Exemple #1
0
const RAND_METHOD *RAND_get_rand_method(void)
	{
#ifdef OPERA_SMALL_VERSION

	return RAND_SSLeay();

#else

	if (!default_RAND_meth)
		{
#ifndef OPENSSL_NO_ENGINE
		ENGINE *e = ENGINE_get_default_RAND();
		if(e)
			{
			default_RAND_meth = ENGINE_get_RAND(e);
			if(!default_RAND_meth)
				{
				ENGINE_finish(e);
				e = NULL;
				}
			}
		if(e)
			funct_ref = e;
		else
#endif
			default_RAND_meth = RAND_SSLeay();
		}
	return default_RAND_meth;

#endif // OPERA_SMALL_VERSION
	}
Exemple #2
0
const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth)
	{
	if (!*pmeth)
		{
		ENGINE *e = ENGINE_get_default_RAND();
		if(e)
			{
			*pmeth = ENGINE_get_RAND(e);
			if(!*pmeth)
				{
				ENGINE_finish(e);
				e = NULL;
				}
			}
		if(e)
			funct_ref = e;
		else
			if(FIPS_mode())
				*pmeth=FIPS_rand_method();
			else
			*pmeth = RAND_SSLeay();
		}

	if(FIPS_mode()
		&& *pmeth != FIPS_rand_check())
	    {
	    RANDerr(RAND_F_ENG_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
	    return 0;
	    }

	return *pmeth;
	}
Exemple #3
0
/*
 * OpenSSL random should re-feeded occasionally. From /dev/urandom
 * preferably.
 */
static void
init_openssl_rand(void)
{
	if (RAND_get_rand_method() == NULL)
		RAND_set_rand_method(RAND_SSLeay());
	openssl_random_init = 1;
}
const RAND_METHOD *RAND_get_rand_method(void)
	{
#ifdef OPENSSL_FIPS
	if(FIPS_mode()
		&& default_RAND_meth != FIPS_rand_check())
	    {
	    RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
	    return 0;
	    }
#endif


	if (!default_RAND_meth)
		{
#ifndef OPENSSL_NO_ENGINE
		ENGINE *e = ENGINE_get_default_RAND();
		if(e)
			{
			default_RAND_meth = ENGINE_get_RAND(e);
			if(!default_RAND_meth)
				{
				ENGINE_finish(e);
				e = NULL;
				}
			}
		if(e)
			funct_ref = e;
		else
#endif
			default_RAND_meth = RAND_SSLeay();
		}
	return default_RAND_meth;
	}
/**
 *
 * \brief Generates a random bytes stream. The ATECCX08 TRNG is
 *        used to seed a standard OpenSSL PRNG (RAND_SSLeay()),
 *        which is used to produce the random stream then. The
 *        PRNG is reseeded after MAX_RAND_BYTES are generated
 *
 * \param[out] buf - a pointer to buffer for the random byte
 *       stream. The caller must allocate enough space in the
 *       buffer in order to fit all generated bytes.
 * \param[in] num - number of bytes to generate
 * \return 1 for success
 */
static int RAND_eccx08_rand_bytes(unsigned char *buf, int num)
{
    int rc = 0;
    uint32_t atcab_buf[TLS_RANDOM_SIZE / sizeof(uint32_t)];
    double entropy;
    RAND_METHOD *meth_rand = RAND_SSLeay();
    ATCA_STATUS status = ATCA_GEN_FAIL;

#ifdef USE_ECCX08
    if (total_num > MAX_RAND_BYTES) {
        total_num = 0;
    }
    if (total_num == 0) {
        eccx08_debug("RAND_eccx08_rand_bytes() -  hw\n");
        status = atcatls_init(pCfg);
        if (status != ATCA_SUCCESS) goto done;
        status = atcatls_random((uint8_t *)atcab_buf);
        if (status != ATCA_SUCCESS) goto done;
        status = atcatls_finish();
        if (status != ATCA_SUCCESS) goto done;
        entropy = (double)atcab_buf[0];
        meth_rand->add(buf, num, entropy);
    }
    total_num += num;
#else // USE_ECCX08
    eccx08_debug("RAND_eccx08_rand_bytes() - sw\n");
#endif // USE_ECCX08
    rc = meth_rand->bytes(buf, num);

done:
    return (rc);
}
static int ubsec_rand_bytes(unsigned char * buf,
                            int num)
        {
        int      ret      = 0,
                 fd;

        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
                {
                const RAND_METHOD *meth;
                UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_UNIT_FAILURE);
                num = p_UBSEC_ubsec_bits_to_bytes(num);
                meth = RAND_SSLeay();
                meth->seed(buf, num);
                ret = meth->bytes(buf, num);
                goto err;
                }

        num *= 8; /* bytes to bits */

        if (p_UBSEC_rng_ioctl(fd,
                              UBSEC_RNG_DIRECT,
                              buf,
                              &num) != 0)
                {
                /* Hardware's a no go, failover to software */
                const RAND_METHOD *meth;

                UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_REQUEST_FAILED);
                p_UBSEC_ubsec_close(fd);

                num = p_UBSEC_ubsec_bits_to_bytes(num);
                meth = RAND_SSLeay();
                meth->seed(buf, num);
                ret = meth->bytes(buf, num);

                goto err;
                }

        p_UBSEC_ubsec_close(fd);

        ret = 1;
err:
        return(ret);
        }
Exemple #7
0
/*
 * OpenSSL random should re-feeded occasionally. From /dev/urandom
 * preferably.
 */
static void
init_openssl_rand(void)
{
	if (RAND_get_rand_method() == NULL)
	{
#ifdef HAVE_RAND_OPENSSL
		RAND_set_rand_method(RAND_OpenSSL());
#else
		RAND_set_rand_method(RAND_SSLeay());
#endif
	}
	openssl_random_init = 1;
}
Exemple #8
0
static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
                                int entropy, size_t min_len, size_t max_len)
        {
	/* Round up request to multiple of block size */
	min_len = ((min_len + 19) / 20) * 20;
	*pout = OPENSSL_malloc(min_len);
	if (!*pout)
		return 0;
	if (RAND_SSLeay()->bytes(*pout, min_len) <= 0)
		{
		OPENSSL_free(*pout);
		*pout = NULL;
		return 0;
		}
        return min_len;
        }
Exemple #9
0
static ENGINE *
sc_get_engine(void)
{
	static ENGINE *smart_engine = NULL;

	if ((smart_engine = ENGINE_new()) == NULL)
		fatal("ENGINE_new failed");

	ENGINE_set_id(smart_engine, "sectok");
	ENGINE_set_name(smart_engine, "libsectok");

	ENGINE_set_RSA(smart_engine, sc_get_rsa_method());
	ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method());
	ENGINE_set_DH(smart_engine, DH_get_default_openssl_method());
	ENGINE_set_RAND(smart_engine, RAND_SSLeay());
	ENGINE_set_BN_mod_exp(smart_engine, BN_mod_exp);

	return smart_engine;
}
Exemple #10
0
static const RAND_METHOD *fips_RAND_get_rand_method(const RAND_METHOD **pmeth)
	{
	if (!*pmeth)
		{
		if(FIPS_mode())
			*pmeth=FIPS_rand_method();
		else
			*pmeth = RAND_SSLeay();
		}

	if(FIPS_mode()
		&& *pmeth != FIPS_rand_check())
	    {
	    RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
	    return 0;
	    }

	return *pmeth;
	}
/**
 *
 * \brief Initialize the RAND method for ateccx08 engine
 *
 * \return 1 for success
 */
int eccx08_rand_init(void)
{
    const RAND_METHOD *meth_rand = RAND_SSLeay();

    eccx08_debug("eccx08_rand_init()\n");

    /*
     * We use OpenSSL (SSLeay) meth to supply what we don't provide ;-*)
     */
    eccx08_rand.seed = meth_rand->seed;
    eccx08_rand.cleanup = meth_rand->cleanup;

#ifndef USE_ECCX08
    eccx08_rand.bytes = meth_rand->bytes;
    eccx08_rand.add = meth_rand->add;
    eccx08_rand.pseudorand = meth_rand->pseudorand;
    eccx08_rand.status = meth_rand->status;
#endif // USE_ECCX08

    return 1;
}
/* This internal function is used by ENGINE_openssl() and possibly by the
 * "dynamic" ENGINE support too */
static int bind_helper(ENGINE *e)
	{
	if(!ENGINE_set_id(e, engine_openssl_id)
			|| !ENGINE_set_name(e, engine_openssl_name)
#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
#ifndef OPENSSL_NO_RSA
			|| !ENGINE_set_RSA(e, RSA_get_default_method())
#endif
#ifndef OPENSSL_NO_DSA
			|| !ENGINE_set_DSA(e, DSA_get_default_method())
#endif
#ifndef OPENSSL_NO_ECDH
			|| !ENGINE_set_ECDH(e, ECDH_OpenSSL())
#endif
#ifndef OPENSSL_NO_ECDSA
			|| !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())
#endif
#ifndef OPENSSL_NO_DH
			|| !ENGINE_set_DH(e, DH_get_default_method())
#endif
			|| !ENGINE_set_RAND(e, RAND_SSLeay())
#ifdef TEST_ENG_OPENSSL_RC4
			|| !ENGINE_set_ciphers(e, openssl_ciphers)
#endif
#ifdef TEST_ENG_OPENSSL_SHA
			|| !ENGINE_set_digests(e, openssl_digests)
#endif
#endif
//MS:
#ifndef OPENSSL_NO_STDIO
#ifdef TEST_ENG_OPENSSL_PKEY
			|| !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
#endif
#endif
			)
		return 0;
	/* If we add errors to this ENGINE, ensure the error handling is setup here */
	/* openssl_load_error_strings(); */
	return 1;
	}
Exemple #13
0
static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
	{
	RAND_SSLeay()->seed(in, inlen);
	return 1;
	}
Exemple #14
0
static int drbg_rand_add(DRBG_CTX *ctx, const void *in, int inlen,
				double entropy)
	{
	RAND_SSLeay()->add(in, inlen, entropy);
	return 1;
	}
/* This internal function is used by ENGINE_zencod () and possibly by the
 * "dynamic" ENGINE support too   ;-)
 */
static int bind_helper ( ENGINE *e )
{

