Migrate from OpenSSL to osmo_get_rand_id()

Drop OpenSSL/libcrypto dependency, use osmo_get_rand_id() instead.

Backport
osmo-msc 753c15de2f00e24f76ac9b01a20e1e2ff0f86ce2
= I71cd631704a4dc155c6c752fee2a42cd6e2fa336
"
	Migrate from OpenSSL to osmo_get_rand_id()

	This avoids potential licensing incompatibility and makes integration of
	Debian packaging patches easier.
"

Apply similar changes in bsc-nat, mm_auth_test etc.

Tested manually with osmo-nitb and sysmoBTS, and verified that Authentication
Requests send heterogenous RAND tokens.

Related: OS#1694
Change-Id: I81ebd55c7c90a436c5f2090e6790d78b773d2c92

4 files changed, 12 insertions, 15 deletions

diff --git a/openbsc/src/libmsc/Makefile.am b/openbsc/src/libmsc/Makefile.am
index c219a35d9..f746f82f5 100644
--- a/openbsc/src/libmsc/Makefile.am
+++ b/openbsc/src/libmsc/Makefile.am
@@ -10,7 +10,6 @@ AM_CFLAGS = \
 	$(LIBOSMOVTY_CFLAGS) \
 	$(LIBOSMOABIS_CFLAGS) \
 	$(COVERAGE_CFLAGS) \
-	$(LIBCRYPTO_CFLAGS) \
 	$(LIBSMPP34_CFLAGS) \
 	$(NULL)
 
diff --git a/openbsc/src/libmsc/auth.c b/openbsc/src/libmsc/auth.c
index 8c8af11c6..85477a34c 100644
--- a/openbsc/src/libmsc/auth.c
+++ b/openbsc/src/libmsc/auth.c
@@ -29,8 +29,6 @@
 #include <osmocom/gsm/comp128.h>
 #include <osmocom/core/utils.h>
 
-#include <openssl/rand.h>
-
 #include <stdlib.h>
 
 const struct value_string auth_action_names[] = {
@@ -141,8 +139,10 @@ int auth_get_tuple_for_subscr(struct gsm_auth_tuple *atuple,
 	}
 	atuple->use_count = 1;
 
-	if (RAND_bytes(atuple->vec.rand, sizeof(atuple->vec.rand)) != 1) {
-		LOGP(DMM, LOGL_NOTICE, "RAND_bytes failed, can't generate new auth tuple\n");
+	rc = osmo_get_rand_id(atuple->vec.rand, sizeof(atuple->vec.rand));
+	if (rc < 0) {
+		LOGP(DMM, LOGL_NOTICE, "osmo_get_rand_id failed, can't generate new auth tuple: %s\n",
+		     strerror(-rc));
 		return AUTH_ERROR;
 	}
 
diff --git a/openbsc/src/libmsc/db.c b/openbsc/src/libmsc/db.c
index 15e7fd4d1..0b61b4f07 100644
--- a/openbsc/src/libmsc/db.c
+++ b/openbsc/src/libmsc/db.c
@@ -41,8 +41,6 @@
 #include <osmocom/core/rate_ctr.h>
 #include <osmocom/core/utils.h>
 
-#include <openssl/rand.h>
-
 /* Semi-Private-Interface (SPI) for the subscriber code */
 void subscr_direct_free(struct gsm_subscriber *subscr);
 
@@ -1378,8 +1376,9 @@ int db_subscriber_alloc_tmsi(struct gsm_subscriber *subscriber)
 	char *tmsi_quoted;
 
 	for (;;) {
-		if (RAND_bytes((uint8_t *) &subscriber->tmsi, sizeof(subscriber->tmsi)) != 1) {
-			LOGP(DDB, LOGL_ERROR, "RAND_bytes failed\n");
+		int rc = osmo_get_rand_id((uint8_t *) &subscriber->tmsi, sizeof(subscriber->tmsi));
+		if (rc < 0) {
+			LOGP(DDB, LOGL_ERROR, "osmo_get_rand_id() failed: %s\n", strerror(-rc));
 			return 1;
 		}
 		if (subscriber->tmsi == GSM_RESERVED_TMSI)
@@ -1458,8 +1457,9 @@ int db_subscriber_alloc_token(struct gsm_subscriber *subscriber, uint32_t *token
 	uint32_t try;
 
 	for (;;) {
-		if (RAND_bytes((uint8_t *) &try, sizeof(try)) != 1) {
-			LOGP(DDB, LOGL_ERROR, "RAND_bytes failed\n");
+		int rc = osmo_get_rand_id((uint8_t *) &try, sizeof(try));
+		if (rc < 0) {
+			LOGP(DDB, LOGL_ERROR, "osmo_get_rand_id() failed: %s\n", strerror(-rc));
 			return 1;
 		}
 		if (!try) /* 0 is an invalid token */
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat.c b/openbsc/src/osmo-bsc_nat/bsc_nat.c
index daa066d05..f83abe130 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_nat.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_nat.c
@@ -74,8 +74,6 @@
 
 #include <osmocom/abis/ipa.h>
 
-#include <openssl/rand.h>
-
 #include "../../bscconfig.h"
 
 #define SCCP_CLOSE_TIME 20
@@ -221,7 +219,7 @@ static void send_id_req(struct bsc_nat *nat, struct bsc_connection *bsc)
 	buf = v_put(buf, 0x23);
 	mrand = bsc->last_rand;
 
-	if (RAND_bytes(mrand, 16) != 1)
+	if (osmo_get_rand_id(mrand, 16) < 0)
 		goto failed_random;
 
 	memcpy(buf, mrand, 16);
@@ -232,7 +230,7 @@ static void send_id_req(struct bsc_nat *nat, struct bsc_connection *bsc)
 
 failed_random:
 	/* the timeout will trigger and close this connection */
-	LOGP(DNAT, LOGL_ERROR, "Failed to read from urandom.\n");
+	LOGP(DNAT, LOGL_ERROR, "osmo_get_rand_id() failed.\n");
 	return;
 }