/*
* Pack and add bits to the entropy pool.
*/
void add_bits(bit_extractor* be, uint32_t sample)
{
//Add bits
be->packedNum |= (sample & be->mask)
<< (be->samplesUsed * be->num2extract + be->numLeftoverBits);
be->samplesUsed++;
//See if we have a full 32-bit number
if(be->samplesUsed >= be->samples2use)
{
//Add number to entropy pool
add_entropy(be->packedNum, sizeof(be->packedNum));
//Store leftover bits
be->numLeftoverBits = be->samplesUsed * be->num2extract
+ be->numLeftoverBits - 32;
be->packedNum = (sample >> (be->num2extract - be->numLeftoverBits))
& MASK(be->numLeftoverBits);
//Determine required # of samples
if((be->numLeftoverBits + (be->samplesNeeded - 1)
* be->num2extract) >= 32)
be->samples2use = be->samplesNeeded - 1;
else
be->samples2use = be->samplesNeeded;
//Reset variables
be->samplesUsed = 0;
}
void SSLConnection::init () {
did_init = false;
buffer_t path;
buffer_init(&path);
buffer_grow(&path,_POSIX_PATH_MAX+1);
if (!HAVE_ENTROPY ()) {
/* load entropy from files */
if (SSLEntropyFile)
add_entropy (SSLEntropyFile);
add_entropy (RAND_file_name (path.str,path.size));
/* load entropy from egd sockets */
#ifdef HAVE_RAND_EGD
add_entropy (getenv ("EGDSOCKET"));
buffer_shrink(&path,0);
buffer_add_str(&path,NONULL(Homedir),-1);
buffer_add_str(&path,"/.entropy",9);
add_entropy (path.str);
add_entropy ("/tmp/entropy");
#endif
/* shuffle $RANDFILE (or ~/.rnd if unset) */
RAND_write_file (RAND_file_name (path.str,path.size));
if (!HAVE_ENTROPY ()) {
buffer_t msg; buffer_init(&msg);
buffer_add_str(&msg,_("Failed to find enough entropy on your system"),-1);
displayError.emit(&msg);
buffer_free(&msg);
buffer_free(&path);
return;
}
}
/*
* I don't think you can do this just before reading the error.
* The call itself might clobber the last SSL error.
*/
SSL_load_error_strings ();
SSL_library_init ();
did_init = true;
buffer_free(&path);
}
void fortuna_add_entropy(const uint8_t *data, unsigned len)
{
if (!initDone)
init();
if (!data || !len)
return;
add_entropy(&mainState, data, len);
}
void Stateful_RNG::initialize_with(const uint8_t input[], size_t len)
{
add_entropy(input, len);
if(8*len >= security_level())
{
m_reseed_counter = 1;
}
}
/**
* ssl_init - Initialise the SSL library
* @retval 0 Success
* @retval -1 Error
*
* OpenSSL library needs to be fed with sufficient entropy. On systems with
* /dev/urandom, this is done transparently by the library itself, on other
* systems we need to fill the entropy pool ourselves.
*
* Even though only OpenSSL 0.9.5 and later will complain about the lack of
* entropy, we try to our best and fill the pool with older versions also.
* (That's the reason for the ugly ifdefs and macros, otherwise I could have
* simply ifdef'd the whole ssl_init function)
*/
static int ssl_init(void)
{
static bool init_complete = false;
if (init_complete)
return 0;
if (!HAVE_ENTROPY())
{
/* load entropy from files */
char path[PATH_MAX];
add_entropy(C_EntropyFile);
add_entropy(RAND_file_name(path, sizeof(path)));
/* load entropy from egd sockets */
#ifdef HAVE_RAND_EGD
add_entropy(mutt_str_getenv("EGDSOCKET"));
snprintf(path, sizeof(path), "%s/.entropy", NONULL(HomeDir));
add_entropy(path);
add_entropy("/tmp/entropy");
#endif
/* shuffle $RANDFILE (or ~/.rnd if unset) */
RAND_write_file(RAND_file_name(path, sizeof(path)));
mutt_clear_error();
if (!HAVE_ENTROPY())
{
mutt_error(_("Failed to find enough entropy on your system"));
return -1;
}
}
/* OpenSSL performs automatic initialization as of 1.1.
