[PATCH] osmo-sgsn[master]: Migrate from OpenSSL to osmo_get_rand_id()

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Max gerrit-no-reply at lists.osmocom.org
Mon Oct 9 13:51:26 UTC 2017


Hello Jenkins Builder,

I'd like you to reexamine a change.  Please visit

    https://gerrit.osmocom.org/3821

to look at the new patch set (#5).

Migrate from OpenSSL to osmo_get_rand_id()

This avoids potential licensing incompatibility and makes integration of
Debian packaging patches easier.

Related: OS#1694

Change-Id: I2b687b7f07ef05bbd861b8479cad5a958a3dde92
---
M configure.ac
M debian/control
M src/gprs/Makefile.am
M src/gprs/gb_proxy.c
M src/gprs/gprs_gmm.c
M src/gprs/gprs_llc.c
M src/gprs/gprs_sgsn.c
M tests/gbproxy/Makefile.am
M tests/gbproxy/gbproxy_test.c
M tests/sgsn/Makefile.am
M tests/sgsn/sgsn_test.c
M tests/sndcp_xid/Makefile.am
M tests/xid/Makefile.am
13 files changed, 57 insertions(+), 66 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/osmo-sgsn refs/changes/21/3821/5

diff --git a/configure.ac b/configure.ac
index c8e23e5..7921085 100644
--- a/configure.ac
+++ b/configure.ac
@@ -47,7 +47,6 @@
 PKG_CHECK_MODULES(LIBOSMOGB, libosmogb >= 0.6.4)
 PKG_CHECK_MODULES(LIBOSMONETIF, libosmo-netif >= 0.0.1)
 PKG_CHECK_MODULES(LIBOSMOSIGTRAN, libosmo-sigtran) # TODO version?
-PKG_CHECK_MODULES(LIBCRYPTO, libcrypto >= 0.9.5)
 
 # Enable/disable 3G aka IuPS + IuCS support?
 AC_ARG_ENABLE([iu], [AS_HELP_STRING([--enable-iu], [Build 3G support, aka IuPS and IuCS interfaces])],
diff --git a/debian/control b/debian/control
index ce2167a..330945f 100644
--- a/debian/control
+++ b/debian/control
@@ -9,7 +9,6 @@
                automake,
                libtool,
                pkg-config,
-               libssl-dev,
                libtalloc-dev,
                libc-ares-dev,
                libgtp-dev,
diff --git a/src/gprs/Makefile.am b/src/gprs/Makefile.am
index 654604b..0a88c01 100644
--- a/src/gprs/Makefile.am
+++ b/src/gprs/Makefile.am
@@ -15,7 +15,6 @@
 	$(LIBOSMOGB_CFLAGS) \
 	$(COVERAGE_CFLAGS) \
 	$(LIBCARES_CFLAGS) \
-	$(LIBCRYPTO_CFLAGS) \
 	$(LIBGTP_CFLAGS) \
 	$(NULL)
 if BUILD_IU
@@ -63,7 +62,6 @@
 	$(NULL)
 osmo_gbproxy_LDADD = \
 	$(OSMO_LIBS) \
-	$(LIBCRYPTO_LIBS) \
 	-lrt \
 	$(NULL)
 
@@ -99,7 +97,6 @@
 	$(OSMO_LIBS) \
 	$(LIBOSMOABIS_LIBS) \
 	$(LIBCARES_LIBS) \
-	$(LIBCRYPTO_LIBS) \
 	$(LIBGTP_LIBS) \
 	-lrt \
 	-lm \
diff --git a/src/gprs/gb_proxy.c b/src/gprs/gb_proxy.c
index 17a0109..09e291b 100644
--- a/src/gprs/gb_proxy.c
+++ b/src/gprs/gb_proxy.c
@@ -50,8 +50,6 @@
 #include <osmocom/gsm/protocol/gsm_04_08_gprs.h>
 #include <osmocom/sgsn/gprs_utils.h>
 
