isc_result_t dst__openssl_init() { isc_result_t result; #ifdef DNS_CRYPTO_LEAKS CRYPTO_malloc_debug_init(); CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); #endif CRYPTO_set_mem_functions(mem_alloc, mem_realloc, mem_free); nlocks = CRYPTO_num_locks(); locks = mem_alloc(sizeof(isc_mutex_t) * nlocks); if (locks == NULL) return (ISC_R_NOMEMORY); result = isc_mutexblock_init(locks, nlocks); if (result != ISC_R_SUCCESS) goto cleanup_mutexalloc; CRYPTO_set_locking_callback(lock_callback); CRYPTO_set_id_callback(id_callback); rm = mem_alloc(sizeof(RAND_METHOD)); if (rm == NULL) { result = ISC_R_NOMEMORY; goto cleanup_mutexinit; } rm->seed = NULL; rm->bytes = entropy_get; rm->cleanup = NULL; rm->add = entropy_add; rm->pseudorand = entropy_getpseudo; rm->status = entropy_status; #ifdef USE_ENGINE e = ENGINE_new(); if (e == NULL) { result = ISC_R_NOMEMORY; goto cleanup_rm; } ENGINE_set_RAND(e, rm); RAND_set_rand_method(rm); #else RAND_set_rand_method(rm); #endif /* USE_ENGINE */ return (ISC_R_SUCCESS); #ifdef USE_ENGINE cleanup_rm: mem_free(rm); #endif cleanup_mutexinit: CRYPTO_set_locking_callback(NULL); DESTROYMUTEXBLOCK(locks, nlocks); cleanup_mutexalloc: mem_free(locks); return (result); }
/* * OpenSSL random should re-feeded occasionally. From /dev/urandom * preferably. */ static void init_openssl_rand(void) { if (RAND_get_rand_method() == NULL) { #ifdef HAVE_RAND_OPENSSL RAND_set_rand_method(RAND_OpenSSL()); #else RAND_set_rand_method(RAND_SSLeay()); #endif } openssl_random_init = 1; }
int restore_rand(void) { if (!RAND_set_rand_method(old_rand)) return 0; else return 1; }
/* * OpenSSL random should re-feeded occasionally. From /dev/urandom * preferably. */ static void init_openssl_rand(void) { if (RAND_get_rand_method() == NULL) RAND_set_rand_method(RAND_SSLeay()); openssl_random_init = 1; }
void RAND_cleanup(void) { const RAND_METHOD *meth = RAND_get_rand_method(); if (meth && meth->cleanup) meth->cleanup(); RAND_set_rand_method(NULL); }
void set_random_seed_for_testing(const fc::sha512& new_seed) { _warn(); RAND_set_rand_method(&deterministic_rand_vtable); seed = new_seed; return; }
void RAND_cleanup(void) { const RAND_METHOD *meth = RAND_get_rand_method(); if (meth && meth->cleanup) meth->cleanup(); #ifndef OPERA_SMALL_VERSION RAND_set_rand_method(NULL); #endif // !OPERA_SMALL_VERSION }
void rand_cleanup_int(void) { const RAND_METHOD *meth = default_RAND_meth; if (meth && meth->cleanup) meth->cleanup(); RAND_set_rand_method(NULL); CRYPTO_THREAD_lock_free(rand_meth_lock); #ifndef OPENSSL_NO_ENGINE CRYPTO_THREAD_lock_free(rand_engine_lock); #endif }
int FIPS_mode_set(int r) { OPENSSL_init(); #ifdef OPENSSL_FIPS #ifndef FIPS_AUTH_USER_PASS #define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password" #endif if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS)) return 0; if (r) RAND_set_rand_method(FIPS_rand_get_method()); else RAND_set_rand_method(NULL); return 1; #else if (r == 0) return 1; CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED); return 0; #endif }
void ENGINE_cleanup(void) { if(int_cleanup_check(0)) { sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack, engine_cleanup_cb_free); cleanup_stack = NULL; } /* FIXME: This should be handled (somehow) through RAND, eg. by it * registering a cleanup callback. */ RAND_set_rand_method(NULL); }
void setup_rng() { RAND_METHOD ios_rand { ios_rand_seed, ios_rand_bytes, ios_rand_cleanup, ios_rand_add, ios_rand_pseudorand, ios_rand_status }; RAND_set_rand_method(&ios_rand); }
