sr-dev October 2019

sr-dev@lists.kamailio.org

22 participants
436 discussions

git:5.3:30cef0e2: presence: free allocated memory in case of error

by Daniel-Constantin Mierla

Module: kamailio Branch: 5.3 Commit: 30cef0e29c39402b91cd6d4b4d323cf3bf9fd033 URL: https://github.com/kamailio/kamailio/commit/30cef0e29c39402b91cd6d4b4d323cf… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2019-10-07T10:52:54+02:00 presence: free allocated memory in case of error (cherry picked from commit 4e6c8fe6073d7d52bab66faa68abad2f685d2090) --- Modified: src/modules/presence/notify.c --- Diff: https://github.com/kamailio/kamailio/commit/30cef0e29c39402b91cd6d4b4d323cf… Patch: https://github.com/kamailio/kamailio/commit/30cef0e29c39402b91cd6d4b4d323cf… --- diff --git a/src/modules/presence/notify.c b/src/modules/presence/notify.c index f9ce4c403f..245c2b95c0 100644 --- a/src/modules/presence/notify.c +++ b/src/modules/presence/notify.c @@ -2018,6 +2018,7 @@ int add_waiting_watchers(watcher_t *watchers, str pres_uri, str event) w = (watcher_t *)pkg_malloc(sizeof(watcher_t)); if(w == NULL) { + pkg_free(wuri.s); ERR_MEM(PKG_MEM_STR); } memset(w, 0, sizeof(watcher_t));

5 years, 1 month

git:5.3:aa875e29: xmlrpc: clean allocated buffer for reply when no more memory for reason value

by Daniel-Constantin Mierla

Module: kamailio Branch: 5.3 Commit: aa875e297bea05828f319d71fc68c44969931231 URL: https://github.com/kamailio/kamailio/commit/aa875e297bea05828f319d71fc68c44… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2019-10-07T10:52:41+02:00 xmlrpc: clean allocated buffer for reply when no more memory for reason value (cherry picked from commit 36a4b16117d79f1a30a9f929350f75ab8bfd5d2a) --- Modified: src/modules/xmlrpc/xmlrpc.c --- Diff: https://github.com/kamailio/kamailio/commit/aa875e297bea05828f319d71fc68c44… Patch: https://github.com/kamailio/kamailio/commit/aa875e297bea05828f319d71fc68c44… --- diff --git a/src/modules/xmlrpc/xmlrpc.c b/src/modules/xmlrpc/xmlrpc.c index 9521af2386..7552b4d7f1 100644 --- a/src/modules/xmlrpc/xmlrpc.c +++ b/src/modules/xmlrpc/xmlrpc.c @@ -2509,7 +2509,7 @@ static int ki_xmlrpc_reply(sip_msg_t* msg, int rcode, str* reason) reply.reason = as_asciiz(reason); if (reply.reason == NULL) { ERR("No memory left\n"); - return -1; + goto error; } if (reply.code >= 300) {

5 years, 1 month

git:5.3:52dda341: tls: use fastrand() for the corresponding rand_engine

by Daniel-Constantin Mierla

Module: kamailio Branch: 5.3 Commit: 52dda341500c697b988f600d3ae6f1b0065670bc URL: https://github.com/kamailio/kamailio/commit/52dda341500c697b988f600d3ae6f1b… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2019-10-07T10:52:33+02:00 tls: use fastrand() for the corresponding rand_engine (cherry picked from commit f877069e141749796ec02a78ce16342f9e120ef7) --- Modified: src/modules/tls/tls_rand.c --- Diff: https://github.com/kamailio/kamailio/commit/52dda341500c697b988f600d3ae6f1b… Patch: https://github.com/kamailio/kamailio/commit/52dda341500c697b988f600d3ae6f1b… --- diff --git a/src/modules/tls/tls_rand.c b/src/modules/tls/tls_rand.c index 9101251dd7..bc80f658c3 100644 --- a/src/modules/tls/tls_rand.c +++ b/src/modules/tls/tls_rand.c @@ -93,13 +93,13 @@ static int ksr_fastrand_bytes(unsigned char *outdata, int size) } while(size >= sizeof(int)) { - r = kam_rand(); + r = fastrand(); memcpy(outdata, &r, sizeof(int)); size -= sizeof(int); outdata += sizeof(int); } if(size>0) { - r = kam_rand(); + r = fastrand(); memcpy(outdata, &r, size); } return 1;

