Hello,
I've added a cryptographic secure pseudo random number generator to git
master.
It is located in src/core/random/fortuna. There are easy wrapper
function available in src/core/random/cryptorand.h - this is the one
that is easiest to use. Please use this if you need cryptographic secure
random numbers in your module. The wrapper provides a similar API as
fastrand or kam_rand:
/* seed the generator, will also use system randomness */
void cryptorand_seed(const unsigned int seed)
/* generate a 32 bit random number */
unsigned int cryptorand(void)
Motivation for this addition was the issue [1] related to the TLS module
and openssl-1.1.
The implementation was based on libfortuna [2]. It was refactored to the
Kamailio core and all not necessary parts were removed. It is seeded
from the core at startup and also includes automatic time-based
reseeding from kernel random sources.
As part of this implementation I also consolidated the existing crypto
related code into a new directory: src/core/crypto. This way I could
also get rid of the srutils library dependency for several modules.
This changes will not backported in this way to 5.3.0. There will be
probably for 5.3. a dedicated copy of the necessary code to the TLS module.
If you notice any issues, please let me know.
Cheers,
Henning
[1] https://github.com/kamailio/kamailio/issues/2077
[2] https://github.com/henningw/libfortuna
--
Kamailio Merchandising - https://skalatan.de/merchandising/
Kamailio services - https://skalatan.de/services
Henning Westerholt - https://skalatan.de/blog/
Module: kamailio
Branch: master
Commit: 787b95a5a0573d4e81b2475a84bad59076e34faf
URL: https://github.com/kamailio/kamailio/commit/787b95a5a0573d4e81b2475a84bad59…
Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
Committer: Daniel-Constantin Mierla <miconda(a)gmail.com>
Date: 2019-10-03T11:36:28+02:00
tls: docs for rand_engine parameter
---
Modified: src/modules/tls/doc/params.xml
---
Diff: https://github.com/kamailio/kamailio/commit/787b95a5a0573d4e81b2475a84bad59…
Patch: https://github.com/kamailio/kamailio/commit/787b95a5a0573d4e81b2475a84bad59…
---
diff --git a/src/modules/tls/doc/params.xml b/src/modules/tls/doc/params.xml
index 6ef2d4123f..6028642b5f 100644
--- a/src/modules/tls/doc/params.xml
+++ b/src/modules/tls/doc/params.xml
@@ -1241,6 +1241,39 @@ end
</example>
</section>
+ <section id="tls.p.rand_engine">
+ <title><varname>rand_engine</varname> (str)</title>
+ <para>
+ Set the ranondom number generator engine for libssl.
+ </para>
+ <para>
+ Note: the default random number generator (PRNG) engine of libssl v1.1.x
+ is not designed for multi-process applications and can result in a crash.
+ Therefore set the PRNG engine to one of the options listed in this
+ section. If libssl 1.1.x (or newer) is detected at compile time, then
+ the PRNG engine is set to "fastrand".
+ </para>
+ <para>
+ The following options are avaialble:
+ </para>
+ <itemizedlist>
+ <listitem><para>krand - use internal kam_rand() function</para></listitem>
+ <listitem><para>fastrand - use internal fastrand function</para></listitem>
+ </itemizedlist>
+ <para>
+ The default value is empty (not set) for libssl v1.0.x or older, and
+ "fastrand" for libssl v1.1.x or newer.
+ </para>
+ <example>
+ <title>Set <varname>rand_engine</varname> parameter</title>
+ <programlisting>
+...
+modparam("tls", "rand_engine", "fastrand")
+...
+ </programlisting>
+ </example>
+ </section>
+
<section id="tls.p.engine">
<title><varname>engine</varname> (string)</title>
<para>