/* called after g_module_check_init(), after shadow searches for __shadow_plugin_init__ */ void __shadow_plugin_init__(ShadowFunctionTable* shadowlibFuncs) { /* save the shadow functions we will use */ scallion.shadowlibFuncs = shadowlibFuncs; /* tell shadow which functions it should call to manage nodes */ shadowlibFuncs->registerPlugin(&_scallion_new, &_scallion_free, &_scallion_notify); shadowlibFuncs->log(SHADOW_LOG_LEVEL_INFO, __FUNCTION__, "finished registering scallion plug-in state"); /* setup openssl locks */ #define OPENSSL_THREAD_DEFINES #include <openssl/opensslconf.h> #if defined(OPENSSL_THREADS) /* thread support enabled */ /* make sure openssl uses Shadow's random sources and make crypto thread-safe */ const RAND_METHOD* shadowRandomMethod = NULL; CRYPTO_lock_func shadowLockFunc = NULL; CRYPTO_id_func shadowIdFunc = NULL; int nLocks = CRYPTO_num_locks(); gboolean success = shadowlibFuncs->cryptoSetup(nLocks, (gpointer*)&shadowLockFunc, (gpointer*)&shadowIdFunc, (gconstpointer*)&shadowRandomMethod); if(!success) { /* ok, lets see if we can get shadow function pointers through LD_PRELOAD */ shadowRandomMethod = RAND_get_rand_method(); shadowLockFunc = CRYPTO_get_locking_callback(); shadowIdFunc = CRYPTO_get_id_callback(); } CRYPTO_set_locking_callback(shadowLockFunc); CRYPTO_set_id_callback(shadowIdFunc); RAND_set_rand_method(shadowRandomMethod); shadowlibFuncs->log(SHADOW_LOG_LEVEL_INFO, __FUNCTION__, "finished initializing crypto thread state"); #else /* no thread support */ shadowlibFuncs->log(SHADOW_LOG_LEVEL_CRITICAL, __FUNCTION__, "please rebuild openssl with threading support. expect segfaults."); #endif /* setup libevent locks */ #ifdef EVTHREAD_USE_PTHREADS_IMPLEMENTED if(evthread_use_pthreads()) { shadowlibFuncs->log(SHADOW_LOG_LEVEL_CRITICAL, __FUNCTION__, "error in evthread_use_pthreads()"); } shadowlibFuncs->log(SHADOW_LOG_LEVEL_MESSAGE, __FUNCTION__, "finished initializing event thread state evthread_use_pthreads()"); #else shadowlibFuncs->log(SHADOW_LOG_LEVEL_CRITICAL, __FUNCTION__, "please rebuild libevent with threading support, or link with event_pthread. expect segfaults."); #endif }
static int change_rand(void) { /* save old rand method */ if (!TEST_ptr(old_rand = RAND_get_rand_method())) return 0; fake_rand = *old_rand; /* use own random function */ fake_rand.bytes = fbytes; /* set new RAND_METHOD */ if (!TEST_true(RAND_set_rand_method(&fake_rand))) return 0; return 1; }
void rand_cleanup_int(void) { const RAND_METHOD *meth = default_RAND_meth; if (meth != NULL && meth->cleanup != NULL) meth->cleanup(); RAND_set_rand_method(NULL); #ifndef OPENSSL_NO_ENGINE CRYPTO_THREAD_lock_free(rand_engine_lock); #endif CRYPTO_THREAD_lock_free(rand_meth_lock); CRYPTO_THREAD_lock_free(rand_bytes.lock); if (rand_bytes.secure) OPENSSL_secure_clear_free(rand_bytes.buff, rand_bytes.size); else OPENSSL_clear_free(rand_bytes.buff, rand_bytes.size); }
int RAND_set_rand_engine(ENGINE *engine) { const RAND_METHOD *tmp_meth = NULL; if (engine) { if (!ENGINE_init(engine)) return 0; tmp_meth = ENGINE_get_RAND(engine); if (!tmp_meth) { ENGINE_finish(engine); return 0; } } /* This function releases any prior ENGINE so call it first */ RAND_set_rand_method(tmp_meth); funct_ref = engine; return 1; }
int change_rand(void) { /* save old rand method */ if ((old_rand = RAND_get_rand_method()) == NULL) return 0; fake_rand.seed = old_rand->seed; fake_rand.cleanup = old_rand->cleanup; fake_rand.add = old_rand->add; fake_rand.status = old_rand->status; /* use own random function */ fake_rand.bytes = fbytes; fake_rand.pseudorand = old_rand->bytes; /* set new RAND_METHOD */ if (!RAND_set_rand_method(&fake_rand)) return 0; return 1; }
