From fce6971fe3673e8269414188fda0ce3b28b5cf03 Mon Sep 17 00:00:00 2001
From: Holger Hans Peter Freyther <holger@moiji-mobile.com>
Date: Mon, 8 Jun 2015 11:56:59 +0200
Subject: nat: Provide access to /dev/urandom for the code

Instead of doing open/read/close all the time, open the
FD in the beginning and keep it open. To scare me even
more I have seen /dev/urandom actually providing a short
read and then blocking but it seems to be the best way
to get the random byes we need for authentication.

So one should/could run the cheap random generator on
the system (e.g. haveged) or deal with the NAT process
to block.
---
 openbsc/src/osmo-bsc_nat/bsc_nat.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'openbsc/src/osmo-bsc_nat')

diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat.c b/openbsc/src/osmo-bsc_nat/bsc_nat.c
index 841262c5a..82562ba17 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_nat.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_nat.c
@@ -21,6 +21,8 @@
  *
  */
 #include <sys/socket.h>
+#include <sys/types.h>
+#include <sys/stat.h>
 #include <netinet/in.h>
 #include <netinet/tcp.h>
 #include <arpa/inet.h>
@@ -31,6 +33,7 @@
 #include <stdlib.h>
 #include <time.h>
 #include <unistd.h>
+#include <fcntl.h>
 
 #define _GNU_SOURCE
 #include <getopt.h>
@@ -1534,6 +1537,12 @@ int main(int argc, char **argv)
 	/* We need to add mode-set for amr codecs */
 	nat->sdp_ensure_amr_mode_set = 1;
 
+	nat->random_fd = open("/dev/random", O_RDONLY);
+	if (nat->random_fd < 0) {
+		fprintf(stderr, "Failed to open /dev/urandom.\n");
+		return -5;
+	}
+
 	vty_info.copyright = openbsc_copyright;
 	vty_init(&vty_info);
 	logging_vty_add_cmds(&log_info);
-- 
cgit v1.2.3