diff options
author | Neels Hofmeyr <neels@hofmeyr.de> | 2018-03-29 23:16:43 +0200 |
---|---|---|
committer | Neels Hofmeyr <neels@hofmeyr.de> | 2018-03-29 23:56:13 +0200 |
commit | 801cd7acc62460a55389f0093558c32c967854d9 (patch) | |
tree | d81c45c9e17318595a39451441d7ad985f2094a1 /openbsc | |
parent | c6382b5e0b4790d15681e89f704465160b9aef1d (diff) |
Migrate from OpenSSL to osmo_get_rand_id()
Drop OpenSSL/libcrypto dependency, use osmo_get_rand_id() instead.
Backport
osmo-msc 753c15de2f00e24f76ac9b01a20e1e2ff0f86ce2
= I71cd631704a4dc155c6c752fee2a42cd6e2fa336
"
Migrate from OpenSSL to osmo_get_rand_id()
This avoids potential licensing incompatibility and makes integration of
Debian packaging patches easier.
"
Apply similar changes in bsc-nat, mm_auth_test etc.
Tested manually with osmo-nitb and sysmoBTS, and verified that Authentication
Requests send heterogenous RAND tokens.
Related: OS#1694
Change-Id: I81ebd55c7c90a436c5f2090e6790d78b773d2c92
Diffstat (limited to 'openbsc')
-rw-r--r-- | openbsc/configure.ac | 1 | ||||
-rw-r--r-- | openbsc/src/libmsc/Makefile.am | 1 | ||||
-rw-r--r-- | openbsc/src/libmsc/auth.c | 8 | ||||
-rw-r--r-- | openbsc/src/libmsc/db.c | 12 | ||||
-rw-r--r-- | openbsc/src/osmo-bsc_nat/bsc_nat.c | 6 | ||||
-rw-r--r-- | openbsc/tests/db/Makefile.am | 1 | ||||
-rw-r--r-- | openbsc/tests/mm_auth/mm_auth_test.c | 2 |
7 files changed, 13 insertions, 18 deletions
diff --git a/openbsc/configure.ac b/openbsc/configure.ac index a0df05f62..7183fda48 100644 --- a/openbsc/configure.ac +++ b/openbsc/configure.ac @@ -46,7 +46,6 @@ PKG_CHECK_MODULES(LIBOSMOGSM, libosmogsm >= 0.9.5) PKG_CHECK_MODULES(LIBOSMOABIS, libosmoabis >= 0.2.0) PKG_CHECK_MODULES(LIBOSMOGB, libosmogb >= 0.6.4) PKG_CHECK_MODULES(LIBOSMONETIF, libosmo-netif >= 0.0.1) -PKG_CHECK_MODULES(LIBCRYPTO, libcrypto >= 0.9.5) # Enabke/disable the NAT? AC_ARG_ENABLE([nat], [AS_HELP_STRING([--enable-nat], [Build the BSC NAT. Requires SCCP])], diff --git a/openbsc/src/libmsc/Makefile.am b/openbsc/src/libmsc/Makefile.am index c219a35d9..f746f82f5 100644 --- a/openbsc/src/libmsc/Makefile.am +++ b/openbsc/src/libmsc/Makefile.am @@ -10,7 +10,6 @@ AM_CFLAGS = \ $(LIBOSMOVTY_CFLAGS) \ $(LIBOSMOABIS_CFLAGS) \ $(COVERAGE_CFLAGS) \ - $(LIBCRYPTO_CFLAGS) \ $(LIBSMPP34_CFLAGS) \ $(NULL) diff --git a/openbsc/src/libmsc/auth.c b/openbsc/src/libmsc/auth.c index 8c8af11c6..85477a34c 100644 --- a/openbsc/src/libmsc/auth.c +++ b/openbsc/src/libmsc/auth.c @@ -29,8 +29,6 @@ #include <osmocom/gsm/comp128.h> #include <osmocom/core/utils.h> -#include <openssl/rand.h> - #include <stdlib.h> const struct value_string auth_action_names[] = { @@ -141,8 +139,10 @@ int auth_get_tuple_for_subscr(struct gsm_auth_tuple *atuple, } atuple->use_count = 1; - if (RAND_bytes(atuple->vec.rand, sizeof(atuple->vec.rand)) != 1) { - LOGP(DMM, LOGL_NOTICE, "RAND_bytes failed, can't generate new auth tuple\n"); + rc = osmo_get_rand_id(atuple->vec.rand, sizeof(atuple->vec.rand)); + if (rc < 0) { + LOGP(DMM, LOGL_NOTICE, "osmo_get_rand_id failed, can't generate new auth