* However LibreSSL does not (as of 2.8.3). */
#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || \
(defined(LIBRESSL_VERSION_NUMBER))
/* I don't think you can do this just before reading the error. The call
* itself might clobber the last SSL error. */
SSL_load_error_strings();
SSL_library_init();
#endif
init_complete = true;
return 0;
}
int main(int argc, char *argv[])
{
int retval = EXIT_FAILURE;
int opt;
int fd=-1;
int val=0;
int r;
while ((opt = getopt(argc, argv, "h")) != -1) {
switch (opt) {
case 'h':
usage();
exit(EXIT_SUCCESS);
break;
default: /* '?' */
usage();
exit(EXIT_FAILURE);
}
}
if (argc - optind < 1) {
fprintf(stderr, "Missing action\n");
usage();
exit(EXIT_FAILURE);
}
const char *action = argv[optind];
int action_argc = argc - optind;
char **action_argv = &argv[optind];
fd = open("/dev/urandom", O_RDWR);
if (fd == -1) {
perror("Failed to open /dev/urandom");
exit(EXIT_FAILURE);
}
if (strcmp(action, "get_entropy_cnt") == 0) {
retval = get_entropy_cnt(fd, action_argc, action_argv);
} else if (strcmp(action, "add_entropy_cnt") == 0) {
retval = add_entropy_cnt(fd, action_argc, action_argv);
} else if (strcmp(action, "add_entropy") == 0) {
retval = add_entropy(fd, action_argc, action_argv);
} else if (strcmp(action, "add_random") == 0) {
retval = add_random(fd, action_argc, action_argv);
} else if (strcmp(action, "clear_pool") == 0) {
retval = clear_pool(fd, action_argc, action_argv);
} else {
fprintf(stderr, "Unknown action: %s\n", action);
usage();
retval = EXIT_FAILURE;
}
close(fd);
return retval;
}
void
fortuna_add_entropy(const uint8 *data, unsigned len)
{
if (!init_done)
{
init_state(&main_state);
init_done = 1;
}
if (!data || !len)
return;
add_entropy(&main_state, data, len);
}
static void
fortuna_seed(const void *indata, int size)
{
HEIMDAL_MUTEX_lock(&fortuna_mutex);
fortuna_init();
add_entropy(&main_state, indata, size);
if (size >= INIT_BYTES)
have_entropy = 1;
HEIMDAL_MUTEX_unlock(&fortuna_mutex);
}
/*
* OpenSSL library needs to be fed with sufficient entropy. On systems
* with /dev/urandom, this is done transparently by the library itself,
* on other systems we need to fill the entropy pool ourselves.