5 years, 1 month

git:5.3:3c11a405: tls: docs for rand_engine parameter

by Daniel-Constantin Mierla

Module: kamailio Branch: 5.3 Commit: 3c11a405344af55aa4b9c8d35e1c181473cbdf42 URL: https://github.com/kamailio/kamailio/commit/3c11a405344af55aa4b9c8d35e1c181… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2019-10-07T10:52:03+02:00 tls: docs for rand_engine parameter (cherry picked from commit 787b95a5a0573d4e81b2475a84bad59076e34faf) --- Modified: src/modules/tls/doc/params.xml --- Diff: https://github.com/kamailio/kamailio/commit/3c11a405344af55aa4b9c8d35e1c181… Patch: https://github.com/kamailio/kamailio/commit/3c11a405344af55aa4b9c8d35e1c181… --- diff --git a/src/modules/tls/doc/params.xml b/src/modules/tls/doc/params.xml index 6ef2d4123f..6028642b5f 100644 --- a/src/modules/tls/doc/params.xml +++ b/src/modules/tls/doc/params.xml @@ -1241,6 +1241,39 @@ end </example> </section> + <section id="tls.p.rand_engine"> + <title><varname>rand_engine</varname> (str)</title> + <para> + Set the ranondom number generator engine for libssl. + </para> + <para> + Note: the default random number generator (PRNG) engine of libssl v1.1.x + is not designed for multi-process applications and can result in a crash. + Therefore set the PRNG engine to one of the options listed in this + section. If libssl 1.1.x (or newer) is detected at compile time, then + the PRNG engine is set to "fastrand". + </para> + <para> + The following options are avaialble: + </para> + <itemizedlist> + <listitem><para>krand - use internal kam_rand() function</para></listitem> + <listitem><para>fastrand - use internal fastrand function</para></listitem> + </itemizedlist> + <para> + The default value is empty (not set) for libssl v1.0.x or older, and + "fastrand" for libssl v1.1.x or newer. + </para> + <example> + <title>Set <varname>rand_engine</varname> parameter</title> + <programlisting> +... +modparam("tls", "rand_engine", "fastrand") +... + </programlisting> + </example> + </section> + <section id="tls.p.engine"> <title><varname>engine</varname> (string)</title> <para>

5 years, 1 month

git:5.3:ac16e217: core: str2int() test first if result is null, otherwise init it to 0

by Daniel-Constantin Mierla

Module: kamailio Branch: 5.3 Commit: ac16e21715e57befcba386e74214fa482bdf97d7 URL: https://github.com/kamailio/kamailio/commit/ac16e21715e57befcba386e74214fa4… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2019-10-07T10:52:23+02:00 core: str2int() test first if result is null, otherwise init it to 0 (cherry picked from commit b83a165e2d0e34c9bca742708c1891eb114bae04) --- Modified: src/core/ut.h --- Diff: https://github.com/kamailio/kamailio/commit/ac16e21715e57befcba386e74214fa4… Patch: https://github.com/kamailio/kamailio/commit/ac16e21715e57befcba386e74214fa4… --- diff --git a/src/core/ut.h b/src/core/ut.h index 88df8dba65..2259aea973 100644 --- a/src/core/ut.h +++ b/src/core/ut.h @@ -635,12 +635,12 @@ static inline int str2int(str* _s, unsigned int* _r) { int i; - if (_s == NULL) return -1; if (_r == NULL) return -1; + *_r = 0; + if (_s == NULL) return -1; if (_s->len < 0) return -1; if (_s->s == NULL) return -1; - *_r = 0; for(i = 0; i < _s->len; i++) { if ((_s->s[i] >= '0') && (_s->s[i] <= '9')) { *_r *= 10;

5 years, 1 month

git:5.3:2935b65d: tls: set random number engine to fastrand for libssl1.1+

by Daniel-Constantin Mierla

Module: kamailio Branch: 5.3 Commit: 2935b65d7d909f8ac355b8f2b5404494c4ec2c6b URL: https://github.com/kamailio/kamailio/commit/2935b65d7d909f8ac355b8f2b540449… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2019-10-07T10:51:47+02:00 tls: set random number engine to fastrand for libssl1.1+ (cherry picked from commit 6d154fbb2ff1d2941316281fad120b5db219deb1) --- Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/2935b65d7d909f8ac355b8f2b540449… Patch: https://github.com/kamailio/kamailio/commit/2935b65d7d909f8ac355b8f2b540449… --- diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index 87759249b2..75d8aa8fd2 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -561,6 +561,12 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2) return -1; register_tls_hooks(&tls_h); + +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + LM_DBG("setting fastrand random engine\n"); + RAND_set_rand_method(RAND_ksr_fastrand_method()); +#endif + sr_kemi_modules_add(sr_kemi_tls_exports); return 0;