-#include <openssl/rand.h>
-
 extern void *tall_bsc_ctx;
 
 static const struct rate_ctr_desc global_ctr_description[] = {
@@ -232,12 +230,13 @@
 				uint32_t sgsn_ptmsi)
 {
 	uint32_t bss_ptmsi;
-	int max_retries = 23;
+	int max_retries = 23, rc = 0;
 	if (!peer->cfg->patch_ptmsi) {
 		bss_ptmsi = sgsn_ptmsi;
 	} else {
 		do {
-			if (RAND_bytes((uint8_t *) &bss_ptmsi, sizeof(bss_ptmsi)) != 1) {
+			rc = osmo_get_rand_id((uint8_t *) &bss_ptmsi, sizeof(bss_ptmsi));
+			if (rc < 0) {
 				bss_ptmsi = GSM_RESERVED_TMSI;
 				break;
 			}
@@ -250,7 +249,7 @@
 	}
 
 	if (bss_ptmsi == GSM_RESERVED_TMSI)
-		LOGP(DGPRS, LOGL_ERROR, "Failed to allocate a BSS P-TMSI\n");
+		LOGP(DGPRS, LOGL_ERROR, "Failed to allocate a BSS P-TMSI: %d (%s)\n", rc, strerror(-rc));
 
 	return bss_ptmsi;
 }
@@ -260,7 +259,7 @@
 				uint32_t bss_tlli)
 {
 	uint32_t sgsn_tlli;
-	int max_retries = 23;
+	int max_retries = 23, rc = 0;
 	if (!peer->cfg->patch_ptmsi) {
 		sgsn_tlli = bss_tlli;
 	} else if (link_info->sgsn_tlli.ptmsi != GSM_RESERVED_TMSI &&
@@ -274,7 +273,8 @@
 	} else {
 		do {
 			/* create random TLLI, 0b01111xxx... */
-			if (RAND_bytes((uint8_t *) &sgsn_tlli, sizeof(sgsn_tlli)) != 1) {
+			rc = osmo_get_rand_id((uint8_t *) &sgsn_tlli, sizeof(sgsn_tlli));
+			if (rc < 0) {
 				sgsn_tlli = 0;
 				break;
 			}
@@ -287,7 +287,7 @@
 	}
 
 	if (!sgsn_tlli)
-		LOGP(DGPRS, LOGL_ERROR, "Failed to allocate an SGSN TLLI\n");
+		LOGP(DGPRS, LOGL_ERROR, "Failed to allocate an SGSN TLLI: %d (%s)\n", rc, strerror(-rc));
 
 	return sgsn_tlli;
 }
diff --git a/src/gprs/gprs_gmm.c b/src/gprs/gprs_gmm.c
index 7e109b4..0ebe65a 100644
--- a/src/gprs/gprs_gmm.c
+++ b/src/gprs/gprs_gmm.c
@@ -31,8 +31,6 @@
 #include <arpa/inet.h>
 #include <netdb.h>
 
-#include <openssl/rand.h>
-
 #include "bscconfig.h"
 
 #include <osmocom/core/msgb.h>
@@ -585,6 +583,7 @@
 	struct gsm48_hdr *gh;
 	struct gsm48_auth_ciph_req *acreq;
 	uint8_t *m_rand, *m_cksn, rbyte;
+	int rc;
 
 	LOGMMCTXP(LOGL_INFO, mm, "<- GPRS AUTH AND CIPHERING REQ (rand = %s",
 		  osmo_hexdump(vec->rand, sizeof(vec->rand)));
@@ -608,12 +607,13 @@
 	/* § 10.5.5.7: */
 	acreq->force_stby = force_standby;
 	/* 3GPP TS 24.008 § 10.5.5.19: */
-	if (RAND_bytes(&rbyte, 1) != 1) {
-		LOGP(DMM, LOGL_NOTICE, "RAND_bytes failed for A&C ref, falling "
-		     "back to rand()\n");
-		acreq->ac_ref_nr = rand();
-	} else
-		acreq->ac_ref_nr = rbyte;
+	rc = osmo_get_rand_id(&rbyte, 1);
+	if (rc < 0) {
+		LOGP(DMM, LOGL_ERROR, "osmo_get_rand_id() failed for A&C ref: %s\n", strerror(-rc));
+		return rc;
+	}
+
+	acreq->ac_ref_nr = rbyte;
 	mm->ac_ref_nr_used = acreq->ac_ref_nr;
 
