diff options
| author | Max <msuraev@sysmocom.de> | 2017-10-26 10:56:04 +0200 |
|---|---|---|
| committer | Harald Welte <laforge@gnumonks.org> | 2017-11-02 18:06:26 +0000 |
| commit | ed029dfab959bca74bd43d86922727c2047eeb4d (patch) | |
| tree | 07ed1e7bff8b0f154e949b62ffc1b0ba60098e4f | |
| parent | 69b61fe510dd9357040ad0a9f3a1449d913067a7 (diff) | |
Enable GnuTLS fallback
On systems with GNU/Linux kernel older than 3.17 (Debian 8 "jessie" for
example) the osmo_get_rand_id() would always return failure due to
missing getrandom() syscall.
To support such systems, let's add fallback code which uses GnuTLS
library. It can be disabled explicitly via '--disable-gnutls' option at
compile-time, otherwise ./configure will fail if both getrandom() and
GnuTLS are not available. When building with '--enable-embedded' the
fallback is disabled automatically.
Related: OS#1694
Change-Id: Ic77866ce65acf524b768882c751a4f9c0635740b
| -rw-r--r-- | configure.ac | 17 | ||||
| -rw-r--r-- | src/gsm/Makefile.am | 5 | ||||
| -rw-r--r-- | src/gsm/gsm_utils.c | 19 |
3 files changed, 36 insertions, 5 deletions
diff --git a/configure.ac b/configure.ac index d9390cf8..a8c1d2e3 100644 --- a/configure.ac +++ b/configure.ac @@ -130,6 +130,20 @@ AS_IF([test "x$ENABLE_PCSC" = "xyes"], [ AM_CONDITIONAL(ENABLE_PCSC, test "x$ENABLE_PCSC" = "xyes") AC_SUBST(ENABLE_PCSC) +AC_ARG_ENABLE([gnutls], [AS_HELP_STRING([--disable-gnutls], [Do not use GnuTLS fallback for missing getrandom()])], + [ENABLE_GNUTLS=$enableval], [ENABLE_GNUTLS="yes"]) +AM_CONDITIONAL(ENABLE_GNUTLS, test x"$ENABLE_GNUTLS" = x"yes") +AS_IF([test "x$ENABLE_GNUTLS" = "xyes"], [ + PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 2.12.0]) +]) +AC_SUBST(ENABLE_GNUTLS) +if test x"$ENABLE_GNUTLS" = x"yes" +then + AC_SUBST([LIBGNUTLS_CFLAGS]) + AC_SUBST([LIBGNUTLS_LIBS]) + AC_DEFINE([USE_GNUTLS], [1], [Use GnuTLS as a fallback for missing getrandom()]) +fi + AC_ARG_ENABLE(plugin, [AS_HELP_STRING( [--disable-plugin], @@ -228,12 +242,15 @@ then AM_CONDITIONAL(ENABLE_PLUGIN, false) AM_CONDITIONAL(ENABLE_MSGFILE, false) AM_CONDITIONAL(ENABLE_SERIAL, false) + AM_CONDITIONAL(ENABLE_GNUTLS, false) AM_CONDITIONAL(ENABLE_VTY, false) AM_CONDITIONAL(ENABLE_CTRL, false) AM_CONDITIONAL(ENABLE_UTILITIES, false) AM_CONDITIONAL(ENABLE_GB, false) + AM_CONDITIONAL(ENABLE_GNUTLS, false) AM_CONDITIONAL(ENABLE_PCSC, false) AM_CONDITIONAL(ENABLE_PSEUDOTALLOC, true) + AC_DEFINE([USE_GNUTLS], [0]) AC_DEFINE([PANIC_INFLOOP],[1],[Use infinite loop on panic rather than fprintf/abort]) fi diff --git a/src/gsm/Makefile.am b/src/gsm/Makefile.am index 44769713..12f56db1 100644 --- a/src/gsm/Makefile.am +++ b/src/gsm/Makefile.am @@ -38,6 +38,11 @@ libosmogsm_la_SOURCES = libosmogsm_la_LDFLAGS = $(LTLDFLAGS_OSMOGSM) -version-info $(LIBVERSION) -no-undefined libosmogsm_la_LIBADD = libgsmint.la $(TALLOC_LIBS) +if ENABLE_GNUTLS +AM_CPPFLAGS += $(LIBGNUTLS_CFLAGS) +libosmogsm_la_LIBADD += $(LIBGNUTLS_LIBS) +endif + EXTRA_DIST = libosmogsm.map # Convolutional codes generation diff --git a/src/gsm/gsm_utils.c b/src/gsm/gsm_utils.c index e3f792ef..134b4752 100644 --- a/src/gsm/gsm_utils.c +++ b/src/gsm/gsm_utils.c @@ -106,6 +106,12 @@ #endif #endif +#if (USE_GNUTLS) +#pragma message ("including GnuTLS for getrandom fallback.") +#include <gnutls/gnutls.h> +#include <gnutls/crypto.h> +#endif + /* ETSI GSM 03.38 6.2.1 and 6.2.1.1 default alphabet * Greek symbols at hex positions 0x10 and 0x12-0x1a * left out as they can't be handled with a char and @@ -409,7 +415,7 @@ int gsm_7bit_encode_n_ussd(uint8_t *result, size_t n, const char *data, int *oct */ int osmo_get_rand_id(uint8_t *out, size_t len) { - int rc; + int rc = -ENOTSUP; /* this function is intended for generating short identifiers only, not arbitrary-length random data */ if (len > OSMO_MAX_RAND_ID_LEN) @@ -421,13 +427,16 @@ int osmo_get_rand_id(uint8_t *out, size_t len) #pragma message ("Using direct syscall access for getrandom(): consider upgrading to glibc >= 2.25") /* FIXME: this can be removed once we bump glibc requirements to 2.25: */ rc = syscall(SYS_getrandom, out, len, GRND_NONBLOCK); -#else -#pragma message ("Secure random unavailable: calls to osmo_get_rand_id() will always fail!") - return -ENOTSUP; #endif + /* getrandom() failed entirely: */ - if (rc < 0) + if (rc < 0) { +#if (USE_GNUTLS) +#pragma message ("Secure random failed: using GnuTLS fallback.") + return gnutls_rnd(GNUTLS_RND_RANDOM, out, len); +#endif return -errno; + } /* getrandom() failed partially due to signal interruption: this should never happen (according to getrandom(2)) as long as OSMO_MAX_RAND_ID_LEN < 256 |