This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Neels Hofmeyr gerrit-no-reply at lists.osmocom.org
Review at https://gerrit.osmocom.org/7588
Migrate from OpenSSL to osmo_get_rand_id()
Drop OpenSSL/libcrypto dependency, use osmo_get_rand_id() instead.
Backport
osmo-msc 753c15de2f00e24f76ac9b01a20e1e2ff0f86ce2
= I71cd631704a4dc155c6c752fee2a42cd6e2fa336
"
Migrate from OpenSSL to osmo_get_rand_id()
This avoids potential licensing incompatibility and makes integration of
Debian packaging patches easier.
"
Apply similar changes in bsc-nat, mm_auth_test etc.
Tested manually with osmo-nitb and sysmoBTS, and verified that Authentication
Requests send heterogenous RAND tokens.
Related: OS#1694
Change-Id: I81ebd55c7c90a436c5f2090e6790d78b773d2c92
---
M debian/control
M openbsc/configure.ac
M openbsc/src/libmsc/Makefile.am
M openbsc/src/libmsc/auth.c
M openbsc/src/libmsc/db.c
M openbsc/src/osmo-bsc_nat/bsc_nat.c
M openbsc/tests/db/Makefile.am
M openbsc/tests/mm_auth/mm_auth_test.c
8 files changed, 13 insertions(+), 19 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/openbsc refs/changes/88/7588/1
diff --git a/debian/control b/debian/control
index e31d0c4..76b7d2a 100644
--- a/debian/control
+++ b/debian/control
@@ -14,7 +14,6 @@
libosmo-netif-dev,
libdbd-sqlite3,
libpcap-dev,
- libssl-dev,
libsmpp34-dev
Standards-Version: 3.9.8
Vcs-Git: git://bs11-abis.gnumonks.org/openbsc.git
diff --git a/openbsc/configure.ac b/openbsc/configure.ac
index a0df05f..7183fda 100644
--- a/openbsc/configure.ac
+++ b/openbsc/configure.ac
@@ -46,7 +46,6 @@
PKG_CHECK_MODULES(LIBOSMOABIS, libosmoabis >= 0.2.0)
PKG_CHECK_MODULES(LIBOSMOGB, libosmogb >= 0.6.4)
PKG_CHECK_MODULES(LIBOSMONETIF, libosmo-netif >= 0.0.1)
-PKG_CHECK_MODULES(LIBCRYPTO, libcrypto >= 0.9.5)
# Enabke/disable the NAT?
AC_ARG_ENABLE([nat], [AS_HELP_STRING([--enable-nat], [Build the BSC NAT. Requires SCCP])],
diff --git a/openbsc/src/libmsc/Makefile.am b/openbsc/src/libmsc/Makefile.am
index c219a35..f746f82 100644
--- a/openbsc/src/libmsc/Makefile.am
+++ b/openbsc/src/libmsc/Makefile.am
@@ -10,7 +10,6 @@
$(LIBOSMOVTY_CFLAGS) \
$(LIBOSMOABIS_CFLAGS) \
$(COVERAGE_CFLAGS) \
- $(LIBCRYPTO_CFLAGS) \
$(LIBSMPP34_CFLAGS) \
$(NULL)
diff --git a/openbsc/src/libmsc/auth.c b/openbsc/src/libmsc/auth.c
index 8c8af11..85477a3 100644
--- a/openbsc/src/libmsc/auth.c
+++ b/openbsc/src/libmsc/auth.c
@@ -29,8 +29,6 @@
#include <osmocom/gsm/comp128.h>
#include <osmocom/core/utils.h>
-#include <openssl/rand.h>
-
#include <stdlib.h>
const struct value_string auth_action_names[] = {
@@ -141,8 +139,10 @@
}
atuple->use_count = 1;
- if (RAND_bytes(atuple->vec.rand, sizeof(atuple->vec.rand)) != 1) {
- LOGP(DMM, LOGL_NOTICE, "RAND_bytes failed, can't generate new auth tuple\n");
+ rc = osmo_get_rand_id(atuple->vec.rand, sizeof(atuple->vec.rand));
+ if (rc < 0) {
+ LOGP(DMM, LOGL_NOTICE, "osmo_get_rand_id failed, can't generate new auth tuple: %s\n",
+ strerror(-rc));
return AUTH_ERROR;