5 years, 1 month

git:5.3:43aa779e: tls: option to set use fastrand for rand_engine

by Daniel-Constantin Mierla

Module: kamailio Branch: 5.3 Commit: 43aa779ee9e43805e6a7da2c12562fdc89c5c413 URL: https://github.com/kamailio/kamailio/commit/43aa779ee9e43805e6a7da2c12562fd… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2019-10-07T10:51:25+02:00 tls: option to set use fastrand for rand_engine (cherry picked from commit 4f514a7956534f1afc1ef30d8332f5dc3547de4b) --- Modified: src/modules/tls/tls_mod.c Modified: src/modules/tls/tls_rand.c Modified: src/modules/tls/tls_rand.h --- Diff: https://github.com/kamailio/kamailio/commit/43aa779ee9e43805e6a7da2c12562fd… Patch: https://github.com/kamailio/kamailio/commit/43aa779ee9e43805e6a7da2c12562fd… --- diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index 52a45353d6..87759249b2 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -449,7 +449,10 @@ int ksr_rand_engine_param(modparam_t type, void* val) LM_DBG("random engine: %.*s\n", reng->len, reng->s); if(reng->len == 5 && strncasecmp(reng->s, "krand", 5) == 0) { LM_DBG("setting krand random engine\n"); - RAND_set_rand_method(RAND_ksr_method()); + RAND_set_rand_method(RAND_ksr_krand_method()); + } else if(reng->len == 8 && strncasecmp(reng->s, "fastrand", 8) == 0) { + LM_DBG("setting fastrand random engine\n"); + RAND_set_rand_method(RAND_ksr_fastrand_method()); } #endif return 0; diff --git a/src/modules/tls/tls_rand.c b/src/modules/tls/tls_rand.c index 0f283306dd..9101251dd7 100644 --- a/src/modules/tls/tls_rand.c +++ b/src/modules/tls/tls_rand.c @@ -27,9 +27,10 @@ #include "../../core/dprint.h" #include "../../core/rand/kam_rand.h" +#include "../../core/rand/fastrand.h" #include "fortuna/random.h" -static int ksr_rand_bytes(unsigned char *outdata, int size) +static int ksr_krand_bytes(unsigned char *outdata, int size) { int r; @@ -57,28 +58,75 @@ static int ksr_rand_bytes(unsigned char *outdata, int size) return 1; } -static int ksr_rand_pseudorand(unsigned char *outdata, int size) +static int ksr_krand_pseudorand(unsigned char *outdata, int size) { - return ksr_rand_bytes(outdata, size); + return ksr_krand_bytes(outdata, size); } -static int ksr_rand_status(void) +static int ksr_krand_status(void) { return 1; } -const RAND_METHOD _ksr_rand_method = { +const RAND_METHOD _ksr_krand_method = { NULL, - ksr_rand_bytes, + ksr_krand_bytes, NULL, NULL, - ksr_rand_pseudorand, - ksr_rand_status + ksr_krand_pseudorand, + ksr_krand_status }; -const RAND_METHOD *RAND_ksr_method(void) +const RAND_METHOD *RAND_ksr_krand_method(void) { - return &_ksr_rand_method; + return &_ksr_krand_method; +} + +static int ksr_fastrand_bytes(unsigned char *outdata, int size) +{ + int r; + + if (size < 0) { + return 0; + } else if (size == 0) { + return 1; + } + + while(size >= sizeof(int)) { + r = kam_rand(); + memcpy(outdata, &r, sizeof(int)); + size -= sizeof(int); + outdata += sizeof(int); + } + if(size>0) { + r = kam_rand(); + memcpy(outdata, &r, size); + } + return 1; +} + +static int ksr_fastrand_pseudorand(unsigned char *outdata, int size) +{ + return ksr_fastrand_bytes(outdata, size); +} + +static int ksr_fastrand_status(void) +{ + return 1; +} + +const RAND_METHOD _ksr_fastrand_method = { + NULL, + ksr_fastrand_bytes, + NULL, + NULL, + ksr_fastrand_pseudorand, + ksr_fastrand_status +}; + +const RAND_METHOD *RAND_ksr_fastrand_method(void) +{ + return &_ksr_fastrand_method; } #endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */ diff --git a/src/modules/tls/tls_rand.h b/src/modules/tls/tls_rand.h index 20b5a20e9c..d1a3f0d37f 100644 --- a/src/modules/tls/tls_rand.h +++ b/src/modules/tls/tls_rand.h @@ -25,7 +25,8 @@ #include <openssl/rand.h> -const RAND_METHOD *RAND_ksr_method(void); +const RAND_METHOD *RAND_ksr_krand_method(void); +const RAND_METHOD *RAND_ksr_fastrand_method(void); #endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */ #endif

