sr-dev October 2019

sr-dev@lists.kamailio.org

22 participants
437 discussions

git:master:f877069e: tls: use fastrand() for the corresponding rand_engine
by Daniel-Constantin Mierla 04 Oct '19

04 Oct '19

Module: kamailio Branch: master Commit: f877069e141749796ec02a78ce16342f9e120ef7 URL: https://github.com/kamailio/kamailio/commit/f877069e141749796ec02a78ce16342… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2019-10-04T11:15:04+02:00 tls: use fastrand() for the corresponding rand_engine --- Modified: src/modules/tls/tls_rand.c --- Diff: https://github.com/kamailio/kamailio/commit/f877069e141749796ec02a78ce16342… Patch: https://github.com/kamailio/kamailio/commit/f877069e141749796ec02a78ce16342… --- diff --git a/src/modules/tls/tls_rand.c b/src/modules/tls/tls_rand.c index 3f78cb93e9..d5c29b845f 100644 --- a/src/modules/tls/tls_rand.c +++ b/src/modules/tls/tls_rand.c @@ -87,13 +87,13 @@ static int ksr_fastrand_bytes(unsigned char *outdata, int size) } while(size >= sizeof(int)) { - r = kam_rand(); + r = fastrand(); memcpy(outdata, &r, sizeof(int)); size -= sizeof(int); outdata += sizeof(int); } if(size>0) { - r = kam_rand(); + r = fastrand(); memcpy(outdata, &r, size); } return 1;

1 0

git:master:b83a165e: core: str2int() test first if result is null, otherwise init it to 0
by Daniel-Constantin Mierla 04 Oct '19

04 Oct '19

Module: kamailio Branch: master Commit: b83a165e2d0e34c9bca742708c1891eb114bae04 URL: https://github.com/kamailio/kamailio/commit/b83a165e2d0e34c9bca742708c1891e… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2019-10-04T08:54:35+02:00 core: str2int() test first if result is null, otherwise init it to 0 --- Modified: src/core/ut.h --- Diff: https://github.com/kamailio/kamailio/commit/b83a165e2d0e34c9bca742708c1891e… Patch: https://github.com/kamailio/kamailio/commit/b83a165e2d0e34c9bca742708c1891e… --- diff --git a/src/core/ut.h b/src/core/ut.h index 88df8dba65..2259aea973 100644 --- a/src/core/ut.h +++ b/src/core/ut.h @@ -635,12 +635,12 @@ static inline int str2int(str* _s, unsigned int* _r) { int i; - if (_s == NULL) return -1; if (_r == NULL) return -1; + *_r = 0; + if (_s == NULL) return -1; if (_s->len < 0) return -1; if (_s->s == NULL) return -1; - *_r = 0; for(i = 0; i < _s->len; i++) { if ((_s->s[i] >= '0') && (_s->s[i] <= '9')) { *_r *= 10;

1 0

addition of a cryptographic secure RNG to git master
by Henning Westerholt 03 Oct '19

03 Oct '19

Hello, I've added a cryptographic secure pseudo random number generator to git master. It is located in src/core/random/fortuna. There are easy wrapper function available in src/core/random/cryptorand.h - this is the one that is easiest to use. Please use this if you need cryptographic secure random numbers in your module. The wrapper provides a similar API as fastrand or kam_rand: /* seed the generator, will also use system randomness */ void cryptorand_seed(const unsigned int seed) /* generate a 32 bit random number */ unsigned int cryptorand(void) Motivation for this addition was the issue [1] related to the TLS module and openssl-1.1. The implementation was based on libfortuna [2]. It was refactored to the Kamailio core and all not necessary parts were removed. It is seeded from the core at startup and also includes automatic time-based reseeding from kernel random sources. As part of this implementation I also consolidated the existing crypto related code into a new directory: src/core/crypto. This way I could also get rid of the srutils library dependency for several modules. This changes will not backported in this way to 5.3.0. There will be probably for 5.3. a dedicated copy of the necessary code to the TLS module. If you notice any issues, please let me know. Cheers, Henning [1] https://github.com/kamailio/kamailio/issues/2077 [2] https://github.com/henningw/libfortuna -- Kamailio Merchandising - https://skalatan.de/merchandising/ Kamailio services - https://skalatan.de/services Henning Westerholt - https://skalatan.de/blog/