}
diff --git a/openbsc/src/libmsc/db.c b/openbsc/src/libmsc/db.c
index 15e7fd4..0b61b4f 100644
--- a/openbsc/src/libmsc/db.c
+++ b/openbsc/src/libmsc/db.c
@@ -41,8 +41,6 @@
#include <osmocom/core/rate_ctr.h>
#include <osmocom/core/utils.h>
-#include <openssl/rand.h>
-
/* Semi-Private-Interface (SPI) for the subscriber code */
void subscr_direct_free(struct gsm_subscriber *subscr);
@@ -1378,8 +1376,9 @@
char *tmsi_quoted;
for (;;) {
- if (RAND_bytes((uint8_t *) &subscriber->tmsi, sizeof(subscriber->tmsi)) != 1) {
- LOGP(DDB, LOGL_ERROR, "RAND_bytes failed\n");
+ int rc = osmo_get_rand_id((uint8_t *) &subscriber->tmsi, sizeof(subscriber->tmsi));
+ if (rc < 0) {
+ LOGP(DDB, LOGL_ERROR, "osmo_get_rand_id() failed: %s\n", strerror(-rc));
return 1;
}
if (subscriber->tmsi == GSM_RESERVED_TMSI)
@@ -1458,8 +1457,9 @@
uint32_t try;
for (;;) {
- if (RAND_bytes((uint8_t *) &try, sizeof(try)) != 1) {
- LOGP(DDB, LOGL_ERROR, "RAND_bytes failed\n");
+ int rc = osmo_get_rand_id((uint8_t *) &try, sizeof(try));
+ if (rc < 0) {
+ LOGP(DDB, LOGL_ERROR, "osmo_get_rand_id() failed: %s\n", strerror(-rc));
return 1;
}
if (!try) /* 0 is an invalid token */
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat.c b/openbsc/src/osmo-bsc_nat/bsc_nat.c
index daa066d..f83abe1 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_nat.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_nat.c
@@ -74,8 +74,6 @@
#include <osmocom/abis/ipa.h>
-#include <openssl/rand.h>
-
#include "../../bscconfig.h"
#define SCCP_CLOSE_TIME 20
@@ -221,7 +219,7 @@
buf = v_put(buf, 0x23);
mrand = bsc->last_rand;
- if (RAND_bytes(mrand, 16) != 1)
+ if (osmo_get_rand_id(mrand, 16) < 0)
goto failed_random;
memcpy(buf, mrand, 16);
@@ -232,7 +230,7 @@
failed_random:
/* the timeout will trigger and close this connection */
- LOGP(DNAT, LOGL_ERROR, "Failed to read from urandom.\n");
+ LOGP(DNAT, LOGL_ERROR, "osmo_get_rand_id() failed.\n");
return;
}
diff --git a/openbsc/tests/db/Makefile.am b/openbsc/tests/db/Makefile.am
index 0eed5cd..7099645 100644
--- a/openbsc/tests/db/Makefile.am
+++ b/openbsc/tests/db/Makefile.am
@@ -43,6 +43,5 @@
$(LIBOSMOGSM_LIBS) \
$(LIBSMPP34_LIBS) \
$(LIBOSMOVTY_LIBS) \
- $(LIBCRYPTO_LIBS) \
-ldbi \
$(NULL)
diff --git a/openbsc/tests/mm_auth/mm_auth_test.c b/openbsc/tests/mm_auth/mm_auth_test.c
index b8777a8..ebd122f 100644
--- a/openbsc/tests/mm_auth/mm_auth_test.c
+++ b/openbsc/tests/mm_auth/mm_auth_test.c
@@ -121,7 +121,7 @@
}
/* override libssl RAND_bytes() to get testable crypto results */
-int RAND_bytes(uint8_t *rand, int len)
+int osmo_get_rand_id(uint8_t *rand, size_t len)
{
memset(rand, 23, len);
return 1;
--
To view, visit https://gerrit.osmocom.org/7588
To unsubscribe, visit https://gerrit.osmocom.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I81ebd55c7c90a436c5f2090e6790d78b773d2c92
Gerrit-PatchSet: 1
Gerrit-Project: openbsc
Gerrit-Branch: master
Gerrit-Owner: Neels Hofmeyr <nhofmeyr at sysmocom.de>