[MERGED] osmo-sgsn[master]: Migrate from OpenSSL to osmo_get_rand_id()

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Max gerrit-no-reply at lists.osmocom.org
Wed Dec 27 11:10:45 UTC 2017


Max has submitted this change and it was merged.

Change subject: Migrate from OpenSSL to osmo_get_rand_id()
......................................................................


Migrate from OpenSSL to osmo_get_rand_id()

This avoids potential licensing incompatibility and makes integration of
Debian packaging patches easier.

The libosmocore version requirements are fine already but for jenkins
tests to pass we have to have Ic77866ce65acf524b768882c751a4f9c0635740b
merged into libosmocore master.

Related: OS#1694
Change-Id: I2b687b7f07ef05bbd861b8479cad5a958a3dde92
---
M configure.ac
M debian/control
M src/gprs/Makefile.am
M src/gprs/gb_proxy.c
M src/gprs/gprs_gmm.c
M src/gprs/gprs_llc.c
M src/gprs/gprs_sgsn.c
M tests/gbproxy/Makefile.am
M tests/gbproxy/gbproxy_test.c
M tests/sgsn/Makefile.am
M tests/sgsn/sgsn_test.c
M tests/sndcp_xid/Makefile.am
M tests/xid/Makefile.am
13 files changed, 57 insertions(+), 66 deletions(-)

Approvals:
  Harald Welte: Looks good to me, approved
  Jenkins Builder: Verified



diff --git a/configure.ac b/configure.ac
index 2de31cc..e886fa5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -46,7 +46,6 @@
 PKG_CHECK_MODULES(LIBOSMOABIS, libosmoabis >= 0.2.0)
 PKG_CHECK_MODULES(LIBOSMOGB, libosmogb >= 0.6.4)
 PKG_CHECK_MODULES(LIBOSMONETIF, libosmo-netif >= 0.0.1)
-PKG_CHECK_MODULES(LIBCRYPTO, libcrypto >= 0.9.5)
 
 # Enable/disable 3G aka IuPS + IuCS support?
 AC_ARG_ENABLE([iu], [AS_HELP_STRING([--enable-iu], [Build 3G support, aka IuPS and IuCS interfaces])],
diff --git a/debian/control b/debian/control
index ce2167a..330945f 100644
--- a/debian/control
+++ b/debian/control
@@ -9,7 +9,6 @@
                automake,
                libtool,
                pkg-config,
-               libssl-dev,
                libtalloc-dev,
                libc-ares-dev,
                libgtp-dev,
diff --git a/src/gprs/Makefile.am b/src/gprs/Makefile.am
index 764acba..b0fca6f 100644
--- a/src/gprs/Makefile.am
+++ b/src/gprs/Makefile.am
@@ -15,7 +15,6 @@
 	$(LIBOSMOGB_CFLAGS) \
 	$(COVERAGE_CFLAGS) \
 	$(LIBCARES_CFLAGS) \
-	$(LIBCRYPTO_CFLAGS) \
 	$(LIBGTP_CFLAGS) \
 	$(NULL)
 if BUILD_IU
@@ -61,7 +60,6 @@
 	$(NULL)
 osmo_gbproxy_LDADD = \
 	$(OSMO_LIBS) \
-	$(LIBCRYPTO_LIBS) \
 	-lrt \
 	$(NULL)
 
@@ -97,7 +95,6 @@
 	$(OSMO_LIBS) \
 	$(LIBOSMOABIS_LIBS) \
 	$(LIBCARES_LIBS) \
-	$(LIBCRYPTO_LIBS) \
 	$(LIBGTP_LIBS) \
 	-lrt \
 	-lm \
diff --git a/src/gprs/gb_proxy.c b/src/gprs/gb_proxy.c
index 6a9bc22..63c3a61 100644
--- a/src/gprs/gb_proxy.c
+++ b/src/gprs/gb_proxy.c
@@ -50,8 +50,6 @@
 #include <osmocom/gsm/protocol/gsm_04_08_gprs.h>
 #include <osmocom/sgsn/gprs_utils.h>
 
