There is a typo in the commit message: > - not needed for 5.3 - we do it in here in the core for all processes
It should be "not needed in git master - we do it here in the core for all processes". Cheers, Henning -- Henning Westerholt - https://skalatan.de/blog/ Kamailio services - https://skalatan.de/services -----Original Message----- From: sr-dev <sr-dev-boun...@lists.kamailio.org> On Behalf Of Henning Westerholt Sent: Wednesday, October 9, 2019 5:01 PM To: sr-dev@lists.kamailio.org Subject: [sr-dev] git:5.3:21e0fba6: tls: add initial seeding to cryptorand generator, as we don't do it in core Module: kamailio Branch: 5.3 Commit: 21e0fba6adb9e77e91ea83ed79b13621df556e1e URL: https://github.com/kamailio/kamailio/commit/21e0fba6adb9e77e91ea83ed79b13621df556e1e Author: Henning Westerholt <h...@skalatan.de> Committer: Henning Westerholt <h...@skalatan.de> Date: 2019-10-09T16:56:31+02:00 tls: add initial seeding to cryptorand generator, as we don't do it in core - add initial seeding to cryptorand generator initialization to main proces - only as additional fallback in case of no access to system entropy sources - not needed for 5.3 - we do it in here in the core for all processes --- Modified: src/modules/tls/tls_mod.c Modified: src/modules/tls/tls_rand.c Modified: src/modules/tls/tls_rand.h --- Diff: https://github.com/kamailio/kamailio/commit/21e0fba6adb9e77e91ea83ed79b13621df556e1e.diff Patch: https://github.com/kamailio/kamailio/commit/21e0fba6adb9e77e91ea83ed79b13621df556e1e.patch --- diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index 424fad8a08..eaa9593a31 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -567,6 +567,7 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2) #if OPENSSL_VERSION_NUMBER >= 0x10100000L LM_DBG("setting cryptorand random engine\n"); + ksr_cryptorand_seed_init(); RAND_set_rand_method(RAND_ksr_cryptorand_method()); #endif diff --git a/src/modules/tls/tls_rand.c b/src/modules/tls/tls_rand.c index 3cb2e8a712..14c0321c04 100644 --- a/src/modules/tls/tls_rand.c +++ b/src/modules/tls/tls_rand.c @@ -171,4 +171,19 @@ const RAND_METHOD *RAND_ksr_cryptorand_method(void) return &_ksr_cryptorand_method; } +/* seed the generator during startup, internally it will also use +system entropy */ void ksr_cryptorand_seed_init() { + u_int8_t bytes[4]; + unsigned int seed; + + seed = fastrand(); + bytes[0] = (seed >> 24) & 0xFF; + bytes[1] = (seed >> 16) & 0xFF; + bytes[2] = (seed >> 8) & 0xFF; + bytes[3] = seed & 0xFF; + + LM_DBG("seeding cryptorand generator with %u\n", seed); + sr_add_entropy(bytes, 4); +} + #endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */ diff --git a/src/modules/tls/tls_rand.h b/src/modules/tls/tls_rand.h index c73d36b8d9..2b61e3b2ed 100644 --- a/src/modules/tls/tls_rand.h +++ b/src/modules/tls/tls_rand.h @@ -29,5 +29,7 @@ const RAND_METHOD *RAND_ksr_krand_method(void); const RAND_METHOD *RAND_ksr_fastrand_method(void); const RAND_METHOD *RAND_ksr_cryptorand_method(void); +void ksr_cryptorand_seed_init(); + #endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */ #endif _______________________________________________ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev _______________________________________________ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