5 years, 1 month

git:5.2:254d66b0: modules: readme files regenerated - modules ... [skip ci]

by Kamailio Dev

Module: kamailio Branch: 5.2 Commit: 254d66b0a1b88ba91dabffc3b55a0b10430a18e1 URL: https://github.com/kamailio/kamailio/commit/254d66b0a1b88ba91dabffc3b55a0b1… Author: Kamailio Dev <kamailio.dev(a)kamailio.org> Committer: Kamailio Dev <kamailio.dev(a)kamailio.org> Date: 2019-10-07T11:01:53+02:00 modules: readme files regenerated - modules ... [skip ci] --- Modified: src/modules/db_cassandra/README --- Diff: https://github.com/kamailio/kamailio/commit/254d66b0a1b88ba91dabffc3b55a0b1… Patch: https://github.com/kamailio/kamailio/commit/254d66b0a1b88ba91dabffc3b55a0b1… --- diff --git a/src/modules/db_cassandra/README b/src/modules/db_cassandra/README index 99cb2bac5b..443f91f1fc 100644 --- a/src/modules/db_cassandra/README +++ b/src/modules/db_cassandra/README @@ -61,6 +61,13 @@ Chapter 1. Admin Guide 1. Overview + Note: the module requires old version of external library, not + compiling with those available out of the stock in the Linux + distributions. It is going to be kept for a while in case someone wants + to pick it up and upgrade. Also, the module was never extensively + tested, therefore take the appropriate actions in case you plan to use + it. + Db_cassandra is one of the Kamailio database modules. It does not export any functions executable from the configuration scripts, but it exports a subset of functions using the database API, and thus, other

5 years, 1 month

[kamailio/kamailio] Kamailio 5.2.3 on Buster - Segmentation fault in libcrypto.so.1.1 (#2077)