-#include <openssl/rand.h>
-
 extern void *tall_bsc_ctx;
 
 static const struct rate_ctr_desc global_ctr_description[] = {
@@ -232,12 +230,13 @@
 				uint32_t sgsn_ptmsi)
 {
 	uint32_t bss_ptmsi;
-	int max_retries = 23;
+	int max_retries = 23, rc = 0;
 	if (!peer->cfg->patch_ptmsi) {
 		bss_ptmsi = sgsn_ptmsi;
 	} else {
 		do {
-			if (RAND_bytes((uint8_t *) &bss_ptmsi, sizeof(bss_ptmsi)) != 1) {
+			rc = osmo_get_rand_id((uint8_t *) &bss_ptmsi, sizeof(bss_ptmsi));
+			if (rc < 0) {
 				bss_ptmsi = GSM_RESERVED_TMSI;
 				break;
 			}
@@ -250,7 +249,7 @@
 	}
 
 	if (bss_ptmsi == GSM_RESERVED_TMSI)
-		LOGP(DGPRS, LOGL_ERROR, "Failed to allocate a BSS P-TMSI\n");
+		LOGP(DGPRS, LOGL_ERROR, "Failed to allocate a BSS P-TMSI: %d (%s)\n", rc, strerror(-rc));
 
 	return bss_ptmsi;
 }
@@ -260,7 +259,7 @@
 				uint32_t bss_tlli)
 {
 	uint32_t sgsn_tlli;
-	int max_retries = 23;
+	int max_retries = 23, rc = 0;
 	if (!peer->cfg->patch_ptmsi) {
 		sgsn_tlli = bss_tlli;
 	} else if (link_info->sgsn_tlli.ptmsi != GSM_RESERVED_TMSI &&
@@ -274,7 +273,8 @@
 	} else {
 		do {
 			/* create random TLLI, 0b01111xxx... */
-			if (RAND_bytes((uint8_t *) &sgsn_tlli, sizeof(sgsn_tlli)) != 1) {
+			rc = osmo_get_rand_id((uint8_t *) &sgsn_tlli, sizeof(sgsn_tlli));
+			if (rc < 0) {
 				sgsn_tlli = 0;
 				break;
 			}
@@ -287,7 +287,7 @@
 	}
 
 	if (!sgsn_tlli)
-		LOGP(DGPRS, LOGL_ERROR, "Failed to allocate an SGSN TLLI\n");
+		LOGP(DGPRS, LOGL_ERROR, "Failed to allocate an SGSN TLLI: %d (%s)\n", rc, strerror(-rc));
 
 	return sgsn_tlli;
 }
diff --git a/src/gprs/gprs_gmm.c b/src/gprs/gprs_gmm.c
index f07b806..ead958e 100644
--- a/src/gprs/gprs_gmm.c
+++ b/src/gprs/gprs_gmm.c
@@ -31,8 +31,6 @@
 #include <arpa/inet.h>
 #include <netdb.h>
 
-#include <openssl/rand.h>
-
 #include "bscconfig.h"
 
 #include <osmocom/core/msgb.h>
@@ -587,6 +585,7 @@
 	struct gsm48_hdr *gh;
 	struct gsm48_auth_ciph_req *acreq;
 	uint8_t *m_rand, *m_cksn, rbyte;
+	int rc;
 
 	LOGMMCTXP(LOGL_INFO, mm, "<- GPRS AUTH AND CIPHERING REQ (rand = %s",
 		  osmo_hexdump(vec->rand, sizeof(vec->rand)));
@@ -610,12 +609,13 @@
 	/* § 10.5.5.7: */
 	acreq->force_stby = force_standby;
 	/* 3GPP TS 24.008 § 10.5.5.19: */
-	if (RAND_bytes(&rbyte, 1) != 1) {
-		LOGP(DMM, LOGL_NOTICE, "RAND_bytes failed for A&C ref, falling "
-		     "back to rand()\n");
-		acreq->ac_ref_nr = rand();
-	} else
-		acreq->ac_ref_nr = rbyte;
+	rc = osmo_get_rand_id(&rbyte, 1);
+	if (rc < 0) {
+		LOGP(DMM, LOGL_ERROR, "osmo_get_rand_id() failed for A&C ref: %s\n", strerror(-rc));
+		return rc;
+	}
+
+	acreq->ac_ref_nr = rbyte;
 	mm->ac_ref_nr_used = acreq->ac_ref_nr;
 
