[sr-dev] addition of a cryptographic secure RNG to git master

[Henning Westerholt]

Hello,

I've added a cryptographic secure pseudo random number generator to git 
master.

It is located in src/core/random/fortuna. There are easy wrapper 
function available in src/core/random/cryptorand.h - this is the one 
that is easiest to use. Please use this if you need cryptographic secure 
random numbers in your module. The wrapper provides a similar API as 
fastrand or kam_rand:

/* seed the generator, will also use system randomness */
void cryptorand_seed(const unsigned int seed)

/* generate a 32 bit random number */
unsigned int cryptorand(void)

Motivation for this addition was the issue [1] related to the TLS module 
and openssl-1.1.

The implementation was based on libfortuna [2]. It was refactored to the 
Kamailio core and all not necessary parts were removed. It is seeded 
from the core at startup and also includes automatic time-based 
reseeding from kernel random sources.

As part of this implementation I also consolidated the existing crypto 
related code into a new directory: src/core/crypto. This way I could 
also get rid of the srutils library dependency for several modules.

This changes will not backported in this way to 5.3.0. There will be 
probably for 5.3. a dedicated copy of the necessary code to the TLS module.

If you notice any issues, please let me know.

Cheers,

Henning


[1] https://github.com/kamailio/kamailio/issues/2077

[2] https://github.com/henningw/libfortuna

-- 
Kamailio Merchandising - https://skalatan.de/merchandising/
Kamailio services - https://skalatan.de/services
Henning Westerholt - https://skalatan.de/blog/