;
zencod_dh.finish = meth_dh->finish ;
#endif
/* We use OpenSSL (SSLeay) meth to supply what we don't provide ;-*)
*/
meth_rand = RAND_SSLeay () ;
/* meth_rand->seed ; */
/* zencod_rand.seed = meth_rand->seed ; */
/* meth_rand->bytes ; */
/* zencod_rand.bytes = meth_rand->bytes ; */
zencod_rand.cleanup = meth_rand->cleanup ;
zencod_rand.add = meth_rand->add ;
/* meth_rand->pseudorand ; */
/* zencod_rand.pseudorand = meth_rand->pseudorand ; */
/* zencod_rand.status = meth_rand->status ; */
/* meth_rand->status ; */
/* Ensure the zencod error handling is set up */
ERR_load_ZENCOD_strings () ;
return 1 ;
}