Review at https://gerrit.osmocom.org/3821
Migrate from OpenSSL to osmo_get_rand_id()
This avoids potential licensing incompatibility and makes integration of
Debian packaging patches easier.
Related: OS#1694
Change-Id: I2b687b7f07ef05bbd861b8479cad5a958a3dde92
---
M configure.ac
M debian/control
M src/gprs/Makefile.am
M src/gprs/gb_proxy.c
M src/gprs/gprs_gmm.c
M src/gprs/gprs_llc.c
M src/gprs/gprs_sgsn.c
M tests/gbproxy/Makefile.am
M tests/gbproxy/gbproxy_test.c
M tests/sgsn/Makefile.am
M tests/sgsn/sgsn_test.c
M tests/sndcp_xid/Makefile.am
M tests/xid/Makefile.am
13 files changed, 32 insertions(+), 58 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-sgsn refs/changes/21/3821/1
diff --git a/configure.ac b/configure.ac
index a90a6ca..ff32d91 100644
--- a/configure.ac
+++ b/configure.ac
@@ -47,7 +47,6 @@
PKG_CHECK_MODULES(LIBOSMOGB, libosmogb >= 0.6.4)
PKG_CHECK_MODULES(LIBOSMONETIF, libosmo-netif >= 0.0.1)
PKG_CHECK_MODULES(LIBOSMOSIGTRAN, libosmo-sigtran) # TODO version?
-PKG_CHECK_MODULES(LIBCRYPTO, libcrypto >= 0.9.5)
# Enable/disable 3G aka IuPS + IuCS support?
AC_ARG_ENABLE([iu], [AS_HELP_STRING([--enable-iu], [Build 3G support, aka IuPS
and IuCS interfaces])],
diff --git a/debian/control b/debian/control
index 16fd244..2e50a79 100644
--- a/debian/control
+++ b/debian/control
@@ -9,7 +9,6 @@
automake,
libtool,
pkg-config,
- libssl-dev,
libtalloc-dev,
libc-ares-dev,
libgtp-dev,
diff --git a/src/gprs/Makefile.am b/src/gprs/Makefile.am
index 654604b..0a88c01 100644
--- a/src/gprs/Makefile.am
+++ b/src/gprs/Makefile.am
@@ -15,7 +15,6 @@
$(LIBOSMOGB_CFLAGS) \
$(COVERAGE_CFLAGS) \
$(LIBCARES_CFLAGS) \
- $(LIBCRYPTO_CFLAGS) \
$(LIBGTP_CFLAGS) \
$(NULL)
if BUILD_IU
@@ -63,7 +62,6 @@
$(NULL)
osmo_gbproxy_LDADD = \
$(OSMO_LIBS) \
- $(LIBCRYPTO_LIBS) \
-lrt \
$(NULL)
@@ -99,7 +97,6 @@
$(OSMO_LIBS) \
$(LIBOSMOABIS_LIBS) \
$(LIBCARES_LIBS) \
- $(LIBCRYPTO_LIBS) \
$(LIBGTP_LIBS) \
-lrt \
-lm \
diff --git a/src/gprs/gb_proxy.c b/src/gprs/gb_proxy.c
index d288cb3..10a6f1d 100644
--- a/src/gprs/gb_proxy.c
+++ b/src/gprs/gb_proxy.c
@@ -50,8 +50,6 @@
#include <osmocom/gsm/protocol/gsm_04_08_gprs.h>
#include <openbsc/gprs_utils.h>
-#include <openssl/rand.h>
-
extern void *tall_bsc_ctx;
static const struct rate_ctr_desc global_ctr_description[] = {
@@ -237,7 +235,7 @@
bss_ptmsi = sgsn_ptmsi;
} else {
do {
- if (RAND_bytes((uint8_t *) &bss_ptmsi,
sizeof(bss_ptmsi)) != 1) {
+ if (osmo_get_rand_id((uint8_t *) &bss_ptmsi,