#ifndef OPENSSL_NO_RSA
	const RSA_METHOD *meth_rsa ;
#endif
#ifndef OPENSSL_NO_DSA
	const DSA_METHOD *meth_dsa ;
#endif
#ifndef OPENSSL_NO_DH
	const DH_METHOD *meth_dh ;
#endif

	const RAND_METHOD *meth_rand ;


	if ( !ENGINE_set_id ( e, engine_zencod_id ) ||
			!ENGINE_set_name ( e, engine_zencod_name ) ||
#ifndef OPENSSL_NO_RSA
			!ENGINE_set_RSA ( e, &zencod_rsa ) ||
#endif
#ifndef OPENSSL_NO_DSA
			!ENGINE_set_DSA ( e, &zencod_dsa ) ||
#endif
#ifndef OPENSSL_NO_DH
			!ENGINE_set_DH ( e, &zencod_dh ) ||
#endif
			!ENGINE_set_RAND ( e, &zencod_rand ) ||

			!ENGINE_set_destroy_function ( e, zencod_destroy ) ||
			!ENGINE_set_init_function ( e, zencod_init ) ||
			!ENGINE_set_finish_function ( e, zencod_finish ) ||
			!ENGINE_set_ctrl_function ( e, zencod_ctrl ) ||
			!ENGINE_set_cmd_defns ( e, zencod_cmd_defns ) ||
			!ENGINE_set_digests ( e, engine_digests ) ||
			!ENGINE_set_ciphers ( e, engine_ciphers ) ) {
		return 0 ;
	}

#ifndef OPENSSL_NO_RSA
	/* We know that the "PKCS1_SSLeay()" functions hook properly
	 * to the Zencod-specific mod_exp and mod_exp_crt so we use
	 * those functions. NB: We don't use ENGINE_openssl() or
	 * anything "more generic" because something like the RSAref
	 * code may not hook properly, and if you own one of these
	 * cards then you have the right to do RSA operations on it
	 * anyway!
	 */
	meth_rsa = RSA_PKCS1_SSLeay () ;

	zencod_rsa.rsa_pub_enc = meth_rsa->rsa_pub_enc ;
	zencod_rsa.rsa_pub_dec = meth_rsa->rsa_pub_dec ;
	zencod_rsa.rsa_priv_enc = meth_rsa->rsa_priv_enc ;
	zencod_rsa.rsa_priv_dec = meth_rsa->rsa_priv_dec ;
	/* meth_rsa->rsa_mod_exp */
	/* meth_rsa->bn_mod_exp */
	zencod_rsa.init = meth_rsa->init ;
	zencod_rsa.finish = meth_rsa->finish ;
#endif

#ifndef OPENSSL_NO_DSA
	/* We use OpenSSL meth to supply what we don't provide ;-*)
	 */
	meth_dsa = DSA_OpenSSL () ;

	/* meth_dsa->dsa_do_sign */
	zencod_dsa.dsa_sign_setup = meth_dsa->dsa_sign_setup ;
	/* meth_dsa->dsa_do_verify */
	zencod_dsa.dsa_mod_exp = meth_dsa->dsa_mod_exp ;
	/* zencod_dsa.bn_mod_exp = meth_dsa->bn_mod_exp ; */
	zencod_dsa.init = meth_dsa->init ;
	zencod_dsa.finish = meth_dsa->finish ;
#endif

#ifndef OPENSSL_NO_DH
	/* We use OpenSSL meth to supply what we don't provide ;-*)
	 */
	meth_dh = DH_OpenSSL () ;

	/* zencod_dh.generate_key = meth_dh->generate_key ; */
	/* zencod_dh.compute_key = meth_dh->compute_key ; */
	/* zencod_dh.bn_mod_exp = meth_dh->bn_mod_exp ; */
	zencod_dh.init = meth_dh->init ;
	zencod_dh.finish = meth_dh->finish ;

#endif

	/* We use OpenSSL (SSLeay) meth to supply what we don't provide ;-*)
	 */
	meth_rand = RAND_SSLeay () ;

	/* meth_rand->seed ; */
	/* zencod_rand.seed = meth_rand->seed ; */
	/* meth_rand->bytes ; */
	/* zencod_rand.bytes = meth_rand->bytes ; */
	zencod_rand.cleanup = meth_rand->cleanup ;
	zencod_rand.add = meth_rand->add ;
	/* meth_rand->pseudorand ; */
	/* zencod_rand.pseudorand = meth_rand->pseudorand ; */
	/* zencod_rand.status = meth_rand->status ; */
	/* meth_rand->status ; */

	/* Ensure the zencod error handling is set up */
	ERR_load_ZENCOD_strings () ;
	return 1 ;
}