diff options
| -rw-r--r-- | main.cpp | 38 | ||||
| -rw-r--r-- | node/Node.cpp | 20 | ||||
| -rw-r--r-- | selftest.cpp | 33 |
3 files changed, 80 insertions, 11 deletions
@@ -34,7 +34,9 @@ #include <stdexcept> #include <iostream> -#ifdef _WIN32 +#include "node/Constants.hpp" + +#ifdef __WINDOWS__ #include <Windows.h> #else #include <unistd.h> @@ -44,6 +46,8 @@ #include <signal.h> #endif +#include <openssl/rand.h> + #include "node/Node.hpp" #include "node/Utils.hpp" @@ -51,6 +55,36 @@ using namespace ZeroTier; +// --------------------------------------------------------------------------- +// Override libcrypto default RAND_ with Utils::getSecureRandom(), which uses +// a system strong random source. This is because OpenSSL libcrypto's default +// RAND_ implementation uses uninitialized memory as one of its entropy +// sources, which plays havoc with all kinds of debuggers and auditing tools. + +static void _zeroTier_rand_cleanup() {} +static void _zeroTier_rand_add(const void *buf, int num, double add_entropy) {} +static int _zeroTier_rand_status() { return 1; } +static void _zeroTier_rand_seed(const void *buf, int num) {} +static int _zeroTier_rand_bytes(unsigned char *buf, int num) +{ + Utils::getSecureRandom(buf,num); + return 1; +} +static RAND_METHOD _zeroTierRandMethod = { + _zeroTier_rand_seed, + _zeroTier_rand_bytes, + _zeroTier_rand_cleanup, + _zeroTier_rand_add, + _zeroTier_rand_bytes, + _zeroTier_rand_status +}; +static void _initLibCrypto() +{ + RAND_set_rand_method(&_zeroTierRandMethod); +} + +// --------------------------------------------------------------------------- + static Node *node = (Node *)0; static void printHelp(const char *cn,FILE *out) @@ -81,6 +115,8 @@ int main(int argc,char **argv) signal(SIGQUIT,&sighandlerQuit); #endif + _initLibCrypto(); + if (argc < 2) { printHelp(argv[0],stderr); return ZT_EXEC_RETURN_VALUE_NORMAL_TERMINATION; diff --git a/node/Node.cpp b/node/Node.cpp index 47125854..2cacab56 100644 --- a/node/Node.cpp +++ b/node/Node.cpp @@ -37,16 +37,6 @@ #include <vector> #include <string> -#ifdef _WIN32 -#include <Windows.h> -#else -#include <fcntl.h> -#include <unistd.h> -#include <signal.h> -#include <sys/file.h> -#include <sys/stat.h> -#endif - #include "Condition.hpp" #include "Node.hpp" #include "Topology.hpp" @@ -71,6 +61,16 @@ #include "CMWC4096.hpp" #include "Service.hpp" +#ifdef __WINDOWS__ +#include <Windows.h> +#else +#include <fcntl.h> +#include <unistd.h> +#include <signal.h> +#include <sys/file.h> +#include <sys/stat.h> +#endif + #include "../version.h" namespace ZeroTier { diff --git a/selftest.cpp b/selftest.cpp index a8266ca3..5a5288be 100644 --- a/selftest.cpp +++ b/selftest.cpp @@ -47,8 +47,40 @@ #include "node/NodeConfig.hpp" #include "node/Dictionary.hpp" +#include <openssl/rand.h> + using namespace ZeroTier; +// --------------------------------------------------------------------------- +// Override libcrypto default RAND_ with Utils::getSecureRandom(), which uses +// a system strong random source. This is because OpenSSL libcrypto's default +// RAND_ implementation uses uninitialized memory as one of its entropy +// sources, which plays havoc with all kinds of debuggers and auditing tools. + +static void _zeroTier_rand_cleanup() {} +static void _zeroTier_rand_add(const void *buf, int num, double add_entropy) {} +static int _zeroTier_rand_status() { return 1; } +static void _zeroTier_rand_seed(const void *buf, int num) {} +static int _zeroTier_rand_bytes(unsigned char *buf, int num) +{ + Utils::getSecureRandom(buf,num); + return 1; +} +static RAND_METHOD _zeroTierRandMethod = { + _zeroTier_rand_seed, + _zeroTier_rand_bytes, + _zeroTier_rand_cleanup, + _zeroTier_rand_add, + _zeroTier_rand_bytes, + _zeroTier_rand_status +}; +static void _initLibCrypto() +{ + RAND_set_rand_method(&_zeroTierRandMethod); +} + +// --------------------------------------------------------------------------- + static unsigned char fuzzbuf[1048576]; static const char *hmacShaTV0Key = "key"; @@ -332,6 +364,7 @@ int main(int argc,char **argv) { int r = 0; + _initLibCrypto(); srand(time(0)); r |= testCrypto(); |