diff options
Diffstat (limited to 'main.cpp')
| -rw-r--r-- | main.cpp | 38 |
1 files changed, 37 insertions, 1 deletions
@@ -34,7 +34,9 @@ #include <stdexcept> #include <iostream> -#ifdef _WIN32 +#include "node/Constants.hpp" + +#ifdef __WINDOWS__ #include <Windows.h> #else #include <unistd.h> @@ -44,6 +46,8 @@ #include <signal.h> #endif +#include <openssl/rand.h> + #include "node/Node.hpp" #include "node/Utils.hpp" @@ -51,6 +55,36 @@ using namespace ZeroTier; +// --------------------------------------------------------------------------- +// Override libcrypto default RAND_ with Utils::getSecureRandom(), which uses +// a system strong random source. This is because OpenSSL libcrypto's default +// RAND_ implementation uses uninitialized memory as one of its entropy +// sources, which plays havoc with all kinds of debuggers and auditing tools. + +static void _zeroTier_rand_cleanup() {} +static void _zeroTier_rand_add(const void *buf, int num, double add_entropy) {} +static int _zeroTier_rand_status() { return 1; } +static void _zeroTier_rand_seed(const void *buf, int num) {} +static int _zeroTier_rand_bytes(unsigned char *buf, int num) +{ + Utils::getSecureRandom(buf,num); + return 1; +} +static RAND_METHOD _zeroTierRandMethod = { + _zeroTier_rand_seed, + _zeroTier_rand_bytes, + _zeroTier_rand_cleanup, + _zeroTier_rand_add, + _zeroTier_rand_bytes, + _zeroTier_rand_status +}; +static void _initLibCrypto() +{ + RAND_set_rand_method(&_zeroTierRandMethod); +} + +// --------------------------------------------------------------------------- + static Node *node = (Node *)0; static void printHelp(const char *cn,FILE *out) @@ -81,6 +115,8 @@ int main(int argc,char **argv) signal(SIGQUIT,&sighandlerQuit); #endif + _initLibCrypto(); + if (argc < 2) { printHelp(argv[0],stderr); return ZT_EXEC_RETURN_VALUE_NORMAL_TERMINATION; |