 	/* Only if authentication is requested we need to set RAND + CKSN */
@@ -2078,6 +2078,7 @@
 {
 	struct sgsn_mm_ctx *mm = _mm;
 	struct gsm_auth_tuple *at;
+	int rc;
 
 	mm->num_T_exp++;
 
@@ -2122,8 +2123,11 @@
 		}
 		at = &mm->auth_triplet;
 
-		gsm48_tx_gmm_auth_ciph_req(mm, &at->vec, at->key_seq, false);
-		osmo_timer_schedule(&mm->timer, sgsn->cfg.timers.T3360, 0);
+		rc = gsm48_tx_gmm_auth_ciph_req(mm, &at->vec, at->key_seq, false);
+		if (rc < 0)
+			LOGMMCTXP(LOGL_ERROR, mm, "failed sending Auth. & Ciph. Reuqest: %s \n", strerror(-rc));
+		else
+			osmo_timer_schedule(&mm->timer, sgsn->cfg.timers.T3360, 0);
 		break;
 	case 3370:	/* waiting for IDENTITY RESPONSE */
 		if (mm->num_T_exp >= 5) {
diff --git a/src/gprs/gprs_llc.c b/src/gprs/gprs_llc.c
index 22743fe..1a7cf3d 100644
--- a/src/gprs/gprs_llc.c
+++ b/src/gprs/gprs_llc.c
@@ -23,8 +23,6 @@
 #include <stdint.h>
 #include <stdbool.h>
 
-#include <openssl/rand.h>
-
 #include <osmocom/core/msgb.h>
 #include <osmocom/core/linuxlist.h>
 #include <osmocom/core/timer.h>
@@ -1065,14 +1063,15 @@
 	struct msgb *msg = msgb_alloc_headroom(4096, 1024, "LLC_XID");
 	struct gprs_llc_lle *lle = &llme->lle[1];
 	uint8_t xid_bytes[1024];
-	int xid_bytes_len;
+	int xid_bytes_len, rc;
 	uint8_t *xid;
 
 	LOGP(DLLC, LOGL_NOTICE, "LLGM Reset\n");
-	if (RAND_bytes((uint8_t *) &llme->iov_ui, 4) != 1) {
-		LOGP(DLLC, LOGL_NOTICE, "RAND_bytes failed for LLC XID reset, "
-		     "falling back to rand()\n");
-		llme->iov_ui = rand();
+
+	rc = osmo_get_rand_id((uint8_t *) &llme->iov_ui, 4);
+	if (rc < 0) {
+		LOGP(DLLC, LOGL_ERROR, "osmo_get_rand_id() failed for LLC XID reset: %s\n", strerror(-rc));
+		return rc;
 	}
 
 	/* Generate XID message */
@@ -1098,14 +1097,15 @@
 {
 	struct msgb *msg = msgb_alloc_headroom(4096, 1024, "LLC_XID");
 	uint8_t xid_bytes[1024];
-	int xid_bytes_len;
+	int xid_bytes_len, rc;
 	uint8_t *xid;
 
 	LOGP(DLLC, LOGL_NOTICE, "LLGM Reset\n");
-	if (RAND_bytes((uint8_t *) &llme->iov_ui, 4) != 1) {
-		LOGP(DLLC, LOGL_NOTICE, "RAND_bytes failed for LLC XID reset, "
-		     "falling back to rand()\n");
-		llme->iov_ui = rand();
+
+	rc = osmo_get_rand_id((uint8_t *) &llme->iov_ui, 4);
+	if (rc < 0) {
+		LOGP(DLLC, LOGL_ERROR, "osmo_get_rand_id() failed for LLC XID reset: %s\n", strerror(-rc));
+		return rc;
 	}
 
 	/* Generate XID message */
diff --git a/src/gprs/gprs_sgsn.c b/src/gprs/gprs_sgsn.c
index 4cd3df1..abe4fab 100644
--- a/src/gprs/gprs_sgsn.c
+++ b/src/gprs/gprs_sgsn.c
@@ -46,8 +46,6 @@
 