sizeof(bss_ptmsi)) < 0) {
bss_ptmsi = GSM_RESERVED_TMSI;
break;
}
@@ -274,7 +272,7 @@
} else {
do {
/* create random TLLI, 0b01111xxx... */
- if (RAND_bytes((uint8_t *) &sgsn_tlli,
sizeof(sgsn_tlli)) != 1) {
+ if (osmo_get_rand_id((uint8_t *) &sgsn_tlli,
sizeof(sgsn_tlli)) < 0) {
sgsn_tlli = 0;
break;
}
diff --git a/src/gprs/gprs_gmm.c b/src/gprs/gprs_gmm.c
index 7301bf1..4b46125 100644
--- a/src/gprs/gprs_gmm.c
+++ b/src/gprs/gprs_gmm.c
@@ -31,8 +31,6 @@
#include <arpa/inet.h>
#include <netdb.h>
-#include <openssl/rand.h>
-
#include "bscconfig.h"
#include <osmocom/core/msgb.h>
@@ -608,12 +606,10 @@
/* § 10.5.5.7: */
acreq->force_stby = force_standby;
/* 3GPP TS 24.008 § 10.5.5.19: */
- if (RAND_bytes(&rbyte, 1) != 1) {
- LOGP(DMM, LOGL_NOTICE, "RAND_bytes failed for A&C ref, falling "
- "back to rand()\n");
- acreq->ac_ref_nr = rand();
- } else
- acreq->ac_ref_nr = rbyte;
+ if (osmo_get_rand_id(&rbyte, 1) < 0)
+ LOGP(DMM, LOGL_ERROR, "osmo_get_rand_id() failed for A&C ref,
falling back to insecure random\n");
+
+ acreq->ac_ref_nr = rbyte;
mm->ac_ref_nr_used = acreq->ac_ref_nr;
/* Only if authentication is requested we need to set RAND + CKSN */
diff --git a/src/gprs/gprs_llc.c b/src/gprs/gprs_llc.c
index 904ec7e..932f223 100644
--- a/src/gprs/gprs_llc.c
+++ b/src/gprs/gprs_llc.c
@@ -23,8 +23,6 @@
#include <stdint.h>
#include <stdbool.h>
-#include <openssl/rand.h>
-
#include <osmocom/core/msgb.h>
#include <osmocom/core/linuxlist.h>
#include <osmocom/core/timer.h>
@@ -1069,11 +1067,8 @@
uint8_t *xid;
LOGP(DLLC, LOGL_NOTICE, "LLGM Reset\n");
- if (RAND_bytes((uint8_t *) &llme->iov_ui, 4) != 1) {
- LOGP(DLLC, LOGL_NOTICE, "RAND_bytes failed for LLC XID reset, "
- "falling back to rand()\n");
- llme->iov_ui = rand();
- }
+ if (osmo_get_rand_id((uint8_t *) &llme->iov_ui, 4) < 0)
+ LOGP(DLLC, LOGL_ERROR, "osmo_get_rand_id() failed for LLC XID
reset, falling back to insecure random\n");
/* Generate XID message */
xid_bytes_len = gprs_llc_generate_xid_for_gmm_reset(xid_bytes,
@@ -1102,11 +1097,9 @@
uint8_t *xid;
LOGP(DLLC, LOGL_NOTICE, "LLGM Reset\n");
- if (RAND_bytes((uint8_t *) &llme->iov_ui, 4) != 1) {
- LOGP(DLLC, LOGL_NOTICE, "RAND_bytes failed for LLC XID reset, "
- "falling back to rand()\n");
- llme->iov_ui = rand();
- }
+
+ if (osmo_get_rand_id((uint8_t *) &llme->iov_ui, 4) < 0)
+ LOGP(DLLC, LOGL_ERROR, "osmo_get_rand_id() failed for LLC XID
reset, falling back to insecure random\n");