int ssl_configure(GLOBAL_OPTIONS *global) { /* configure global SSL settings */ #ifdef USE_FIPS if(FIPS_mode()!=global->option.fips) { RAND_set_rand_method(NULL); /* reset RAND methods */ if(!FIPS_mode_set(global->option.fips)) { ERR_load_crypto_strings(); sslerror("FIPS_mode_set"); return 1; } } s_log(LOG_NOTICE, "FIPS mode %s", global->option.fips ? "enabled" : "disabled"); #endif /* USE_FIPS */ #ifndef OPENSSL_NO_COMP if(compression_init(global)) return 1; #endif /* OPENSSL_NO_COMP */ if(prng_init(global)) return 1; s_log(LOG_DEBUG, "PRNG seeded successfully"); return 0; /* SUCCESS */ }
int RAND_set_rand_engine(ENGINE *engine) { const RAND_METHOD *tmp_meth = NULL; if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init)) return 0; if (engine) { if (!ENGINE_init(engine)) return 0; tmp_meth = ENGINE_get_RAND(engine); if (tmp_meth == NULL) { ENGINE_finish(engine); return 0; } } CRYPTO_THREAD_write_lock(rand_engine_lock); /* This function releases any prior ENGINE so call it first */ RAND_set_rand_method(tmp_meth); funct_ref = engine; CRYPTO_THREAD_unlock(rand_engine_lock); return 1; }
int main(int argc, char **argv) { int idx = 0; char *buffer; char path[MAXPATHLEN]; setprogname(argv[0]); if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &idx)) usage(1); if (help_flag) usage(0); if(version_flag){ print_version(NULL); exit(0); } if (argc != idx) usage(1); buffer = emalloc(len); if (rand_method) { if (0) { } #ifndef NO_RAND_FORTUNA_METHOD else if (strcasecmp(rand_method, "fortuna") == 0) RAND_set_rand_method(RAND_fortuna_method()); #endif #ifndef NO_RAND_UNIX_METHOD else if (strcasecmp(rand_method, "unix") == 0) RAND_set_rand_method(RAND_unix_method()); #endif #ifdef WIN32 else if (strcasecmp(rand_method, "w32crypto") == 0) RAND_set_rand_method(RAND_w32crypto_method()); #endif else errx(1, "unknown method %s", rand_method); } if (RAND_file_name(path, sizeof(path)) == NULL) errx(1, "RAND_file_name failed"); if (RAND_status() != 1) errx(1, "random not ready yet"); if (RAND_bytes(buffer, len) != 1) errx(1, "RAND_bytes"); if (filename) rk_dumpdata(filename, buffer, len); /* head vs tail */ if (len >= 100000) { unsigned bytes[256]; unsigned bits[8]; size_t bit, i; double res; double slen = sqrt((double)len); memset(bits, 0, sizeof(bits)); memset(bytes, 0, sizeof(bytes)); for (i = 0; i < len; i++) { unsigned char c = ((unsigned char *)buffer)[i]; bytes[c]++; for (bit = 0; bit < 8 && c; bit++) { if (c & 1) bits[bit]++; c = c >> 1; } } /* * The count for each bit value has a mean of n*p = len/2, * and a standard deviation of sqrt(n*p*q) ~ sqrt(len/4). * Normalizing by dividing by "n*p", we get a mean of 1 and * a standard deviation of sqrt(q/n*p) = 1/sqrt(len). * * A 5.33-sigma event happens 1 time in 10 million. * A 5.73-sigma event happens 1 time in 100 million. * A 6.11-sigma event happens 1 time in 1000 million. * * We tolerate 5.33-sigma events (we have 8 not entirely * independent chances of skewed results) and want to fail * with a good RNG less often than 1 time in million. */ for (bit = 0; bit < 8; bit++) { res = slen * fabs(1.0 - 2 * (double)bits[bit] / len); if (res > 5.33) errx(1, "head%d vs tail%d: %.1f-sigma (%d of %d)", (int)bit, (int)bit, res, bits[bit], len); printf("head vs tails bit%d: %f-sigma\n", (int)bit, res); } /* * The count of each byte value has a mean of n*p = len/256, * and a standard