tuple: %s\n", + strerror(-rc)); return AUTH_ERROR; } diff --git a/openbsc/src/libmsc/db.c b/openbsc/src/libmsc/db.c index 15e7fd4d1..0b61b4f07 100644 --- a/openbsc/src/libmsc/db.c +++ b/openbsc/src/libmsc/db.c @@ -41,8 +41,6 @@ #include <osmocom/core/rate_ctr.h> #include <osmocom/core/utils.h> -#include <openssl/rand.h> - /* Semi-Private-Interface (SPI) for the subscriber code */ void subscr_direct_free(struct gsm_subscriber *subscr); @@ -1378,8 +1376,9 @@ int db_subscriber_alloc_tmsi(struct gsm_subscriber *subscriber) char *tmsi_quoted; for (;;) { - if (RAND_bytes((uint8_t *) &subscriber->tmsi, sizeof(subscriber->tmsi)) != 1) { - LOGP(DDB, LOGL_ERROR, "RAND_bytes failed\n"); + int rc = osmo_get_rand_id((uint8_t *) &subscriber->tmsi, sizeof(subscriber->tmsi)); + if (rc < 0) { + LOGP(DDB, LOGL_ERROR, "osmo_get_rand_id() failed: %s\n", strerror(-rc)); return 1; } if (subscriber->tmsi == GSM_RESERVED_TMSI) @@ -1458,8 +1457,9 @@ int db_subscriber_alloc_token(struct gsm_subscriber *subscriber, uint32_t *token uint32_t try; for (;;) { - if (RAND_bytes((uint8_t *) &try, sizeof(try)) != 1) { - LOGP(DDB, LOGL_ERROR, "RAND_bytes failed\n"); + int rc = osmo_get_rand_id((uint8_t *) &try, sizeof(try)); + if (rc < 0) { + LOGP(DDB, LOGL_ERROR, "osmo_get_rand_id() failed: %s\n", strerror(-rc)); return 1; } if (!try) /* 0 is an invalid token */ diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat.c b/openbsc/src/osmo-bsc_nat/bsc_nat.c index daa066d05..f83abe130 100644 --- a/openbsc/src/osmo-bsc_nat/bsc_nat.c +++ b/openbsc/src/osmo-bsc_nat/bsc_nat.c @@ -74,8 +74,6 @@ #include <osmocom/abis/ipa.h> -#include <openssl/rand.h> - #include "../../bscconfig.h" #define SCCP_CLOSE_TIME 20 @@ -221,7 +219,7 @@ static void send_id_req(struct bsc_nat *nat, struct bsc_connection *bsc) buf = v_put(buf, 0x23); mrand = bsc->last_rand; - if (RAND_bytes(mrand, 16) != 1) + if (osmo_get_rand_id(mrand, 16) < 0) goto failed_random; memcpy(buf, mrand, 16); @@ -232,7 +230,7 @@ static void send_id_req(struct bsc_nat *nat, struct bsc_connection *bsc) failed_random: /* the timeout will trigger and close this connection */ - LOGP(DNAT, LOGL_ERROR, "Failed to read from urandom.\n"); + LOGP(DNAT, LOGL_ERROR, "osmo_get_rand_id() failed.\n"); return; } diff --git a/openbsc/tests/db/Makefile.am b/openbsc/tests/db/Makefile.am index 0eed5cd55..70996458c 100644 --- a/openbsc/tests/db/Makefile.am +++ b/openbsc/tests/db/Makefile.am @@ -43,6 +43,5 @@ db_test_LDADD = \ $(LIBOSMOGSM_LIBS) \ $(LIBSMPP34_LIBS) \ $(LIBOSMOVTY_LIBS) \ - $(LIBCRYPTO_LIBS) \ -ldbi \ $(NULL) diff --git a/openbsc/tests/mm_auth/mm_auth_test.c b/openbsc/tests/mm_auth/mm_auth_test.c index b8777a8c5..ebd122f05 100644 --- a/openbsc/tests/mm_auth/mm_auth_test.c +++ b/openbsc/tests/mm_auth/mm_auth_test.c @@ -121,7 +121,7 @@ int auth_get_tuple_for_subscr_verbose(struct gsm_auth_tuple *atuple, } /* override libssl RAND_bytes() to get testable crypto results */ -int RAND_bytes(uint8_t *rand, int len) +int osmo_get_rand_id(uint8_t *rand, size_t len) { memset(rand, 23, len); return 1; |