1 0

git: new commits in branch master
by Henning Westerholt 03 Oct '19

03 Oct '19

- URL: https://github.com/kamailio/kamailio/commit/6c892196583adf7d4615cdfc9ba9311… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T13:45:33+02:00 core: move existing MD5 hash implementation into new core subfolder crypto - URL: https://github.com/kamailio/kamailio/commit/8d1403d59b09868028e2528b84a5bed… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T13:45:33+02:00 lib: adapt md5 #include path to new core location - URL: https://github.com/kamailio/kamailio/commit/c5c2943f2139b3eecded7577292ade0… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T13:45:33+02:00 tm: adapt md5 #include path to new core location - URL: https://github.com/kamailio/kamailio/commit/420b6baf2a63d3e65ebfa8d83fc0737… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T13:45:33+02:00 auth: adapt md5 #include path to new core location - URL: https://github.com/kamailio/kamailio/commit/8ea763eb3bc28008003195c0e22e1c6… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T13:45:33+02:00 cfgutils: adapt md5 #include path to new core location - URL: https://github.com/kamailio/kamailio/commit/8aa7a19f671cf537cb0617ec1a3f1ec… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T13:45:33+02:00 exec: adapt md5 #include path to new core location - URL: https://github.com/kamailio/kamailio/commit/9ebe6364c60d0ef6ec61c70fbc22d07… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T13:45:33+02:00 memcached: adapt md5 #include path to new core location - URL: https://github.com/kamailio/kamailio/commit/abb0f95e9a8457b2d578b82bb9d2b67… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T13:45:33+02:00 ims_auth: adapt md5 #include path to new core location - URL: https://github.com/kamailio/kamailio/commit/5b7b5f1c9786c7f94f6f051fb47f0f2… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T13:45:33+02:00 siputils: adapt md5 #include path to new core location - URL: https://github.com/kamailio/kamailio/commit/5bac8fbe6eb2634a714745ae0085091… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T13:45:33+02:00 sl: adapt md5 #include path to new core location - URL: https://github.com/kamailio/kamailio/commit/99d1a664bda9fcf4758be559dcc52a2… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T13:45:33+02:00 topoh: adapt md5 #include path to new core location - URL: https://github.com/kamailio/kamailio/commit/018d8bfe5220db796cb0289b938a677… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T13:45:33+02:00 uac: adapt md5 #include path to new core location - URL: https://github.com/kamailio/kamailio/commit/aa9bffab566bee2f393e7101329cd7e… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T13:45:33+02:00 lib: move existing SHA cryptographic hash function to new core crypto sub dir - URL: https://github.com/kamailio/kamailio/commit/6dead6e8f35882eabb6aa2c505df32e… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T13:45:33+02:00 auth: adapt SHA hash function to new location, remove srutils library dependency - URL: https://github.com/kamailio/kamailio/commit/56f4a0912e689a16056b55ac8785d35… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T13:45:33+02:00 pv: adapt SHA hash function to new location, remove srutils library dependency - URL: https://github.com/kamailio/kamailio/commit/204124a1e6bdf8f97c342f8a659017a… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T13:45:33+02:00 auth_xkeys: adapt SHA hash function to new location, remove srutils library dependency - URL: https://github.com/kamailio/kamailio/commit/b2ec4db5084234d1573ed16ac7bc29e… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T13:45:33+02:00 core: add AES implementation to core, necessary for fortuna cryptographic RNG - URL: https://github.com/kamailio/kamailio/commit/f6c2d70ec107f830589eb35130a2e4d… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T13:45:34+02:00 core: add fortuna cryptographic random number generator to core - URL: https://github.com/kamailio/kamailio/commit/4012eb43c7dd719aff32aef0b3161ab… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T13:45:34+02:00 core: comment main() test routine in AES implementation out - URL: https://github.com/kamailio/kamailio/commit/7625993165aa829ea454b34c7498b5b… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T14:45:55+02:00 core: synchronize rijndael.c with postgresql upstream (static functions, spelling fixes) - URL: https://github.com/kamailio/kamailio/commit/6f66bd2fdf75dcad961ec225175c670… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T14:53:10+02:00 core: use static for internal fortuna CPRNG functions, add sr_ prefix to public functions - URL: https://github.com/kamailio/kamailio/commit/752f3b4237ae6469ec0ed3efb5d53a7… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T17:28:56+02:00 core: cleanup code for fortuna and random implementation - fix indention for a few functions - use types from sys/types.h consistently - get rid of redundant wrapper function, we implement a wrapper in core anyway - URL: https://github.com/kamailio/kamailio/commit/2402b8abd7f5f5e106d7d23e99052a2… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T17:48:32+02:00 core: add debug logging for automatic reseeding and manual entropy adding - URL: https://github.com/kamailio/kamailio/commit/e68f0926d6118497cd8d5cae54fc003… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T17:49:05+02:00 core: also initialize cryptographic PRNG, use it to seed all others RNGs - URL: https://github.com/kamailio/kamailio/commit/de0c7743e0cd6f9daf90a0dc9d0629d… Author: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-03T17:52:37+02:00 core: add small wrappers around cryptographic PRNG with an interface like fastrand