/* Generate XID message */
xid_bytes_len = gprs_llc_generate_xid_for_gmm_reset(xid_bytes,
diff --git a/src/gprs/gprs_sgsn.c b/src/gprs/gprs_sgsn.c
index 560485d..98fb3b0 100644
--- a/src/gprs/gprs_sgsn.c
+++ b/src/gprs/gprs_sgsn.c
@@ -46,8 +46,6 @@
#include <time.h>
-#include <openssl/rand.h>
-
#include "../../bscconfig.h"
#if BUILD_IU
@@ -644,7 +642,7 @@
int max_retries = 100;
restart:
- if (RAND_bytes((uint8_t *) &ptmsi, sizeof(ptmsi)) != 1)
+ if (osmo_get_rand_id((uint8_t *) &ptmsi, sizeof(ptmsi)) < 0)
goto failed;
/* Enforce that the 2 MSB are set without loosing the distance between
diff --git a/tests/gbproxy/Makefile.am b/tests/gbproxy/Makefile.am
index 3291839..ef38fb6 100644
--- a/tests/gbproxy/Makefile.am
+++ b/tests/gbproxy/Makefile.am
@@ -28,7 +28,7 @@
$(NULL)
gbproxy_test_LDFLAGS = \
- -Wl,--wrap=RAND_bytes \
+ -Wl,--wrap=osmo_get_rand_id \
$(NULL)
gbproxy_test_LDADD = \
@@ -46,6 +46,5 @@
$(LIBOSMOVTY_LIBS) \
$(LIBOSMOABIS_LIBS) \
$(LIBRARY_DL) \
- $(LIBCRYPTO_LIBS) \
-lrt \
$(NULL)
diff --git a/tests/gbproxy/gbproxy_test.c b/tests/gbproxy/gbproxy_test.c
index 9672dcb..ebf04e6 100644
--- a/tests/gbproxy/gbproxy_test.c
+++ b/tests/gbproxy/gbproxy_test.c
@@ -37,8 +37,6 @@
#include <openbsc/gprs_gb_parse.h>
#include <openbsc/debug.h>
-#include <openssl/rand.h>
-
#define REMOTE_BSS_ADDR 0x01020304
#define REMOTE_SGSN_ADDR 0x05060708
@@ -55,24 +53,24 @@
struct llist_head *received_messages = NULL;
-/* override, requires '-Wl,--wrap=RAND_bytes' */
-int __real_RAND_bytes(unsigned char *buf, int num);
-int mock_RAND_bytes(unsigned char *buf, int num);
-int (*RAND_bytes_cb)(unsigned char *, int) =
- &mock_RAND_bytes;
+/* override, requires '-Wl,--wrap=osmo_get_rand_id' */
+int __real_osmo_get_rand_id(uint8_t *data, size_t len);
+int mock_osmo_get_rand_id(uint8_t *data, size_t len);
+int (*osmo_get_rand_id_cb)(uint8_t *, size_t) =
+ &mock_osmo_get_rand_id;
-int __wrap_RAND_bytes(unsigned char *buf, int num)
+int __wrap_osmo_get_rand_id(uint8_t *buf, size_t num)
{
- return (*RAND_bytes_cb)(buf, num);
+ return (*osmo_get_rand_id_cb)(buf, num);
}
static int rand_seq_num = 0;
-int mock_RAND_bytes(unsigned char *buf, int num)
+int mock_osmo_get_rand_id(uint8_t *buf, size_t num)
{
uint32_t val;
OSMO_ASSERT(num == sizeof(val));
- OSMO_ASSERT(__real_RAND_bytes(buf, num) == 1);
+ OSMO_ASSERT(__real_osmo_get_rand_id(buf, num) == 1);
val = 0x00dead00 + rand_seq_num;
diff --git a/tests/sgsn/Makefile.am b/tests/sgsn/Makefile.am