*
* Even though only OpenSSL 0.9.5 and later will complain about the
* lack of entropy, we try to our best and fill the pool with older
* versions also. (That's the reason for the ugly #ifdefs and macros,
* otherwise I could have simply #ifdef'd the whole ssl_init funcion)
*/
static int ssl_init (void)
{
char path[_POSIX_PATH_MAX];
static unsigned char init_complete = 0;
if (init_complete)
return 0;
if (! HAVE_ENTROPY())
{
/* load entropy from files */
add_entropy (SslEntropyFile);
add_entropy (RAND_file_name (path, sizeof (path)));
/* load entropy from egd sockets */
#ifdef HAVE_RAND_EGD
add_entropy (getenv ("EGDSOCKET"));
snprintf (path, sizeof(path), "%s/.entropy", NONULL(Homedir));
add_entropy (path);
add_entropy ("/tmp/entropy");
#endif
/* shuffle $RANDFILE (or ~/.rnd if unset) */
RAND_write_file (RAND_file_name (path, sizeof (path)));
mutt_clear_error ();
if (! HAVE_ENTROPY())
{
mutt_error (_("Failed to find enough entropy on your system"));
mutt_sleep (2);
return -1;
}
}
/* I don't think you can do this just before reading the error. The call
* itself might clobber the last SSL error. */
SSL_load_error_strings();
SSL_library_init();
init_complete = 1;
return 0;
}
static bytea *
decrypt_internal(int is_pubenc, int need_text, text *data,
text *key, text *keypsw, text *args)
{
int err;
MBuf *src = NULL,
*dst = NULL;
uint8 tmp[VARHDRSZ];
uint8 *restmp;
bytea *res;
int res_len;
PGP_Context *ctx = NULL;
struct debug_expect ex;
int got_unicode = 0;
init_work(&ctx, need_text, args, &ex);
src = mbuf_create_from_data((uint8 *) VARDATA(data),
VARSIZE(data) - VARHDRSZ);
dst = mbuf_create(VARSIZE(data) + 2048);
/*
* reserve room for header
*/
mbuf_append(dst, tmp, VARHDRSZ);
/*
* set key
*/
if (is_pubenc)
{
uint8 *psw = NULL;
int psw_len = 0;
MBuf *kbuf;
if (keypsw)
{
psw = (uint8 *) VARDATA(keypsw);
psw_len = VARSIZE(keypsw) - VARHDRSZ;
}
kbuf = create_mbuf_from_vardata(key);
err = pgp_set_pubkey(ctx, kbuf, psw, psw_len, 1);
mbuf_free(kbuf);
}
else
err = pgp_set_symkey(ctx, (uint8 *) VARDATA(key),
VARSIZE(key) - VARHDRSZ);
/*
* decrypt
*/
if (err >= 0)
err = pgp_decrypt(ctx, src, dst);
/*
* failed?
*/
if (err < 0)
goto out;
if (ex.expect)
check_expect(ctx, &ex);
/* remember the setting */
got_unicode = pgp_get_unicode_mode(ctx);
out:
if (src)
mbuf_free(src);
if (ctx)
pgp_free(ctx);
if (err)
{
px_set_debug_handler(NULL);
if (dst)
mbuf_free(dst);
ereport(ERROR,
(errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
errmsg("%s", px_strerror(err))));
}
res_len = mbuf_steal_data(dst, &restmp);
mbuf_free(dst);
/* res_len includes VARHDRSZ */
res = (bytea *) restmp;
SET_VARSIZE(res, res_len);
if (need_text && got_unicode)
{
text *utf = convert_from_utf8(res);
if (utf != res)
{
clear_and_pfree(res);
res = utf;
}
}
px_set_debug_handler(NULL);
/*
* add successfull decryptions also into RNG
*/
add_entropy(res, key, keypsw);
return res;
}
static bytea *
encrypt_internal(int is_pubenc, int is_text,
text *data, text *key, text *args)
{
MBuf *src,
*dst;
uint8 tmp[VARHDRSZ];
uint8 *restmp;
bytea *res;
int res_len;
PGP_Context *ctx;
int err;
struct debug_expect ex;
text *tmp_data = NULL;
/*
* Add data and key info RNG.