by Marco Capetta

### Description After the upgrade of our system to Debian Buster, kamailio started crashing due to TLS module. The issue look similar to the one described in https://github.com/kamailio/kamailio/issues/1860 In Debian Stretch everything was working fine because we compiled kamailio using openssl-1.0 as suggested in the linked issue. Unfortunately Debian Buster doesn't support that old version of the package so we compiled it with openssl-1.1 and we put in place the workaround suggested here https://github.com/kamailio/kamailio/commit/efdc141ecb5ff72e3224e47deaaa79f… but this didn't solved the issue. #### Debugging Data At the moment I don have full access to the system so I can provide only the following backtrace: (gdb) bt full #0 aesni_ecb_encrypt () at crypto/aes/aesni-x86_64.s:624 No locals. 0000001 0x00007fe7b2159917 in aesni_ecb_cipher (len=16, in=0x7fe7ae3052d0 "\271a\321\064vGKiB\337\344\070\353\220\005\245\020O", <incomplete sequence \323>, out=0x7fe7ae58d068 "", ctx=0x7fe7ae3053b8) at ../crypto/evp/e_aes.c:319 bl = <optimized out> bl = <optimized out> #2 aesni_ecb_cipher (ctx=0x7fe7ae3053b8, out=0x7fe7ae58d068 "", in=0x7fe7ae3052d0 "\271a\321\064vGKiB\337\344\070\353\220\005\245\020O", <incomplete sequence \323>, len=16) at ../crypto/evp/e_aes.c:311 bl = <optimized out> 0000003 0x00007fe7b2165533 in evp_EncryptDecryptUpdate (ctx=0x7fe7ae3053b8, out=0x7fe7ae58d068 "", outl=0x7fff207dc534, in=0x7fe7ae3052d0 "\271a\321\064vGKiB\337\344\070\353\220\005\245\020O", <incomplete sequence \323>, inl=16) at ../crypto/evp/evp_enc.c:333 i = <optimized out> j = <optimized out> bl = 16 cmpl = <optimized out> #4 0x00007fe7b219830f in drbg_ctr_generate (drbg=0x7fe7ae3051e8, out=0x7fe7ae58d068 "", outlen=32, adin=0x0, adinlen=0) at ../crypto/rand/drbg_ctr.c:340 outl = 16 ctr = 0x7fe7ae305290 #5 0x00007fe7b21991fb in RAND_DRBG_generate (drbg=drbg@entry=0x7fe7ae3051e8, out=out@entry=0x7fe7ae58d068 "", outlen=outlen@entry=32, prediction_resistance=prediction_resistance@entry=0, adin=0x0, adinlen=adinlen@entry=0) at ../crypto/rand/drbg_lib.c:638 reseed_required = <optimized out> #6 0x00007fe7b2199481 in RAND_DRBG_bytes (drbg=0x7fe7ae3051e8, out=0x7fe7ae58d068 "", outlen=32) at ../crypto/rand/drbg_lib.c:679 additional = 0x0 additional_len = 0 chunk = 32 ret = <optimized out> 0000007 0x00007fe7b22f96fd in ssl_fill_hello_random (s=s@entry=0x7fe7ae588de0, server=server@entry=0, result=0x7fe7ae58d068 "", len=len@entry=32, dgrd=dgrd@entry=DOWNGRADE_NONE) at ../ssl/s3_lib.c:4589 send_time = <optimized out> ret = <optimized out> #8 0x00007fe7b231b06e in tls_construct_client_hello (s=0x7fe7ae588de0, pkt=0x7fff207dc700) at ../ssl/statem/statem_clnt.c:1153 p = <optimized out> sess_id_len = <optimized out> i = <optimized out> protverr = 0 comp = <optimized out> sess = 0x0 session_id = <optimized out> 0000009 0x00007fe7b231a33f in write_state_machine (s=0x7fe7ae588de0) at ../ssl/statem/statem.c:843 post_work = 0x7fe7b231f5a0 <ossl_statem_client_post_work> mt = 1 pkt = {buf = 0x7fe7ae59fc90, staticbuf = 0x0, curr = 4, written = 4, maxsize = 18446744073709551615, subs = 0x7fe7ae58be30} ret = <optimized out> pre_work = 0x7fe7b231d180 <ossl_statem_client_pre_work> --Type <RET> for more, q to quit, c to continue without paging-- get_construct_message_f = 0x7fe7b231d250 <ossl_statem_client_construct_message> confunc = 0x7fe7b231ad20 <tls_construct_client_hello> st = 0x7fe7ae588e28 transition = 0x7fe7b231cde0 <ossl_statem_client_write_transition> cb = 0x7fe7b2375fb0 st = <optimized out> ret = <optimized out> transition = <optimized out> pre_work = <optimized out> post_work = <optimized out> get_construct_message_f = <optimized out> cb = <optimized out> confunc = <optimized out> mt = <optimized out> pkt = <optimized out> #10 state_machine (s=0x7fe7ae588de0, server=0) at ../ssl/statem/statem.c:443 buf = 0x0 cb = 0x7fe7b2375fb0 st = <optimized out> ret = <optimized out> ssret = <optimized out> 0000011 0x00007fe7b2306264 in SSL_do_handshake (s=0x7fe7ae588de0) at ../ssl/ssl_lib.c:3599 ret = 1 #12 0x00007fe7b23a40b4 in tls_connect () from /usr/lib/x86_64-linux-gnu/kamailio/modules/tls.so No symbol table info available. 0000013 0x00007fe7b23a568d in tls_encode_f () from /usr/lib/x86_64-linux-gnu/kamailio/modules/tls.so No symbol table info available. #14 0x000055f60cceaf7e in tcp_send () No symbol table info available. 0000015 0x00007fe7b4e65920 in send_pr_buffer () from /usr/lib/x86_64-linux-gnu/kamailio/modules/tm.so No symbol table info available. #16 0x00007fe7b4e826e8 in t_send_branch () from /usr/lib/x86_64-linux-gnu/kamailio/modules/tm.so No symbol table info available. 0000017 0x00007fe7b4e85adf in t_forward_nonack () from /usr/lib/x86_64-linux-gnu/kamailio/modules/tm.so No symbol table info available. #18 0x00007fe7b4e69452 in t_relay_to () from /usr/lib/x86_64-linux-gnu/kamailio/modules/tm.so No symbol table info available. #19 0x00007fe7b4e340ea in ?? () from /usr/lib/x86_64-linux-gnu/kamailio/modules/tm.so No symbol table info available. #20 0x000055f60cc50f29 in do_action () No symbol table info available. 0000021 0x000055f60cc4fa1a in run_actions () No symbol table info available. #22 0x000055f60cc517e2 in do_action () --Type <RET> for more, q to quit, c to continue without paging-- No symbol table info available. 0000023 0x000055f60cc4fa1a in run_actions () No symbol table info available. #24 0x000055f60cc5154f in do_action () No symbol table info available. 0000025 0x000055f60cc4fa1a in run_actions () No symbol table info available. #26 0x000055f60cc5d46f in run_top_route () No symbol table info available. 0000027 0x000055f60cd594cf in receive_msg () No symbol table info available. #28 0x000055f60cc7ab45 in udp_rcv_loop () No symbol table info available. 0000029 0x000055f60cc0febb in main_loop () No symbol table info available. #30 0x000055f60cc07415 in main () No symbol table info available. (gdb) ### Additional Information Kamailio version 5.2.3 Debian Buster 10.1 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2077

