Module: kamailio Branch: 5.2 Commit: 0e5fbd02c95d76045487b707a7386abb029234ff URL: https://github.com/kamailio/kamailio/commit/0e5fbd02c95d76045487b707a7386ab… Author: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Committer: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Date: 2019-10-07T15:16:17+02:00 tls: add cryptorand (fortuna) engine for PRNG if libssl v1.1.0+ - set it to be the default PRNG with libssl v1.1.0+ (cherry picked from commit 58f6eb7b8bbd6e22994f4b147b6c2fc9c7d1daa0) --- Modified: src/modules/tls/tls_mod.c Modified: src/modules/tls/tls_rand.c Modified: src/modules/tls/tls_rand.h --- Diff: https://github.com/kamailio/kamailio/commit/0e5fbd02c95d76045487b707a7386ab… Patch: https://github.com/kamailio/kamailio/commit/0e5fbd02c95d76045487b707a7386ab… --- diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index 75d8aa8fd2..424fad8a08 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -453,6 +453,9 @@ int ksr_rand_engine_param(modparam_t type, void* val) } else if(reng->len == 8 && strncasecmp(reng->s, "fastrand", 8) == 0) { LM_DBG("setting fastrand random engine\n"); RAND_set_rand_method(RAND_ksr_fastrand_method()); + } else if (reng->len == 10 && strncasecmp(reng->s, "cryptorand", 10) == 0) { + LM_DBG("setting cryptorand random engine\n"); + RAND_set_rand_method(RAND_ksr_cryptorand_method()); } #endif return 0; @@ -563,8 +566,8 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2) register_tls_hooks(&tls_h); #if OPENSSL_VERSION_NUMBER >= 0x10100000L - LM_DBG("setting fastrand random engine\n"); - RAND_set_rand_method(RAND_ksr_fastrand_method()); + LM_DBG("setting cryptorand random engine\n"); + RAND_set_rand_method(RAND_ksr_cryptorand_method()); #endif sr_kemi_modules_add(sr_kemi_tls_exports); diff --git a/src/modules/tls/tls_rand.c b/src/modules/tls/tls_rand.c index bc80f658c3..3cb2e8a712 100644 --- a/src/modules/tls/tls_rand.c +++ b/src/modules/tls/tls_rand.c @@ -129,4 +129,46 @@ const RAND_METHOD *RAND_ksr_fastrand_method(void) return &_ksr_fastrand_method; } + +/* + * Implementation with Fortuna cryptographic PRNG. + * We are not strictly implementing the OpenSSL API here - we will + * not return an error if the PRNG has not been seeded with enough + * randomness to ensure an unpredictable byte sequence. + */ +static int ksr_cryptorand_bytes(unsigned char *outdata, int size) +{ + if (size < 0) { + return 0; + } else if (size == 0) { + return 1; + } + + sr_get_pseudo_random_bytes(outdata, size); + return 1; +} + +static int ksr_cryptorand_status(void) +{ + return 1; +} + +/* + * We don't have a dedicated function for pseudo-random + * bytes, just use the secure version as well for it. + */ +const RAND_METHOD _ksr_cryptorand_method = { + NULL, + ksr_cryptorand_bytes, + NULL, + NULL, + ksr_cryptorand_bytes, + ksr_cryptorand_status +}; + +const RAND_METHOD *RAND_ksr_cryptorand_method(void) +{ + return &_ksr_cryptorand_method; +} + #endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */ diff --git a/src/modules/tls/tls_rand.h b/src/modules/tls/tls_rand.h index d1a3f0d37f..c73d36b8d9 100644 --- a/src/modules/tls/tls_rand.h +++ b/src/modules/tls/tls_rand.h @@ -27,6 +27,7 @@ const RAND_METHOD *RAND_ksr_krand_method(void); const RAND_METHOD *RAND_ksr_fastrand_method(void); +const RAND_METHOD *RAND_ksr_cryptorand_method(void); #endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */ #endif