*/
add_entropy(data, key, NULL);
init_work(&ctx, is_text, args, &ex);
if (is_text && pgp_get_unicode_mode(ctx))
{
tmp_data = convert_to_utf8(data);
if (tmp_data == data)
tmp_data = NULL;
else
data = tmp_data;
}
src = create_mbuf_from_vardata(data);
dst = mbuf_create(VARSIZE(data) + 128);
/*
* reserve room for header
*/
mbuf_append(dst, tmp, VARHDRSZ);
/*
* set key
*/
if (is_pubenc)
{
MBuf *kbuf = create_mbuf_from_vardata(key);
err = pgp_set_pubkey(ctx, kbuf,
NULL, 0, 0);
mbuf_free(kbuf);
}
else
err = pgp_set_symkey(ctx, (uint8 *) VARDATA(key),
VARSIZE(key) - VARHDRSZ);
/*
* encrypt
*/
if (err >= 0)
err = pgp_encrypt(ctx, src, dst);
/*
* check for error
*/
if (err)
{
if (ex.debug)
px_set_debug_handler(NULL);
if (tmp_data)
clear_and_pfree(tmp_data);
pgp_free(ctx);
mbuf_free(src);
mbuf_free(dst);
ereport(ERROR,
(errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
errmsg("%s", px_strerror(err))));
}
/* res_len includes VARHDRSZ */
res_len = mbuf_steal_data(dst, &restmp);
res = (bytea *) restmp;
SET_VARSIZE(res, res_len);
if (tmp_data)
clear_and_pfree(tmp_data);
pgp_free(ctx);
mbuf_free(src);
mbuf_free(dst);
px_set_debug_handler(NULL);
return res;
}
SSL_CTX *
tls_init(srv_t * srv)
{
char path[_POSIX_PATH_MAX];
SSL_CTX *ctx;
int r;
char errorstr[1024];
unsigned long e;
SSL_library_init();
SSL_load_error_strings(); /* basic set up */
OpenSSL_add_ssl_algorithms();
/*
* Create a TLS context
*/
if (!(ctx = SSL_CTX_new(SSLv23_method()))) {
LOG(SPOCP_ERR) traceLog(LOG_ERR,"Error allocation SSL_CTX");
return 0;
}
LOG(SPOCP_DEBUG) traceLog(LOG_DEBUG,"Do we have enough randomness ??");
if (!RAND_status()) {
/*
* load entropy from files
*/
add_entropy(srv->SslEntropyFile);
add_entropy(RAND_file_name(path, sizeof(path)));
/*
* load entropy from egd sockets
*/
#ifdef HAVE_RAND_EGD
add_entropy(getenv("EGDSOCKET"));
snprintf(path, sizeof(path), "%s/.entropy", NONULL(Homedir));
add_entropy(path);
add_entropy("/tmp/entropy");
#endif
/*
* shuffle $RANDFILE (or ~/.rnd if unset)
*/
RAND_write_file(RAND_file_name(path, sizeof(path)));
if (!RAND_status()) {
LOG(SPOCP_ERR)
traceLog(LOG_ERR,
"Failed to find enough entropy on your system");
return 0;
}
}
/*
* Initialize with DH parameters if supplied
*/
if (srv->dhFile) {
if (init_dh(ctx, (unsigned char *) srv->dhFile) == FALSE) {
LOG(SPOCP_ERR) traceLog(LOG_ERR,"Error initializing DH");
SSL_CTX_free(ctx);
return 0;
} else
LOG(SPOCP_ERR) traceLog(LOG_ERR,"Initializing DH OK");
}
/*
* and a RSA key too
*/
if (generate_eph_rsa_key(ctx, 512) == FALSE) {
LOG(SPOCP_ERR) traceLog(LOG_ERR,"Error initializing RSA key");
SSL_CTX_free(ctx);
return 0;
} else
LOG(SPOCP_ERR) traceLog(LOG_ERR,"Initializing RSA key OK");
/*
* Set up certificates and keys
*/
if (srv->certificateFile != NULL) {
LOG(SPOCP_INFO) traceLog(LOG_INFO,"Reading Certificate File");
if (!SSL_CTX_use_certificate_chain_file
(ctx, srv->certificateFile)) {
LOG(SPOCP_ERR)
