Latest idea to force usage of custom engine

Frederick Gotham cauldwell.thomas at gmail.com
Thu Nov 7 08:44:18 UTC 2019 

 
> I'm going to keep at this until every process (including ssh-keygen) is 
> using my custom engine for random numbers.


Now every process that links with 'libcrypto.so' is segfaulting in 
libpthread-2.28.so. Here's the error:

    openssl[1744]: segfault at 18 ip 00007f1798d44930 sp 00007ffcf46bb1b8 
error 4 in libpthread-2.28.so[7f1798d38000+1a000]

Here's the totality of the changes I've made. . . I added the following to 
"rand_lib.c":


/* =================== The fields in RAND_METHOD ====================== 
    int (*seed) (const void *buf, int num);
    int (*bytes) (unsigned char *buf, int num);
    void (*cleanup) (void);
    int (*add) (const void *buf, int num, double randomness);
    int (*pseudorand) (unsigned char *buf, int num);
    int (*status) (void);
   ==================================================================== */

#include <assert.h>

static int Supplemented_seed(const void *buf, int num) { (void)buf; (void)
num; return 1; }

static void Supplemented_cleanup(void) { /* Do Nothing */ return; }

static int Supplemented_add(const void *buf, int num, double randomness) 
{ (void)buf; (void)num; (void)randomness; return 1; }

static int Supplemented_status(void) { /* Do Nothing */ return 1; }

static CRYPTO_ONCE crypto_once_tpm2_init = CRYPTO_ONCE_STATIC_INIT;

DEFINE_RUN_ONCE_STATIC(Do_Whatever_Needs_Done_For_TPM2)
{
	/* Initialize the dynamic engine loader */
	ENGINE_load_dynamic();

	ENGINE *tpm2_engine;
 
	/* If the first fails, try the second one */
	(tpm2_engine = ENGINE_by_id("tpm2tss")) || (tpm2_engine = 
ENGINE_by_id("libtpm2tss"));
	
	if ( NULL == tpm2_engine )
	{
		assert( 0 == "Do_Whatever_Needs_Done_For_TPM2: NULL == tpm2
_engine" );
		abort();
	}

	int const init_res = ENGINE_init(tpm2_engine);
	
	if ( 0 == init_res )
	{
		assert( 0 == "Do_Whatever_Needs_Done_For_TPM2: 0 == 
init_res" );
		abort();
	}
		
	RAND_METHOD const *const p_rm = ENGINE_get_RAND(tpm2_engine);

	if ( NULL == p_rm )
	{
		assert( 0 == "Do_Whatever_Needs_Done_For_TPM2: NULL == 
p_rm" );
		abort();
	}
	
	static RAND_METHOD funcptrs = {
		Supplemented_seed,          /* seed() */
		0,							/* bytes() */
		Supplemented_cleanup,       /* cleanup() */
		Supplemented_add,           /* add() */
		0,			                /* pseudorand() */
		Supplemented_status                 /* status() */
	};
	
	CRYPTO_THREAD_write_lock(rand_meth_lock);
		funcptrs.bytes = p_rm->bytes;
		funcptrs.pseudorand = p_rm->pseudorand;	
		funct_ref = tpm2_engine;
		default_RAND_meth = &funcptrs;
		rand_meth = funcptrs;  /* Even set the Drbg func pointers */
	CRYPTO_THREAD_unlock(rand_meth_lock);
	
	return 0;
}

const RAND_METHOD *RAND_get_rand_method(void)
{
    RUN_ONCE(&crypto_once_tpm2_init,  Do_Whatever_Needs_Done_For_TPM2);

More information about the openssl-users mailing list