5 years, 1 month

git:master:d0743460: tls: add cryptorand engine also to tls_mod and documentation, enable as default

by Henning Westerholt

Module: kamailio Branch: master Commit: d0743460f68c0dfcb807319dc9e2247eb51ee1ba URL: https://github.com/kamailio/kamailio/commit/d0743460f68c0dfcb807319dc9e2247… Author: Henning Westerholt <hw(a)skalatan.de> Committer: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-07T10:49:16+02:00 tls: add cryptorand engine also to tls_mod and documentation, enable as default --- Modified: src/modules/tls/doc/params.xml Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/d0743460f68c0dfcb807319dc9e2247… Patch: https://github.com/kamailio/kamailio/commit/d0743460f68c0dfcb807319dc9e2247… --- diff --git a/src/modules/tls/doc/params.xml b/src/modules/tls/doc/params.xml index 6028642b5f..72d3278ed7 100644 --- a/src/modules/tls/doc/params.xml +++ b/src/modules/tls/doc/params.xml @@ -1251,7 +1251,7 @@ end is not designed for multi-process applications and can result in a crash. Therefore set the PRNG engine to one of the options listed in this section. If libssl 1.1.x (or newer) is detected at compile time, then - the PRNG engine is set to "fastrand". + the PRNG engine is set to "cryptorand". </para> <para> The following options are avaialble: @@ -1259,10 +1259,13 @@ end <itemizedlist> <listitem><para>krand - use internal kam_rand() function</para></listitem> <listitem><para>fastrand - use internal fastrand function</para></listitem> + <listitem><para>cryptorand - use internal cryptorand function</para></listitem> </itemizedlist> <para> The default value is empty (not set) for libssl v1.0.x or older, and - "fastrand" for libssl v1.1.x or newer. + "cryptorand" for libssl v1.1.x or newer. The krand and fastrand engines are + not recommended for production use, as they will not generate secure enough + random numbers. </para> <example> <title>Set <varname>rand_engine</varname> parameter</title> diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index 75d8aa8fd2..5784ce4842 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -453,6 +453,9 @@ int ksr_rand_engine_param(modparam_t type, void* val) } else if(reng->len == 8 && strncasecmp(reng->s, "fastrand", 8) == 0) { LM_DBG("setting fastrand random engine\n"); RAND_set_rand_method(RAND_ksr_fastrand_method()); + } else if (reng->len == 10 && strncasecmp(reng->s, "cryptorand", 10) == 0) { + LM_DBG("setting cryptorand random engine\n"); + RAND_set_rand_method(RAND_ksr_cryptorand_method()); } #endif return 0; @@ -564,7 +567,7 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2) #if OPENSSL_VERSION_NUMBER >= 0x10100000L LM_DBG("setting fastrand random engine\n"); - RAND_set_rand_method(RAND_ksr_fastrand_method()); + RAND_set_rand_method(RAND_ksr_cryptorand_method()); #endif sr_kemi_modules_add(sr_kemi_tls_exports);

5 years, 1 month

← Newer
1
...
34
35
36
37
38
39
40
...
44
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev October 2019