index 36026dd..802811d 100644
--- a/tests/sgsn/Makefile.am
+++ b/tests/sgsn/Makefile.am
@@ -32,7 +32,7 @@
$(NULL)
sgsn_test_LDFLAGS = \
- -Wl,--wrap=RAND_bytes \
+ -Wl,--wrap=osmo_get_rand_id \
-Wl,--wrap=sgsn_update_subscriber_data \
-Wl,--wrap=gprs_subscr_request_update_location \
-Wl,--wrap=gprs_subscr_request_auth_info \
@@ -67,7 +67,6 @@
$(LIBOSMOGSM_LIBS) \
$(LIBOSMOGB_LIBS) \
$(LIBCARES_LIBS) \
- $(LIBCRYPTO_LIBS) \
$(LIBGTP_LIBS) \
-lrt \
-lm \
diff --git a/tests/sgsn/sgsn_test.c b/tests/sgsn/sgsn_test.c
index d66c5dd..5bf82ff 100644
--- a/tests/sgsn/sgsn_test.c
+++ b/tests/sgsn/sgsn_test.c
@@ -100,21 +100,21 @@
return 0;
}
-/* override, requires '-Wl,--wrap=RAND_bytes' */
-int __real_RAND_bytes(unsigned char *buf, int num);
-int mock_RAND_bytes(unsigned char *buf, int num);
-int (*RAND_bytes_cb)(unsigned char *, int) =
- &mock_RAND_bytes;
+/* override, requires '-Wl,--wrap=osmo_get_rand_id' */
+int __real_osmo_get_rand_id(uint8_t *data, size_t len);
+int mock_osmo_get_rand_id(uint8_t *data, size_t len);
+int (*osmo_get_rand_id_cb)(uint8_t *, size_t) =
+ &mock_osmo_get_rand_id;
-int __wrap_RAND_bytes(unsigned char *buf, int num)
+int __wrap_osmo_get_rand_id(uint8_t *buf, size_t num)
{
- return (*RAND_bytes_cb)(buf, num);
+ return (*osmo_get_rand_id_cb)(buf, num);
}
/* make results of A&C ref predictable */
-int mock_RAND_bytes(unsigned char *buf, int num)
+int mock_osmo_get_rand_id(uint8_t *buf, size_t num)
{
if (num > 1)
- return __real_RAND_bytes(buf, num);
+ return __real_osmo_get_rand_id(buf, num);
buf[0] = 0;
return 1;
}
diff --git a/tests/sndcp_xid/Makefile.am b/tests/sndcp_xid/Makefile.am
index d09c41b..fbcb36c 100644
--- a/tests/sndcp_xid/Makefile.am
+++ b/tests/sndcp_xid/Makefile.am
@@ -14,7 +14,6 @@
$(LIBOSMOGSM_LIBS) \
$(LIBOSMOGB_LIBS) \
$(LIBCARES_LIBS) \
- $(LIBCRYPTO_LIBS) \
$(LIBGTP_LIBS) \
-lrt -lm
diff --git a/tests/xid/Makefile.am b/tests/xid/Makefile.am
index 6c3689f..92876ec 100644
--- a/tests/xid/Makefile.am
+++ b/tests/xid/Makefile.am
@@ -30,7 +30,6 @@
$(LIBOSMOGSM_LIBS) \
$(LIBOSMOGB_LIBS) \
$(LIBCARES_LIBS) \
- $(LIBCRYPTO_LIBS) \
$(LIBGTP_LIBS) \
-lrt \
-lm \
--
To view, visit https://gerrit.osmocom.org/3821
To unsubscribe, visit https://gerrit.osmocom.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I2b687b7f07ef05bbd861b8479cad5a958a3dde92
Gerrit-PatchSet: 1
Gerrit-Project: osmo-sgsn
Gerrit-Branch: master
Gerrit-Owner: Max <[email protected]>