deviation of sqrt(n*p*q) ~ sqrt(len/256). * Normalizing by dividing by "n*p", we get a mean of 1 and * a standard deviation of sqrt(q/n*p) ~ 16/sqrt(len). * * We tolerate 5.73-sigma events (we have 256 not entirely * independent chances of skewed results). Note, for example, * a 5.2-sigma event was observed in ~5,000 runs. */ for (i = 0; i < 256; i++) { res = (slen / 16) * fabs(1.0 - 256 * (double)bytes[i] / len); if (res > 5.73) errx(1, "byte %d: %.1f-sigma (%d of %d)", (int) i, res, bytes[i], len); printf("byte %d: %f-sigma\n", (int)i, res); } }
isc_result_t dst__openssl_init(const char *engine) { isc_result_t result; #ifdef USE_ENGINE ENGINE *re; #else UNUSED(engine); #endif #ifdef DNS_CRYPTO_LEAKS CRYPTO_malloc_debug_init(); CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); #endif CRYPTO_set_mem_functions(mem_alloc, mem_realloc, mem_free); nlocks = CRYPTO_num_locks(); locks = mem_alloc(sizeof(isc_mutex_t) * nlocks); if (locks == NULL) return (ISC_R_NOMEMORY); result = isc_mutexblock_init(locks, nlocks); if (result != ISC_R_SUCCESS) goto cleanup_mutexalloc; CRYPTO_set_locking_callback(lock_callback); #if OPENSSL_VERSION_NUMBER < 0x10100000L CRYPTO_set_id_callback(id_callback); #endif ERR_load_crypto_strings(); rm = mem_alloc(sizeof(RAND_METHOD)); if (rm == NULL) { result = ISC_R_NOMEMORY; goto cleanup_mutexinit; } rm->seed = NULL; rm->bytes = entropy_get; rm->cleanup = NULL; rm->add = entropy_add; rm->pseudorand = entropy_getpseudo; rm->status = entropy_status; #ifdef USE_ENGINE OPENSSL_config(NULL); if (engine != NULL && *engine == '\0') engine = NULL; if (engine != NULL) { e = ENGINE_by_id(engine); if (e == NULL) { result = DST_R_NOENGINE; goto cleanup_rm; } /* This will init the engine. */ if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { result = DST_R_NOENGINE; goto cleanup_rm; } } re = ENGINE_get_default_RAND(); if (re == NULL) { re = ENGINE_new(); if (re == NULL) { result = ISC_R_NOMEMORY; goto cleanup_rm; } ENGINE_set_RAND(re, rm); ENGINE_set_default_RAND(re); ENGINE_free(re); } else ENGINE_finish(re); #else RAND_set_rand_method(rm); #endif /* USE_ENGINE */ return (ISC_R_SUCCESS); #ifdef USE_ENGINE cleanup_rm: if (e != NULL) ENGINE_free(e); e = NULL; mem_free(rm); rm = NULL; #endif cleanup_mutexinit: CRYPTO_set_locking_callback(NULL); DESTROYMUTEXBLOCK(locks, nlocks); cleanup_mutexalloc: mem_free(locks); locks = NULL; return (result); }
isc_result_t dst__openssl_init() { isc_result_t result; #ifdef USE_ENGINE /* const char *name; */ ENGINE *re; #endif #ifdef DNS_CRYPTO_LEAKS CRYPTO_malloc_debug_init(); CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); #endif CRYPTO_set_mem_functions(mem_alloc, mem_realloc, mem_free); nlocks = CRYPTO_num_locks(); locks = mem_alloc(sizeof(isc_mutex_t) * nlocks); if (locks == NULL) return (ISC_R_NOMEMORY); result = isc_mutexblock_init(locks, nlocks); if (result != ISC_R_SUCCESS) goto cleanup_mutexalloc; CRYPTO_set_locking_callback(lock_callback); CRYPTO_set_id_callback(id_callback); rm = mem_alloc(sizeof(RAND_METHOD)); if (rm == NULL) { result = ISC_R_NOMEMORY; goto cleanup_mutexinit; } rm->seed = NULL; rm->bytes = entropy_get; rm->cleanup = NULL; rm->add = entropy_add; rm->pseudorand = entropy_getpseudo; rm->status = entropy_status; #ifdef USE_ENGINE OPENSSL_config(NULL); #ifdef USE_PKCS11 #ifndef PKCS11_SO_PATH #define PKCS11_SO_PATH "/usr/local/lib/engines/engine_pkcs11.so" #endif #ifndef PKCS11_MODULE_PATH #define PKCS11_MODULE_PATH "/usr/lib/libpkcs11.so" #endif { /* * to use this to config the