mirror of https://gerrit.osmocom.org/libosmocore
Enable GnuTLS fallback
On systems with GNU/Linux kernel older than 3.17 (Debian 8 "jessie" for example) the osmo_get_rand_id() would always return failure due to missing getrandom() syscall. To support such systems, let's add fallback code which uses GnuTLS library. It can be disabled explicitly via '--disable-gnutls' option at compile-time, otherwise ./configure will fail if both getrandom() and GnuTLS are not available. When building with '--enable-embedded' the fallback is disabled automatically. Related: OS#1694 Change-Id: Ic77866ce65acf524b768882c751a4f9c0635740b
This commit is contained in:
parent
69b61fe510
commit
ed029dfab9
17
configure.ac
17
configure.ac
|
@ -130,6 +130,20 @@ AS_IF([test "x$ENABLE_PCSC" = "xyes"], [
|
|||
AM_CONDITIONAL(ENABLE_PCSC, test "x$ENABLE_PCSC" = "xyes")
|
||||
AC_SUBST(ENABLE_PCSC)
|
||||
|
||||
AC_ARG_ENABLE([gnutls], [AS_HELP_STRING([--disable-gnutls], [Do not use GnuTLS fallback for missing getrandom()])],
|
||||
[ENABLE_GNUTLS=$enableval], [ENABLE_GNUTLS="yes"])
|
||||
AM_CONDITIONAL(ENABLE_GNUTLS, test x"$ENABLE_GNUTLS" = x"yes")
|
||||
AS_IF([test "x$ENABLE_GNUTLS" = "xyes"], [
|
||||
PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 2.12.0])
|
||||
])
|
||||
AC_SUBST(ENABLE_GNUTLS)
|
||||
if test x"$ENABLE_GNUTLS" = x"yes"
|
||||
then
|
||||
AC_SUBST([LIBGNUTLS_CFLAGS])
|
||||
AC_SUBST([LIBGNUTLS_LIBS])
|
||||
AC_DEFINE([USE_GNUTLS], [1], [Use GnuTLS as a fallback for missing getrandom()])
|
||||
fi
|
||||
|
||||
AC_ARG_ENABLE(plugin,
|
||||
[AS_HELP_STRING(
|
||||
[--disable-plugin],
|
||||
|
@ -228,12 +242,15 @@ then
|
|||
AM_CONDITIONAL(ENABLE_PLUGIN, false)
|
||||
AM_CONDITIONAL(ENABLE_MSGFILE, false)
|
||||
AM_CONDITIONAL(ENABLE_SERIAL, false)
|
||||
AM_CONDITIONAL(ENABLE_GNUTLS, false)
|
||||
AM_CONDITIONAL(ENABLE_VTY, false)
|
||||
AM_CONDITIONAL(ENABLE_CTRL, false)
|
||||
AM_CONDITIONAL(ENABLE_UTILITIES, false)
|
||||
AM_CONDITIONAL(ENABLE_GB, false)
|
||||
AM_CONDITIONAL(ENABLE_GNUTLS, false)
|
||||
AM_CONDITIONAL(ENABLE_PCSC, false)
|
||||
AM_CONDITIONAL(ENABLE_PSEUDOTALLOC, true)
|
||||
AC_DEFINE([USE_GNUTLS], [0])
|
||||
AC_DEFINE([PANIC_INFLOOP],[1],[Use infinite loop on panic rather than fprintf/abort])
|
||||
fi
|
||||
|
||||
|
|
|
@ -38,6 +38,11 @@ libosmogsm_la_SOURCES =
|
|||
libosmogsm_la_LDFLAGS = $(LTLDFLAGS_OSMOGSM) -version-info $(LIBVERSION) -no-undefined
|
||||
libosmogsm_la_LIBADD = libgsmint.la $(TALLOC_LIBS)
|
||||
|
||||
if ENABLE_GNUTLS
|
||||
AM_CPPFLAGS += $(LIBGNUTLS_CFLAGS)
|
||||
libosmogsm_la_LIBADD += $(LIBGNUTLS_LIBS)
|
||||
endif
|
||||
|
||||
EXTRA_DIST = libosmogsm.map
|
||||
|
||||
# Convolutional codes generation
|
||||
|
|
|
@ -106,6 +106,12 @@
|
|||
#endif
|
||||
#endif
|
||||
|
||||
#if (USE_GNUTLS)
|
||||
#pragma message ("including GnuTLS for getrandom fallback.")
|
||||
#include <gnutls/gnutls.h>
|
||||
#include <gnutls/crypto.h>
|
||||
#endif
|
||||
|
||||
/* ETSI GSM 03.38 6.2.1 and 6.2.1.1 default alphabet
|
||||
* Greek symbols at hex positions 0x10 and 0x12-0x1a
|
||||
* left out as they can't be handled with a char and
|
||||
|
@ -409,7 +415,7 @@ int gsm_7bit_encode_n_ussd(uint8_t *result, size_t n, const char *data, int *oct
|
|||
*/
|
||||
int osmo_get_rand_id(uint8_t *out, size_t len)
|
||||
{
|
||||
int rc;
|
||||
int rc = -ENOTSUP;
|
||||
|
||||
/* this function is intended for generating short identifiers only, not arbitrary-length random data */
|
||||
if (len > OSMO_MAX_RAND_ID_LEN)
|
||||
|
@ -421,13 +427,16 @@ int osmo_get_rand_id(uint8_t *out, size_t len)
|
|||
#pragma message ("Using direct syscall access for getrandom(): consider upgrading to glibc >= 2.25")
|
||||
/* FIXME: this can be removed once we bump glibc requirements to 2.25: */
|
||||
rc = syscall(SYS_getrandom, out, len, GRND_NONBLOCK);
|
||||
#else
|
||||
#pragma message ("Secure random unavailable: calls to osmo_get_rand_id() will always fail!")
|
||||
return -ENOTSUP;
|
||||
#endif
|
||||
|
||||
/* getrandom() failed entirely: */
|
||||
if (rc < 0)
|
||||
if (rc < 0) {
|
||||
#if (USE_GNUTLS)
|
||||
#pragma message ("Secure random failed: using GnuTLS fallback.")
|
||||
return gnutls_rnd(GNUTLS_RND_RANDOM, out, len);
|
||||
#endif
|
||||
return -errno;
|
||||
}
|
||||
|
||||
/* getrandom() failed partially due to signal interruption:
|
||||
this should never happen (according to getrandom(2)) as long as OSMO_MAX_RAND_ID_LEN < 256
|
||||
|
|
Loading…
Reference in New Issue