Replace libcrypto RAND_ with our own to avoid valgrind errors.

main.cpp

@@ -34,7 +34,9 @@
 #include <stdexcept>
 #include <iostream>
 
-#ifdef _WIN32
+#include "node/Constants.hpp"
+
+#ifdef __WINDOWS__
 #include <Windows.h>
 #else
 #include <unistd.h>
@@ -44,6 +46,8 @@
 #include <signal.h>
 #endif
 
+#include <openssl/rand.h>
+
 #include "node/Node.hpp"
 #include "node/Utils.hpp"
 
@@ -51,6 +55,36 @@
 
 using namespace ZeroTier;
 
+// ---------------------------------------------------------------------------
+// Override libcrypto default RAND_ with Utils::getSecureRandom(), which uses
+// a system strong random source. This is because OpenSSL libcrypto's default
+// RAND_ implementation uses uninitialized memory as one of its entropy
+// sources, which plays havoc with all kinds of debuggers and auditing tools.
+
+static void _zeroTier_rand_cleanup() {}
+static void _zeroTier_rand_add(const void *buf, int num, double add_entropy) {}
+static int _zeroTier_rand_status() { return 1; }
+static void _zeroTier_rand_seed(const void *buf, int num) {}
+static int _zeroTier_rand_bytes(unsigned char *buf, int num)
+{
+	Utils::getSecureRandom(buf,num);
+	return 1;
+}
+static RAND_METHOD _zeroTierRandMethod = {
+	_zeroTier_rand_seed,
+	_zeroTier_rand_bytes,
+	_zeroTier_rand_cleanup,
+	_zeroTier_rand_add,
+	_zeroTier_rand_bytes,
+	_zeroTier_rand_status
+};
+static void _initLibCrypto()
+{
+	RAND_set_rand_method(&_zeroTierRandMethod);
+}
+
+// ---------------------------------------------------------------------------
+
 static Node *node = (Node *)0;
 
 static void printHelp(const char *cn,FILE *out)
@@ -81,6 +115,8 @@ int main(int argc,char **argv)
 	signal(SIGQUIT,&sighandlerQuit);
 #endif
 
+	_initLibCrypto();
+
 	if (argc < 2) {
 		printHelp(argv[0],stderr);
 		return ZT_EXEC_RETURN_VALUE_NORMAL_TERMINATION;

node/Node.cpp

@@ -37,16 +37,6 @@
 #include <vector>
 #include <string>
 
-#ifdef _WIN32
-#include <Windows.h>
-#else
-#include <fcntl.h>
-#include <unistd.h>
-#include <signal.h>
-#include <sys/file.h>
-#include <sys/stat.h>
-#endif
-
 #include "Condition.hpp"
 #include "Node.hpp"
 #include "Topology.hpp"
@@ -71,6 +61,16 @@
 #include "CMWC4096.hpp"
 #include "Service.hpp"
 
+#ifdef __WINDOWS__
+#include <Windows.h>
+#else
+#include <fcntl.h>
+#include <unistd.h>
+#include <signal.h>
+#include <sys/file.h>
+#include <sys/stat.h>
+#endif
+
 #include "../version.h"
 
 namespace ZeroTier {

selftest.cpp

@@ -47,8 +47,40 @@
 #include "node/NodeConfig.hpp"
 #include "node/Dictionary.hpp"
 
+#include <openssl/rand.h>
+
 using namespace ZeroTier;
 
+// ---------------------------------------------------------------------------
+// Override libcrypto default RAND_ with Utils::getSecureRandom(), which uses
+// a system strong random source. This is because OpenSSL libcrypto's default
+// RAND_ implementation uses uninitialized memory as one of its entropy
+// sources, which plays havoc with all kinds of debuggers and auditing tools.
+
+static void _zeroTier_rand_cleanup() {}
+static void _zeroTier_rand_add(const void *buf, int num, double add_entropy) {}
+static int _zeroTier_rand_status() { return 1; }
+static void _zeroTier_rand_seed(const void *buf, int num) {}
+static int _zeroTier_rand_bytes(unsigned char *buf, int num)
+{
+	Utils::getSecureRandom(buf,num);
+	return 1;
+}
+static RAND_METHOD _zeroTierRandMethod = {
+	_zeroTier_rand_seed,
+	_zeroTier_rand_bytes,
+	_zeroTier_rand_cleanup,
+	_zeroTier_rand_add,
+	_zeroTier_rand_bytes,
+	_zeroTier_rand_status
+};
+static void _initLibCrypto()
+{
+	RAND_set_rand_method(&_zeroTierRandMethod);
+}
+
+// ---------------------------------------------------------------------------
+
 static unsigned char fuzzbuf[1048576];
 
 static const char *hmacShaTV0Key = "key";
@@ -332,6 +364,7 @@ int main(int argc,char **argv)
 {
 	int r = 0;
 
+	_initLibCrypto();
 	srand(time(0));
 
 	r |= testCrypto();