Module: kamailio Branch: 5.2 Commit: 4288880cd5a11c255ecf426311033a74a8e292f4 URL: https://github.com/kamailio/kamailio/commit/4288880cd5a11c255ecf426311033a74...
Author: Henning Westerholt hw@skalatan.de Committer: Henning Westerholt hw@skalatan.de Date: 2019-10-09T17:02:03+02:00
tls: add initial seeding to cryptorand generator, as we don't do it in core
- add initial seeding to cryptorand generator initialization to main proces - only as additional fallback in case of no access to system entropy sources - not needed for 5.3 - we do it in here in the core for all processes
(cherry picked from commit 21e0fba6adb9e77e91ea83ed79b13621df556e1e)
---
Modified: src/modules/tls/tls_mod.c Modified: src/modules/tls/tls_rand.c Modified: src/modules/tls/tls_rand.h
---
Diff: https://github.com/kamailio/kamailio/commit/4288880cd5a11c255ecf426311033a74... Patch: https://github.com/kamailio/kamailio/commit/4288880cd5a11c255ecf426311033a74...
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index 424fad8a08..eaa9593a31 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -567,6 +567,7 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2)
#if OPENSSL_VERSION_NUMBER >= 0x10100000L LM_DBG("setting cryptorand random engine\n"); + ksr_cryptorand_seed_init(); RAND_set_rand_method(RAND_ksr_cryptorand_method()); #endif
diff --git a/src/modules/tls/tls_rand.c b/src/modules/tls/tls_rand.c index 3cb2e8a712..14c0321c04 100644 --- a/src/modules/tls/tls_rand.c +++ b/src/modules/tls/tls_rand.c @@ -171,4 +171,19 @@ const RAND_METHOD *RAND_ksr_cryptorand_method(void) return &_ksr_cryptorand_method; }
+/* seed the generator during startup, internally it will also use system entropy */ +void ksr_cryptorand_seed_init() { + u_int8_t bytes[4]; + unsigned int seed; + + seed = fastrand(); + bytes[0] = (seed >> 24) & 0xFF; + bytes[1] = (seed >> 16) & 0xFF; + bytes[2] = (seed >> 8) & 0xFF; + bytes[3] = seed & 0xFF; + + LM_DBG("seeding cryptorand generator with %u\n", seed); + sr_add_entropy(bytes, 4); +} + #endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */ diff --git a/src/modules/tls/tls_rand.h b/src/modules/tls/tls_rand.h index c73d36b8d9..2b61e3b2ed 100644 --- a/src/modules/tls/tls_rand.h +++ b/src/modules/tls/tls_rand.h @@ -29,5 +29,7 @@ const RAND_METHOD *RAND_ksr_krand_method(void); const RAND_METHOD *RAND_ksr_fastrand_method(void); const RAND_METHOD *RAND_ksr_cryptorand_method(void);
+void ksr_cryptorand_seed_init(); + #endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */ #endif