nat: Use RAND_bytes instead of /dev/urandom
We don't need to consume all the entropy of the kernel but can
use libcrypto (OpenSSL) to generate random data. It is not clear
if we need to call RAND_load_file but I think we can assume that
our Unices have a /dev/urandom.
This takes less CPU time, provides good enough entropy (in theory)
and leaves some in the kernel entropy pool.
diff --git a/openbsc/configure.ac b/openbsc/configure.ac
index fb6feb9..0af573a 100644
--- a/openbsc/configure.ac
+++ b/openbsc/configure.ac
@@ -35,6 +35,7 @@
[osmo_ac_build_nat="$enableval"],[osmo_ac_build_nat="no"])
if test "$osmo_ac_build_nat" = "yes" ; then
PKG_CHECK_MODULES(LIBOSMOSCCP, libosmo-sccp >= 0.0.2)
+ PKG_CHECK_MODULES(LIBCRYPTO, libcrypto)
fi
AM_CONDITIONAL(BUILD_NAT, test "x$osmo_ac_build_nat" = "xyes")
AC_SUBST(osmo_ac_build_nat)
diff --git a/openbsc/include/openbsc/bsc_nat.h b/openbsc/include/openbsc/bsc_nat.h
index 72773a9..3090eb0 100644
--- a/openbsc/include/openbsc/bsc_nat.h
+++ b/openbsc/include/openbsc/bsc_nat.h
@@ -307,9 +307,6 @@
/* control interface */
struct ctrl_handle *ctrl;
-
- /* for random values */
- int random_fd;
};
struct bsc_nat_ussd_con {
diff --git a/openbsc/src/osmo-bsc_nat/Makefile.am b/openbsc/src/osmo-bsc_nat/Makefile.am
index d96a391..4a6f74d 100644
--- a/openbsc/src/osmo-bsc_nat/Makefile.am
+++ b/openbsc/src/osmo-bsc_nat/Makefile.am
@@ -1,5 +1,5 @@
AM_CPPFLAGS = $(all_includes) -I$(top_srcdir)/include -I$(top_builddir)
-AM_CFLAGS=-Wall $(LIBOSMOCORE_CFLAGS) $(LIBOSMOGSM_CFLAGS) $(LIBOSMOVTY_CFLAGS) $(LIBOSMOCTRL_CFLAGS) $(LIBOSMOSCCP_CFLAGS) $(LIBOSMOABIS_CFLAGS) $(LIBOSMONETIF_CFLAGS) $(COVERAGE_CFLAGS)
+AM_CFLAGS=-Wall $(LIBOSMOCORE_CFLAGS) $(LIBOSMOGSM_CFLAGS) $(LIBOSMOVTY_CFLAGS) $(LIBOSMOCTRL_CFLAGS) $(LIBOSMOSCCP_CFLAGS) $(LIBOSMOABIS_CFLAGS) $(LIBOSMONETIF_CFLAGS) $(LIBCRYPTO_CFLAGS) $(COVERAGE_CFLAGS)
AM_LDFLAGS = $(COVERAGE_LDFLAGS)
bin_PROGRAMS = osmo-bsc_nat
@@ -16,4 +16,4 @@
$(top_builddir)/src/libfilter/libfilter.a \
-lrt $(LIBOSMOSCCP_LIBS) $(LIBOSMOCORE_LIBS) \
$(LIBOSMOGSM_LIBS) $(LIBOSMOVTY_LIBS) $(LIBOSMOCTRL_LIBS) \
- $(LIBOSMOABIS_LIBS) $(LIBOSMONETIF_LIBS)
+ $(LIBOSMOABIS_LIBS) $(LIBOSMONETIF_LIBS) $(LIBCRYPTO_LIBS)
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat.c b/openbsc/src/osmo-bsc_nat/bsc_nat.c
index 581193e..1fc262d 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_nat.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_nat.c
@@ -69,6 +69,8 @@
#include <osmocom/abis/ipa.h>
+#include <openssl/rand.h>
+
#include "../../bscconfig.h"
#define SCCP_CLOSE_TIME 20
@@ -204,8 +206,7 @@
0x01, IPAC_IDTAG_SERNR,
};
- int toread, rounds;
- uint8_t *mrand, *randoff;
+ uint8_t *mrand;
uint8_t id_req[sizeof(s_id_req) + (2+16)];
uint8_t *buf = &id_req[sizeof(s_id_req)];
@@ -216,19 +217,10 @@
buf = v_put(buf, 0x11);
buf = v_put(buf, 0x23);
mrand = bsc->last_rand;
- randoff = mrand;
- memset(randoff, 0, 16);
- for (toread = 16, rounds = 0; rounds < 5 && toread > 0; ++rounds) {
- int rc = read(nat->random_fd, randoff, toread);
- if (rc <= 0)
- goto failed_random;
- toread -= rc;
- randoff += rc;
- }
-
- if (toread != 0)
+ if (RAND_bytes(mrand, 16) != 1)
goto failed_random;
+
memcpy(buf, mrand, 16);
buf += 16;
@@ -1628,12 +1620,6 @@
/* We need to add mode-set for amr codecs */
nat->sdp_ensure_amr_mode_set = 1;
- nat->random_fd = open("/dev/random", O_RDONLY);
- if (nat->random_fd < 0) {
- fprintf(stderr, "Failed to open /dev/urandom.\n");
- return -5;
- }
-
vty_info.copyright = openbsc_copyright;
vty_init(&vty_info);
logging_vty_add_cmds(&log_info);