 #include <time.h>
 
-#include <openssl/rand.h>
-
 #include "../../bscconfig.h"
 
 #if BUILD_IU
@@ -641,10 +639,11 @@
 {
 	struct sgsn_mm_ctx *mm;
 	uint32_t ptmsi = 0xdeadbeef;
-	int max_retries = 100;
+	int max_retries = 100, rc = 0;
 
 restart:
-	if (RAND_bytes((uint8_t *) &ptmsi, sizeof(ptmsi)) != 1)
+	rc = osmo_get_rand_id((uint8_t *) &ptmsi, sizeof(ptmsi));
+	if (rc < 0)
 		goto failed;
 
 	/* Enforce that the 2 MSB are set without loosing the distance between
@@ -682,7 +681,7 @@
 	return ptmsi;
 
 failed:
-	LOGP(DGPRS, LOGL_ERROR, "Failed to allocate a P-TMSI\n");
+	LOGP(DGPRS, LOGL_ERROR, "Failed to allocate a P-TMSI: %d (%s)\n", rc, strerror(-rc));
 	return GSM_RESERVED_TMSI;
 }
 
diff --git a/tests/gbproxy/Makefile.am b/tests/gbproxy/Makefile.am
index 3291839..ef38fb6 100644
--- a/tests/gbproxy/Makefile.am
+++ b/tests/gbproxy/Makefile.am
@@ -28,7 +28,7 @@
 	$(NULL)
 
 gbproxy_test_LDFLAGS = \
-	-Wl,--wrap=RAND_bytes \
+	-Wl,--wrap=osmo_get_rand_id \
 	$(NULL)
 
 gbproxy_test_LDADD = \
@@ -46,6 +46,5 @@
 	$(LIBOSMOVTY_LIBS) \
 	$(LIBOSMOABIS_LIBS) \
 	$(LIBRARY_DL) \
-	$(LIBCRYPTO_LIBS) \
 	-lrt \
 	$(NULL)
diff --git a/tests/gbproxy/gbproxy_test.c b/tests/gbproxy/gbproxy_test.c
index e8a4ef9..3ebdccb 100644
--- a/tests/gbproxy/gbproxy_test.c
+++ b/tests/gbproxy/gbproxy_test.c
@@ -37,8 +37,6 @@
 #include <osmocom/sgsn/gprs_gb_parse.h>
 #include <osmocom/sgsn/debug.h>
 
-#include <openssl/rand.h>
-
 #define REMOTE_BSS_ADDR 0x01020304
 #define REMOTE_SGSN_ADDR 0x05060708
 
@@ -55,24 +53,23 @@
 
 struct llist_head *received_messages = NULL;
 
-/* override, requires '-Wl,--wrap=RAND_bytes' */
-int __real_RAND_bytes(unsigned char *buf, int num);
-int mock_RAND_bytes(unsigned char *buf, int num);
-int (*RAND_bytes_cb)(unsigned char *, int) =
-  &mock_RAND_bytes;
+/* override, requires '-Wl,--wrap=osmo_get_rand_id' */
+int __real_osmo_get_rand_id(uint8_t *data, size_t len);
+int mock_osmo_get_rand_id(uint8_t *data, size_t len);
+int (*osmo_get_rand_id_cb)(uint8_t *, size_t) =
+  &mock_osmo_get_rand_id;
 
-int __wrap_RAND_bytes(unsigned char *buf, int num)
+int __wrap_osmo_get_rand_id(uint8_t *buf, size_t num)
 {
-	return (*RAND_bytes_cb)(buf, num);
+	return (*osmo_get_rand_id_cb)(buf, num);
 }
 
 static int rand_seq_num = 0;
-int mock_RAND_bytes(unsigned char *buf, int num)
+int mock_osmo_get_rand_id(uint8_t *buf, size_t num)
 {
 	uint32_t val;
 
