[sr-dev] git:5.2:0e5fbd02: tls: add cryptorand (fortuna) engine for PRNG if libssl v1.1.0+
Daniel-Constantin Mierla
miconda at gmail.com
Mon Oct 7 15:17:07 CEST 2019
Module: kamailio
Branch: 5.2
Commit: 0e5fbd02c95d76045487b707a7386abb029234ff
URL: https://github.com/kamailio/kamailio/commit/0e5fbd02c95d76045487b707a7386abb029234ff
Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2019-10-07T15:16:17+02:00
tls: add cryptorand (fortuna) engine for PRNG if libssl v1.1.0+
- set it to be the default PRNG with libssl v1.1.0+
(cherry picked from commit 58f6eb7b8bbd6e22994f4b147b6c2fc9c7d1daa0)
---
Modified: src/modules/tls/tls_mod.c
Modified: src/modules/tls/tls_rand.c
Modified: src/modules/tls/tls_rand.h
---
Diff: https://github.com/kamailio/kamailio/commit/0e5fbd02c95d76045487b707a7386abb029234ff.diff
Patch: https://github.com/kamailio/kamailio/commit/0e5fbd02c95d76045487b707a7386abb029234ff.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 75d8aa8fd2..424fad8a08 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -453,6 +453,9 @@ int ksr_rand_engine_param(modparam_t type, void* val)
} else if(reng->len == 8 && strncasecmp(reng->s, "fastrand", 8) == 0) {
LM_DBG("setting fastrand random engine\n");
RAND_set_rand_method(RAND_ksr_fastrand_method());
+ } else if (reng->len == 10 && strncasecmp(reng->s, "cryptorand", 10) == 0) {
+ LM_DBG("setting cryptorand random engine\n");
+ RAND_set_rand_method(RAND_ksr_cryptorand_method());
}
#endif
return 0;
@@ -563,8 +566,8 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2)
register_tls_hooks(&tls_h);
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
- LM_DBG("setting fastrand random engine\n");
- RAND_set_rand_method(RAND_ksr_fastrand_method());
+ LM_DBG("setting cryptorand random engine\n");
+ RAND_set_rand_method(RAND_ksr_cryptorand_method());
#endif
sr_kemi_modules_add(sr_kemi_tls_exports);
diff --git a/src/modules/tls/tls_rand.c b/src/modules/tls/tls_rand.c
index bc80f658c3..3cb2e8a712 100644
--- a/src/modules/tls/tls_rand.c
+++ b/src/modules/tls/tls_rand.c
@@ -129,4 +129,46 @@ const RAND_METHOD *RAND_ksr_fastrand_method(void)
return &_ksr_fastrand_method;
}
+
+/*
+ * Implementation with Fortuna cryptographic PRNG.
+ * We are not strictly implementing the OpenSSL API here - we will
+ * not return an error if the PRNG has not been seeded with enough
+ * randomness to ensure an unpredictable byte sequence.
+ */
+static int ksr_cryptorand_bytes(unsigned char *outdata, int size)
+{
+ if (size < 0) {
+ return 0;
+ } else if (size == 0) {
+ return 1;
+ }
+
+ sr_get_pseudo_random_bytes(outdata, size);
+ return 1;
+}
+
+static int ksr_cryptorand_status(void)
+{
+ return 1;
+}
+
+/*
+ * We don't have a dedicated function for pseudo-random
+ * bytes, just use the secure version as well for it.
+ */
+const RAND_METHOD _ksr_cryptorand_method = {
+ NULL,
+ ksr_cryptorand_bytes,
+ NULL,
+ NULL,
+ ksr_cryptorand_bytes,
+ ksr_cryptorand_status
+};
+
+const RAND_METHOD *RAND_ksr_cryptorand_method(void)
+{
+ return &_ksr_cryptorand_method;
+}
+
#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
diff --git a/src/modules/tls/tls_rand.h b/src/modules/tls/tls_rand.h
index d1a3f0d37f..c73d36b8d9 100644
--- a/src/modules/tls/tls_rand.h
+++ b/src/modules/tls/tls_rand.h
@@ -27,6 +27,7 @@
const RAND_METHOD *RAND_ksr_krand_method(void);
const RAND_METHOD *RAND_ksr_fastrand_method(void);
+const RAND_METHOD *RAND_ksr_cryptorand_method(void);
#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
#endif
More information about the sr-dev
mailing list