Hello Jenkins Builder,
I'd like you to reexamine a change. Please visit
https://gerrit.osmocom.org/4593
to look at the new patch set (#3).
Enable GnuTLS fallback
On systems with GNU/Linux kernel older than 3.17 (Debian 8 "jessie" for
example) the osmo_get_rand_id() would always return failure due to
missing getrandom() syscall.
To support such systems, let's add fallback code which uses GnuTLS
library. It can be disabled explicitly via '--disable-gnutls' option at
compile-time, otherwise ./configure will fail if both getrandom() and
GnuTLS are not available.
N. B: the fallback is purely compile-time - the syscall and GnuTLS
availability is checked at compile-time and appropriate code is compiled
in. There's no runtime check.
Related: OS#1694
Change-Id: Ic77866ce65acf524b768882c751a4f9c0635740b
---
M configure.ac
M src/gsm/Makefile.am
M src/gsm/gsm_utils.c
3 files changed, 43 insertions(+), 0 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/93/4593/3
diff --git a/configure.ac b/configure.ac
index d9390cf..cf5a3c1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -130,6 +130,20 @@
AM_CONDITIONAL(ENABLE_PCSC, test "x$ENABLE_PCSC" = "xyes")
AC_SUBST(ENABLE_PCSC)
+AC_ARG_ENABLE([gnutls], [AS_HELP_STRING([--disable-gnutls], [Do not use GnuTLS
fallback for missing getrandom()])],
+ [ENABLE_GNUTLS=$enableval], [ENABLE_GNUTLS="yes"])
+AM_CONDITIONAL(ENABLE_GNUTLS, test x"$ENABLE_GNUTLS" = x"yes")
+AS_IF([test "x$ENABLE_GNUTLS" = "xyes"], [
+ PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 2.12.0])
+])
+AC_SUBST(ENABLE_GNUTLS)
+if test x"$ENABLE_GNUTLS" = x"yes"
+then
+ AC_SUBST([LIBGNUTLS_CFLAGS])
+ AC_SUBST([LIBGNUTLS_LIBS])
+ AC_DEFINE([USE_GNUTLS], [1], [Use GnuTLS as a fallback for missing
getrandom()])
+fi
+
AC_ARG_ENABLE(plugin,
[AS_HELP_STRING(
[--disable-plugin],
@@ -228,6 +242,7 @@
AM_CONDITIONAL(ENABLE_PLUGIN, false)
AM_CONDITIONAL(ENABLE_MSGFILE, false)
AM_CONDITIONAL(ENABLE_SERIAL, false)
+ AM_CONDITIONAL(ENABLE_GNUTLS, false)
AM_CONDITIONAL(ENABLE_VTY, false)
AM_CONDITIONAL(ENABLE_CTRL, false)
AM_CONDITIONAL(ENABLE_UTILITIES, false)
diff --git a/src/gsm/Makefile.am b/src/gsm/Makefile.am
index 4476971..12f56db 100644
--- a/src/gsm/Makefile.am
+++ b/src/gsm/Makefile.am
@@ -38,6 +38,11 @@
libosmogsm_la_LDFLAGS = $(LTLDFLAGS_OSMOGSM) -version-info $(LIBVERSION)
-no-undefined
libosmogsm_la_LIBADD = libgsmint.la $(TALLOC_LIBS)
+if ENABLE_GNUTLS
+AM_CPPFLAGS += $(LIBGNUTLS_CFLAGS)
+libosmogsm_la_LIBADD += $(LIBGNUTLS_LIBS)
+endif
+
EXTRA_DIST = libosmogsm.map
# Convolutional codes generation
diff --git a/src/gsm/gsm_utils.c b/src/gsm/gsm_utils.c
index e3f792e..627c79a 100644
--- a/src/gsm/gsm_utils.c
+++ b/src/gsm/gsm_utils.c
@@ -104,6 +104,10 @@
#ifndef GRND_NONBLOCK
#define GRND_NONBLOCK 0x0001
#endif
+#elif (USE_GNUTLS)
+#pragma message ("Secure random unavailable: including GnuTLS.")
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
#endif
/* ETSI GSM 03.38 6.2.1 and 6.2.1.1 default alphabet
@@ -415,14 +419,33 @@
if (len > OSMO_MAX_RAND_ID_LEN)
return -E2BIG;
+ /* The conditional compile below is necessary to support legacy systems:
+ 1) On systems with recent enough glibc (>= 2.25) we use it and the
rest is not compiled in
+ 2) On systems with old glibc but with recent enough kernel (>=3.17) we
use syscall directly
+ 3) On systems with older kernel we check for GnuTLS fallback
availability
+ 3a) If it's available at compile time - use it
+ 3b) Otherwise just return failure
+ FIXME:
+ * Once we do not have to support old kernels, 3a can be removed
+ * Once we do not have to support old glibc, 2 and 3 can be removed */
#if defined(__GLIBC__) && (__GLIBC__ >= 2) && (__GLIBC_MINOR__ >= 25)
+ /* 1) "main" branch (i. e. <if>) of conditional compile ifdef: use
glibc */
rc = getrandom(out, len, GRND_NONBLOCK);
#elif HAVE_DECL_SYS_GETRANDOM
+ /* 2) "alternative" branch (i. e. <else if>) of conditional compile
ifdef: use syscall */
#pragma message ("Using direct syscall access for getrandom(): consider
upgrading to glibc >= 2.25")
/* FIXME: this can be removed once we bump glibc requirements to 2.25:
*/
rc = syscall(SYS_getrandom, out, len, GRND_NONBLOCK);
#else
+ /* 3) "final" branch (i. e. <else>) of conditional compile ifdef: use
fallback (if available) */
+#if (USE_GNUTLS)
+#pragma message ("Secure random unavailable: using GnuTLS fallback.")
+ /* 3a) GnuTLS is available - use it as fallback */
+ return gnutls_rnd(GNUTLS_RND_RANDOM, out, len);
+#else
#pragma message ("Secure random unavailable: calls to osmo_get_rand_id() will
always fail!")
+#endif
+ /* 3b) All other options exhausted - fail. */
return -ENOTSUP;
#endif
/* getrandom() failed entirely: */
--
To view, visit https://gerrit.osmocom.org/4593
To unsubscribe, visit https://gerrit.osmocom.org/settings
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Ic77866ce65acf524b768882c751a4f9c0635740b
Gerrit-PatchSet: 3
Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Owner: Max <msur...@sysmocom.de>
Gerrit-Reviewer: Harald Welte <lafo...@gnumonks.org>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: Max <msur...@sysmocom.de>