 	OSMO_ASSERT(num == sizeof(val));
-	OSMO_ASSERT(__real_RAND_bytes(buf, num) == 1);
 
 	val = 0x00dead00 + rand_seq_num;
 
diff --git a/tests/sgsn/Makefile.am b/tests/sgsn/Makefile.am
index 36026dd..802811d 100644
--- a/tests/sgsn/Makefile.am
+++ b/tests/sgsn/Makefile.am
@@ -32,7 +32,7 @@
 	$(NULL)
 
 sgsn_test_LDFLAGS = \
-	-Wl,--wrap=RAND_bytes \
+	-Wl,--wrap=osmo_get_rand_id \
 	-Wl,--wrap=sgsn_update_subscriber_data \
 	-Wl,--wrap=gprs_subscr_request_update_location \
 	-Wl,--wrap=gprs_subscr_request_auth_info \
@@ -67,7 +67,6 @@
 	$(LIBOSMOGSM_LIBS) \
 	$(LIBOSMOGB_LIBS) \
 	$(LIBCARES_LIBS) \
-	$(LIBCRYPTO_LIBS) \
 	$(LIBGTP_LIBS) \
 	-lrt \
 	-lm \
diff --git a/tests/sgsn/sgsn_test.c b/tests/sgsn/sgsn_test.c
index a486794..219587a 100644
--- a/tests/sgsn/sgsn_test.c
+++ b/tests/sgsn/sgsn_test.c
@@ -100,21 +100,21 @@
 	return 0;
 }
 
-/* override, requires '-Wl,--wrap=RAND_bytes' */
-int __real_RAND_bytes(unsigned char *buf, int num);
-int mock_RAND_bytes(unsigned char *buf, int num);
-int (*RAND_bytes_cb)(unsigned char *, int) =
-  &mock_RAND_bytes;
+/* override, requires '-Wl,--wrap=osmo_get_rand_id' */
+int __real_osmo_get_rand_id(uint8_t *data, size_t len);
+int mock_osmo_get_rand_id(uint8_t *data, size_t len);
+int (*osmo_get_rand_id_cb)(uint8_t *, size_t) =
+  &mock_osmo_get_rand_id;
 
-int __wrap_RAND_bytes(unsigned char *buf, int num)
+int __wrap_osmo_get_rand_id(uint8_t *buf, size_t num)
 {
-	return (*RAND_bytes_cb)(buf, num);
+	return (*osmo_get_rand_id_cb)(buf, num);
 }
 /* make results of A&C ref predictable */
-int mock_RAND_bytes(unsigned char *buf, int num)
+int mock_osmo_get_rand_id(uint8_t *buf, size_t num)
 {
 	if (num > 1)
-		return __real_RAND_bytes(buf, num);
+		return __real_osmo_get_rand_id(buf, num);
 	buf[0] = 0;
 	return 1;
 }
diff --git a/tests/sndcp_xid/Makefile.am b/tests/sndcp_xid/Makefile.am
index d09c41b..fbcb36c 100644
--- a/tests/sndcp_xid/Makefile.am
+++ b/tests/sndcp_xid/Makefile.am
@@ -14,7 +14,6 @@
 	$(LIBOSMOGSM_LIBS) \
 	$(LIBOSMOGB_LIBS) \
 	$(LIBCARES_LIBS) \
-	$(LIBCRYPTO_LIBS) \
 	$(LIBGTP_LIBS) \
 	-lrt -lm
 
diff --git a/tests/xid/Makefile.am b/tests/xid/Makefile.am
index 6c3689f..92876ec 100644
--- a/tests/xid/Makefile.am
+++ b/tests/xid/Makefile.am
@@ -30,7 +30,6 @@
 	$(LIBOSMOGSM_LIBS) \
 	$(LIBOSMOGB_LIBS) \
 	$(LIBCARES_LIBS) \
-	$(LIBCRYPTO_LIBS) \
 	$(LIBGTP_LIBS) \
 	-lrt \
 	-lm \

-- 
To view, visit https://gerrit.osmocom.org/3821
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I2b687b7f07ef05bbd861b8479cad5a958a3dde92
Gerrit-PatchSet: 5
Gerrit-Project: osmo-sgsn
Gerrit-Branch: master
Gerrit-Owner: Max <msuraev at sysmocom.de>
Gerrit-Reviewer: Jenkins Builder



More information about the gerrit-log mailing list