 	/* Only if authentication is requested we need to set RAND + CKSN */
@@ -2086,6 +2086,7 @@
 {
 	struct sgsn_mm_ctx *mm = _mm;
 	struct gsm_auth_tuple *at;
+	int rc;
 
 	mm->num_T_exp++;
 
@@ -2130,8 +2131,11 @@
 		}
 		at = &mm->auth_triplet;
 
-		gsm48_tx_gmm_auth_ciph_req(mm, &at->vec, at->key_seq, false);
-		osmo_timer_schedule(&mm->timer, sgsn->cfg.timers.T3360, 0);
+		rc = gsm48_tx_gmm_auth_ciph_req(mm, &at->vec, at->key_seq, false);
+		if (rc < 0)
+			LOGMMCTXP(LOGL_ERROR, mm, "failed sending Auth. & Ciph. Reuqest: %s \n", strerror(-rc));
+		else
+			osmo_timer_schedule(&mm->timer, sgsn->cfg.timers.T3360, 0);
 		break;
 	case 3370:	/* waiting for IDENTITY RESPONSE */
 		if (mm->num_T_exp >= 5) {
diff --git a/src/gprs/gprs_llc.c b/src/gprs/gprs_llc.c
index 22743fe..1a7cf3d 100644
--- a/src/gprs/gprs_llc.c
+++ b/src/gprs/gprs_llc.c
@@ -23,8 +23,6 @@
 #include <stdint.h>
 #include <stdbool.h>
 
-#include <openssl/rand.h>
-
 #include <osmocom/core/msgb.h>
 #include <osmocom/core/linuxlist.h>
 #include <osmocom/core/timer.h>
@@ -1065,14 +1063,15 @@
 	struct msgb *msg = msgb_alloc_headroom(4096, 1024, "LLC_XID");
 	struct gprs_llc_lle *lle = &llme->lle[1];
 	uint8_t xid_bytes[1024];
-	int xid_bytes_len;
+	int xid_bytes_len, rc;
 	uint8_t *xid;
 
 	LOGP(DLLC, LOGL_NOTICE, "LLGM Reset\n");
-	if (RAND_bytes((uint8_t *) &llme->iov_ui, 4) != 1) {
-		LOGP(DLLC, LOGL_NOTICE, "RAND_bytes failed for LLC XID reset, "
-		     "falling back to rand()\n");
-		llme->iov_ui = rand();
+
+	rc = osmo_get_rand_id((uint8_t *) &llme->iov_ui, 4);
+	if (rc < 0) {
+		LOGP(DLLC, LOGL_ERROR, "osmo_get_rand_id() failed for LLC XID reset: %s\n", strerror(-rc));
+		return rc;
 	}
 
 	/* Generate XID message */
@@ -1098,14 +1097,15 @@
 {
 	struct msgb *msg = msgb_alloc_headroom(4096, 1024, "LLC_XID");
 	uint8_t xid_bytes[1024];
-	int xid_bytes_len;
+	int xid_bytes_len, rc;
 	uint8_t *xid;
 
 	LOGP(DLLC, LOGL_NOTICE, "LLGM Reset\n");
-	if (RAND_bytes((uint8_t *) &llme->iov_ui, 4) != 1) {
-		LOGP(DLLC, LOGL_NOTICE, "RAND_bytes failed for LLC XID reset, "
-		     "falling back to rand()\n");
-		llme->iov_ui = rand();
+
+	rc = osmo_get_rand_id((uint8_t *) &llme->iov_ui, 4);
+	if (rc < 0) {
+		LOGP(DLLC, LOGL_ERROR, "osmo_get_rand_id() failed for LLC XID reset: %s\n", strerror(-rc));
+		return rc;
 	}
 
 	/* Generate XID message */
diff --git a/src/gprs/gprs_sgsn.c b/src/gprs/gprs_sgsn.c
index c4321f9..688eaed 100644
--- a/src/gprs/gprs_sgsn.c
+++ b/src/gprs/gprs_sgsn.c
@@ -46,8 +46,6 @@
 
