[PATCH] libosmocore[master]: Enable GnuTLS fallback

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Max gerrit-no-reply at lists.osmocom.org
Wed Nov 1 12:23:45 UTC 2017


Hello Harald Welte, Jenkins Builder,

I'd like you to reexamine a change.  Please visit

    https://gerrit.osmocom.org/4593

to look at the new patch set (#8).

Enable GnuTLS fallback

On systems with GNU/Linux kernel older than 3.17 (Debian 8 "jessie" for
example) the osmo_get_rand_id() would always return failure due to
missing getrandom() syscall.

To support such systems, let's add fallback code which uses GnuTLS
library. It can be disabled explicitly via '--disable-gnutls' option at
compile-time, otherwise ./configure will fail if both getrandom() and
GnuTLS are not available. When building with '--enable-embedded' the
fallback is disabled automatically.

Related: OS#1694

Change-Id: Ic77866ce65acf524b768882c751a4f9c0635740b
---
M configure.ac
M src/gsm/Makefile.am
M src/gsm/gsm_utils.c
3 files changed, 36 insertions(+), 5 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/93/4593/8

diff --git a/configure.ac b/configure.ac
index d9390cf..a8c1d2e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -130,6 +130,20 @@
 AM_CONDITIONAL(ENABLE_PCSC, test "x$ENABLE_PCSC" = "xyes")
 AC_SUBST(ENABLE_PCSC)
 
+AC_ARG_ENABLE([gnutls], [AS_HELP_STRING([--disable-gnutls], [Do not use GnuTLS fallback for missing getrandom()])],
+	[ENABLE_GNUTLS=$enableval], [ENABLE_GNUTLS="yes"])
+AM_CONDITIONAL(ENABLE_GNUTLS, test x"$ENABLE_GNUTLS" = x"yes")
+AS_IF([test "x$ENABLE_GNUTLS" = "xyes"], [
+	PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 2.12.0])
+])
+AC_SUBST(ENABLE_GNUTLS)
+if test x"$ENABLE_GNUTLS" = x"yes"
+then
+	AC_SUBST([LIBGNUTLS_CFLAGS])
+	AC_SUBST([LIBGNUTLS_LIBS])
+	AC_DEFINE([USE_GNUTLS], [1], [Use GnuTLS as a fallback for missing getrandom()])
+fi
+
 AC_ARG_ENABLE(plugin,
 	[AS_HELP_STRING(
 		[--disable-plugin],
@@ -228,12 +242,15 @@
 	AM_CONDITIONAL(ENABLE_PLUGIN, false)
 	AM_CONDITIONAL(ENABLE_MSGFILE, false)
 	AM_CONDITIONAL(ENABLE_SERIAL, false)
+	AM_CONDITIONAL(ENABLE_GNUTLS, false)
 	AM_CONDITIONAL(ENABLE_VTY, false)
 	AM_CONDITIONAL(ENABLE_CTRL, false)
 	AM_CONDITIONAL(ENABLE_UTILITIES, false)
 	AM_CONDITIONAL(ENABLE_GB, false)
+	AM_CONDITIONAL(ENABLE_GNUTLS, false)
 	AM_CONDITIONAL(ENABLE_PCSC, false)
 	AM_CONDITIONAL(ENABLE_PSEUDOTALLOC, true)
+	AC_DEFINE([USE_GNUTLS], [0])
 	AC_DEFINE([PANIC_INFLOOP],[1],[Use infinite loop on panic rather than fprintf/abort])
 fi
 
diff --git a/src/gsm/Makefile.am b/src/gsm/Makefile.am
index 4476971..12f56db 100644
--- a/src/gsm/Makefile.am
+++ b/src/gsm/Makefile.am
@@ -38,6 +38,11 @@
 libosmogsm_la_LDFLAGS = $(LTLDFLAGS_OSMOGSM) -version-info $(LIBVERSION) -no-undefined
 libosmogsm_la_LIBADD = libgsmint.la $(TALLOC_LIBS)
 
+if ENABLE_GNUTLS
+AM_CPPFLAGS += $(LIBGNUTLS_CFLAGS)
+libosmogsm_la_LIBADD += $(LIBGNUTLS_LIBS)
+endif
+
 EXTRA_DIST = libosmogsm.map
 
 # Convolutional codes generation
diff --git a/src/gsm/gsm_utils.c b/src/gsm/gsm_utils.c
index e3f792e..ea72cc8 100644
--- a/src/gsm/gsm_utils.c
+++ b/src/gsm/gsm_utils.c
@@ -106,6 +106,12 @@
 #endif
 #endif
 
+#if (USE_GNUTLS)
+#pragma message ("including GnuTLS for getrandom fallback.")
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+#endif
+
 /* ETSI GSM 03.38 6.2.1 and 6.2.1.1 default alphabet
  * Greek symbols at hex positions 0x10 and 0x12-0x1a
  * left out as they can't be handled with a char and
@@ -409,7 +415,7 @@
  */
 int osmo_get_rand_id(uint8_t *out, size_t len)
 {
-	int rc;
+	int rc = -ENOTSUP;
 
 	/* this function is intended for generating short identifiers only, not arbitrary-length random data */
 	if (len > OSMO_MAX_RAND_ID_LEN)
@@ -421,13 +427,16 @@
 #pragma message ("Using direct syscall access for getrandom(): consider upgrading to glibc >= 2.25")
 	/* FIXME: this can be removed once we bump glibc requirements to 2.25: */
 	rc = syscall(SYS_getrandom, out, len, GRND_NONBLOCK);
-#else
-#pragma message ("Secure random unavailable: calls to osmo_get_rand_id() will always fail!")
-	return -ENOTSUP;
 #endif
+
 	/* getrandom() failed entirely: */
-	if (rc < 0)
+	if (rc < 0) {
+#if (USE_GNUTLS)
+#pragma message ("Secure random failed: using GnuTLS fallback.")
+		return gnutls_rnd(GNUTLS_RND_RANDOM, out, len);
+#endif	
 		return -errno;
+	}
 
 	/* getrandom() failed partially due to signal interruption:
 	   this should never happen (according to getrandom(2)) as long as OSMO_MAX_RAND_ID_LEN < 256

-- 
To view, visit https://gerrit.osmocom.org/4593
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Ic77866ce65acf524b768882c751a4f9c0635740b
Gerrit-PatchSet: 8
Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Owner: Max <msuraev at sysmocom.de>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: Max <msuraev at sysmocom.de>



More information about the gerrit-log mailing list