PIN, add in openssl.cnf: * - at the beginning: "openssl_conf = openssl_def" * - at any place these sections: * [ openssl_def ] * engines = engine_section * [ engine_section ] * pkcs11 = pkcs11_section * [ pkcs11_section ] * PIN = my___pin */ const char *pre_cmds[] = { "SO_PATH", PKCS11_SO_PATH, "LOAD", NULL, "MODULE_PATH", PKCS11_MODULE_PATH }; const char *post_cmds[] = { /* "PIN", "my___pin" */ }; result = dst__openssl_load_engine("pkcs11", "pkcs11", pre_cmds, 0, post_cmds, /*1*/ 0); if (result != ISC_R_SUCCESS) goto cleanup_rm; } #endif /* USE_PKCS11 */ if (engine_id != NULL) { e = ENGINE_by_id(engine_id); if (e == NULL) { result = ISC_R_NOTFOUND; goto cleanup_rm; } if (!ENGINE_init(e)) { result = ISC_R_FAILURE; ENGINE_free(e); goto cleanup_rm; } ENGINE_set_default(e, ENGINE_METHOD_ALL); ENGINE_free(e); } else { ENGINE_register_all_complete(); for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) { /* * Something weird here. If we call ENGINE_finish() * ENGINE_get_default_RAND() will fail. */ if (ENGINE_init(e)) { if (he == NULL) he = e; } } } re = ENGINE_get_default_RAND(); if (re == NULL) { re = ENGINE_new(); if (re == NULL) { result = ISC_R_NOMEMORY; goto cleanup_rm; } ENGINE_set_RAND(re, rm); ENGINE_set_default_RAND(re); ENGINE_free(re); } else ENGINE_finish(re); #else RAND_set_rand_method(rm); #endif /* USE_ENGINE */ return (ISC_R_SUCCESS); #ifdef USE_ENGINE cleanup_rm: mem_free(rm); #endif cleanup_mutexinit: CRYPTO_set_locking_callback(NULL); DESTROYMUTEXBLOCK(locks, nlocks); cleanup_mutexalloc: mem_free(locks); return (result); }
int main(int argc, char **argv) { int idx = 0; char *buffer; char path[MAXPATHLEN]; setprogname(argv[0]); if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &idx)) usage(1); if (help_flag) usage(0); if(version_flag){ print_version(NULL); exit(0); } argc -= idx; argv += idx; if (argc != 0) usage(1); buffer = emalloc(len); if (rand_method) { if (0) { } #ifndef NO_RAND_FORTUNA_METHOD else if (strcasecmp(rand_method, "fortuna") == 0) RAND_set_rand_method(RAND_fortuna_method()); #endif #ifndef NO_RAND_UNIX_METHOD else if (strcasecmp(rand_method, "unix") == 0) RAND_set_rand_method(RAND_unix_method()); #endif #ifndef NO_RAND_EGD_METHOD else if (strcasecmp(rand_method, "egd") == 0) RAND_set_rand_method(RAND_egd_method()); #endif #ifdef WIN32 else if (strcasecmp(rand_method, "w32crypto") == 0) RAND_set_rand_method(RAND_w32crypto_method()); #endif else errx(1, "unknown method %s", rand_method); } if (RAND_file_name(path, sizeof(path)) == NULL) errx(1, "RAND_file_name failed"); if (RAND_status() != 1) errx(1, "random not ready yet"); if (RAND_bytes(buffer, len) != 1) errx(1, "RAND_bytes"); if (filename) rk_dumpdata(filename, buffer, len); /* head vs tail */ if (len >= 100000) { int bit, i; double res; int bits[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; for (i = 0; i < len; i++) { unsigned char c = ((unsigned char *)buffer)[i]; for (bit = 0; bit < 8 && c; bit++) { if (c & 1) bits[bit]++; c = c >> 1; } } for (bit = 0; bit < 8; bit++) { res = ((double)abs(len - bits[bit] * 2)) / (double)len; if (res > 0.005) errx(1, "head%d vs tail%d > 0.5%%%% %lf == %d vs %d", bit, bit, res, len, bits[bit]); printf("head vs tails bit%d: %lf\n", bit, res); } }
void set_random_seed_for_testing(const fc::sha512& new_seed) { RAND_set_rand_method(RAND_stdlib()); seed = new_seed; }
void FuzzerSetRand(void) { RAND_set_rand_method(&fuzz_rand_method); }
static int restore_rand(void) { if (!TEST_true(RAND_set_rand_method(old_rand))) return 0; return 1; }