 #include <time.h>
 
-#include <openssl/rand.h>
-
 #include "../../bscconfig.h"
 
 #if BUILD_IU
@@ -643,10 +641,11 @@
 {
 	struct sgsn_mm_ctx *mm;
 	uint32_t ptmsi = 0xdeadbeef;
-	int max_retries = 100;
+	int max_retries = 100, rc = 0;
 
 restart:
-	if (RAND_bytes((uint8_t *) &ptmsi, sizeof(ptmsi)) != 1)
+	rc = osmo_get_rand_id((uint8_t *) &ptmsi, sizeof(ptmsi));
+	if (rc < 0)
 		goto failed;
 
 	/* Enforce that the 2 MSB are set without loosing the distance between
@@ -684,7 +683,7 @@
 	return ptmsi;
 
 failed:
-	LOGP(DGPRS, LOGL_ERROR, "Failed to allocate a P-TMSI\n");
+	LOGP(DGPRS, LOGL_ERROR, "Failed to allocate a P-TMSI: %d (%s)\n", rc, strerror(-rc));
 	return GSM_RESERVED_TMSI;
 }
 
diff --git a/tests/gbproxy/Makefile.am b/tests/gbproxy/Makefile.am
index 3291839..ef38fb6 100644
--- a/tests/gbproxy/Makefile.am
+++ b/tests/gbproxy/Makefile.am
@@ -28,7 +28,7 @@
 	$(NULL)
 
 gbproxy_test_LDFLAGS = \
-	-Wl,--wrap=RAND_bytes \
+	-Wl,--wrap=osmo_get_rand_id \
 	$(NULL)
 
 gbproxy_test_LDADD = \
@@ -46,6 +46,5 @@
 	$(LIBOSMOVTY_LIBS) \
 	$(LIBOSMOABIS_LIBS) \
 	$(LIBRARY_DL) \
-	$(LIBCRYPTO_LIBS) \
 	-lrt \
 	$(NULL)
diff --git a/tests/gbproxy/gbproxy_test.c b/tests/gbproxy/gbproxy_test.c
index e8a4ef9..3ebdccb 100644
--- a/tests/gbproxy/gbproxy_test.c
+++ b/tests/gbproxy/gbproxy_test.c
@@ -37,8 +37,6 @@
 #include <osmocom/sgsn/gprs_gb_parse.h>
 #include <osmocom/sgsn/debug.h>
 
-#include <openssl/rand.h>
-
 #define REMOTE_BSS_ADDR 0x01020304
 #define REMOTE_SGSN_ADDR 0x05060708
 
@@ -55,24 +53,23 @@
 
 struct llist_head *received_messages = NULL;
 
-/* override, requires '-Wl,--wrap=RAND_bytes' */
-int __real_RAND_bytes(unsigned char *buf, int num);
-int mock_RAND_bytes(unsigned char *buf, int num);
-int (*RAND_bytes_cb)(unsigned char *, int) =
-  &mock_RAND_bytes;
+/* override, requires '-Wl,--wrap=osmo_get_rand_id' */
+int __real_osmo_get_rand_id(uint8_t *data, size_t len);
+int mock_osmo_get_rand_id(uint8_t *data, size_t len);
+int (*osmo_get_rand_id_cb)(uint8_t *, size_t) =
+  &mock_osmo_get_rand_id;
 
-int __wrap_RAND_bytes(unsigned char *buf, int num)
+int __wrap_osmo_get_rand_id(uint8_t *buf, size_t num)
 {
-	return (*RAND_bytes_cb)(buf, num);
+	return (*osmo_get_rand_id_cb)(buf, num);
 }
 
 static int rand_seq_num = 0;
-int mock_RAND_bytes(unsigned char *buf, int num)
+int mock_osmo_get_rand_id(uint8_t *buf, size_t num)
 {
 	uint32_t val;
 