traceLog(LOG_ERR,"Error in SSL_CTX_use_certificate_file");
SSL_CTX_free(ctx);
return 0;
}
}
if (srv->privateKey != NULL) {
if (srv->passwd) {
SSL_CTX_set_default_passwd_cb_userdata(ctx,
(void *) srv->
passwd);
SSL_CTX_set_default_passwd_cb(ctx, password_cb);
}
LOG(SPOCP_INFO) traceLog(LOG_INFO,"Reading Private Key File");
r = SSL_CTX_use_PrivateKey_file(ctx, srv->privateKey,
SSL_FILETYPE_PEM);
if (r == 0) {
e = ERR_get_error();
ERR_error_string_n(e, errorstr, 1024);
LOG(SPOCP_ERR)
traceLog(LOG_ERR,"Error in SSL_CTX_use_PrivateKey_file");
LOG(SPOCP_ERR) traceLog(LOG_ERR,"%s", errorstr);
SSL_CTX_free(ctx);
return 0;
}
}
if (srv->caList != NULL) {
LOG(SPOCP_INFO) traceLog(LOG_INFO,"Reading Trusted CAs File");
if (!SSL_CTX_load_verify_locations(ctx, srv->caList, 0)) {
LOG(SPOCP_ERR)
traceLog(LOG_ERR,"Error in SSL_CTX_load_verify_locations");
SSL_CTX_free(ctx);
return 0;
}
}
if (srv->clientcert == NONE)
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback_ok);
else {
int i = SSL_VERIFY_PEER;
if (srv->clientcert == HARD)
i |= SSL_VERIFY_CLIENT_ONCE;
SSL_CTX_set_verify(ctx, i, verify_callback);
}
SSL_CTX_set_verify_depth(ctx, srv->sslverifydepth);
SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
if (SSL_CTX_set_cipher_list(ctx, CIPHER_LIST) != 1) {
LOG(SPOCP_ERR) traceLog(LOG_ERR,"No valid ciphers in cipherlist");
SSL_CTX_free(ctx);
return 0;
}
LOG(SPOCP_DEBUG) traceLog(LOG_DEBUG,"Initialised TLS");
return ctx;
}
static int
fortuna_reseed(void)
{
int entropy_p = 0;
if (!init_done)
abort();
#ifndef NO_RAND_UNIX_METHOD
{
unsigned char buf[INIT_BYTES];
if ((*hc_rand_unix_method.bytes)(buf, sizeof(buf)) == 1) {
add_entropy(&main_state, buf, sizeof(buf));
entropy_p = 1;
memset(buf, 0, sizeof(buf));
}
}
#endif
#ifdef HAVE_ARC4RANDOM
{
uint32_t buf[INIT_BYTES / sizeof(uint32_t)];
int i;
for (i = 0; i < sizeof(buf)/sizeof(buf[0]); i++)
buf[i] = arc4random();
add_entropy(&main_state, (void *)buf, sizeof(buf));
entropy_p = 1;
}
#endif
/*
* Fall back to gattering data from timer and secret files, this
* is really the last resort.
*/
if (!entropy_p) {
/* to save stackspace */
union {
unsigned char buf[INIT_BYTES];
unsigned char shad[1001];
} u;
int fd;
/* add timer info */
if ((*hc_rand_timer_method.bytes)(u.buf, sizeof(u.buf)) == 1)
add_entropy(&main_state, u.buf, sizeof(u.buf));
/* add /etc/shadow */
fd = open("/etc/shadow", O_RDONLY, 0);
if (fd >= 0) {
ssize_t n;
rk_cloexec(fd);
/* add_entropy will hash the buf */
while ((n = read(fd, (char *)u.shad, sizeof(u.shad))) > 0)
add_entropy(&main_state, u.shad, sizeof(u.shad));
close(fd);
}
memset(&u, 0, sizeof(u));
entropy_p = 1; /* sure about this ? */
}
{
pid_t pid = getpid();
add_entropy(&main_state, (void *)&pid, sizeof(pid));
}
{
struct timeval tv;
gettimeofday(&tv, NULL);
add_entropy(&main_state, (void *)&tv, sizeof(tv));
}
#ifdef HAVE_GETUID
{
uid_t u = getuid();
add_entropy(&main_state, (void *)&u, sizeof(u));
}
#endif
return entropy_p;
}