 	OSMO_ASSERT(num == sizeof(val));
-	OSMO_ASSERT(__real_RAND_bytes(buf, num) == 1);
 
 	val = 0x00dead00 + rand_seq_num;
 
diff --git a/tests/sgsn/Makefile.am b/tests/sgsn/Makefile.am
index 36026dd..802811d 100644
--- a/tests/sgsn/Makefile.am
+++ b/tests/sgsn/Makefile.am
@@ -32,7 +32,7 @@
 	$(NULL)
 
 sgsn_test_LDFLAGS = \
-	-Wl,--wrap=RAND_bytes \
+	-Wl,--wrap=osmo_get_rand_id \
 	-Wl,--wrap=sgsn_update_subscriber_data \
 	-Wl,--wrap=gprs_subscr_request_update_location \
 	-Wl,--wrap=gprs_subscr_request_auth_info \
@@ -67,7 +67,6 @@
 	$(LIBOSMOGSM_LIBS) \
 	$(LIBOSMOGB_LIBS) \
 	$(LIBCARES_LIBS) \
-	$(LIBCRYPTO_LIBS) \
 	$(LIBGTP_LIBS) \
 	-lrt \
 	-lm \
diff --git a/tests/sgsn/sgsn_test.c b/tests/sgsn/sgsn_test.c
index a486794..219587a 100644
--- a/tests/sgsn/sgsn_test.c
+++ b/tests/sgsn/sgsn_test.c
@@ -100,21 +100,21 @@
 	return 0;
 }
 
-/* override, requires '-Wl,--wrap=RAND_bytes' */
-int __real_RAND_bytes(unsigned char *buf, int num);
-int mock_RAND_bytes(unsigned char *buf, int num);
-int (*RAND_bytes_cb)(unsigned char *, int) =
-  &mock_RAND_bytes;
+/* override, requires '-Wl,--wrap=osmo_get_rand_id' */
+int __real_osmo_get_rand_id(uint8_t *data, size_t len);
+int mock_osmo_get_rand_id(uint8_t *data, size_t len);
+int (*osmo_get_rand_id_cb)(uint8_t *, size_t) =
+  &mock_osmo_get_rand_id;
 
-int __wrap_RAND_bytes(unsigned char *buf, int num)
+int __wrap_osmo_get_rand_id(uint8_t *buf, size_t num)
 {
-	return (*RAND_bytes_cb)(buf, num);
+	return (*osmo_get_rand_id_cb)(buf, num);
 }
 /* make results of A&C ref predictable */
-int mock_RAND_bytes(unsigned char *buf, int num)
+int mock_osmo_get_rand_id(uint8_t *buf, size_t num)
 {
 	if (num > 1)
-		return __real_RAND_bytes(buf, num);
+		return __real_osmo_get_rand_id(buf, num);
 	buf[0] = 0;
 	return 1;
 }
diff --git a/tests/sndcp_xid/Makefile.am b/tests/sndcp_xid/Makefile.am
index d09c41b..fbcb36c 100644
--- a/tests/sndcp_xid/Makefile.am
+++ b/tests/sndcp_xid/Makefile.am
@@ -14,7 +14,6 @@
 	$(LIBOSMOGSM_LIBS) \
 	$(LIBOSMOGB_LIBS) \
 	$(LIBCARES_LIBS) \
-	$(LIBCRYPTO_LIBS) \
 	$(LIBGTP_LIBS) \
 	-lrt -lm
 
diff --git a/tests/xid/Makefile.am b/tests/xid/Makefile.am
index 6c3689f..92876ec 100644
--- a/tests/xid/Makefile.am
+++ b/tests/xid/Makefile.am
@@ -30,7 +30,6 @@
 	$(LIBOSMOGSM_LIBS) \
 	$(LIBOSMOGB_LIBS) \
 	$(LIBCARES_LIBS) \
-	$(LIBCRYPTO_LIBS) \
 	$(LIBGTP_LIBS) \
 	-lrt \
 	-lm \

-- 
To view, visit https://gerrit.osmocom.org/3821
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I2b687b7f07ef05bbd861b8479cad5a958a3dde92
Gerrit-PatchSet: 10
Gerrit-Project: osmo-sgsn
Gerrit-Branch: master
Gerrit-Owner: Max <msuraev at sysmocom.de>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: Max <msuraev at sysmocom.de>



More information about the gerrit-log mailing list