1 0

git:5.3:eb792682: pkg/kamailio/deb: version set 5.3.0~rc0
by Victor Seva 03 Oct '19

03 Oct '19

Module: kamailio Branch: 5.3 Commit: eb792682973f34b1946a36126a01f6547ae43a5b URL: https://github.com/kamailio/kamailio/commit/eb792682973f34b1946a36126a01f65… Author: Victor Seva <linuxmaniac(a)torreviejawireless.org> Committer: Victor Seva <linuxmaniac(a)torreviejawireless.org> Date: 2019-10-03T12:02:12+02:00 pkg/kamailio/deb: version set 5.3.0~rc0 --- Modified: pkg/kamailio/deb/bionic/changelog Modified: pkg/kamailio/deb/buster/changelog Modified: pkg/kamailio/deb/debian/changelog Modified: pkg/kamailio/deb/jessie/changelog Modified: pkg/kamailio/deb/precise/changelog Modified: pkg/kamailio/deb/sid/changelog Modified: pkg/kamailio/deb/stretch/changelog Modified: pkg/kamailio/deb/trusty/changelog Modified: pkg/kamailio/deb/wheezy/changelog Modified: pkg/kamailio/deb/xenial/changelog --- Diff: https://github.com/kamailio/kamailio/commit/eb792682973f34b1946a36126a01f65… Patch: https://github.com/kamailio/kamailio/commit/eb792682973f34b1946a36126a01f65…

1 0

git:master:075c74f1: pkg/kamailio/deb: version set 5.4.0~dev0
by Victor Seva 03 Oct '19

03 Oct '19

Module: kamailio Branch: master Commit: 075c74f1dfc7b3402e8c0b9c3ad0e7930b2dcba6 URL: https://github.com/kamailio/kamailio/commit/075c74f1dfc7b3402e8c0b9c3ad0e79… Author: Victor Seva <linuxmaniac(a)torreviejawireless.org> Committer: Victor Seva <linuxmaniac(a)torreviejawireless.org> Date: 2019-10-03T11:59:52+02:00 pkg/kamailio/deb: version set 5.4.0~dev0 --- Modified: pkg/kamailio/deb/bionic/changelog Modified: pkg/kamailio/deb/buster/changelog Modified: pkg/kamailio/deb/debian/changelog Modified: pkg/kamailio/deb/jessie/changelog Modified: pkg/kamailio/deb/precise/changelog Modified: pkg/kamailio/deb/sid/changelog Modified: pkg/kamailio/deb/stretch/changelog Modified: pkg/kamailio/deb/trusty/changelog Modified: pkg/kamailio/deb/wheezy/changelog Modified: pkg/kamailio/deb/xenial/changelog --- Diff: https://github.com/kamailio/kamailio/commit/075c74f1dfc7b3402e8c0b9c3ad0e79… Patch: https://github.com/kamailio/kamailio/commit/075c74f1dfc7b3402e8c0b9c3ad0e79…

1 0

git:master:e376fe8a: modules: readme files regenerated - tls ... [skip ci]
by Kamailio Dev 03 Oct '19

03 Oct '19

Module: kamailio Branch: master Commit: e376fe8aacd37c9f2f889e16d98fb3da6960f95d URL: https://github.com/kamailio/kamailio/commit/e376fe8aacd37c9f2f889e16d98fb3d… Author: Kamailio Dev <kamailio.dev(a)kamailio.org> Committer: Kamailio Dev <kamailio.dev(a)kamailio.org> Date: 2019-10-03T11:47:53+02:00 modules: readme files regenerated - tls ... [skip ci] --- Modified: src/modules/tls/README --- Diff: https://github.com/kamailio/kamailio/commit/e376fe8aacd37c9f2f889e16d98fb3d… Patch: https://github.com/kamailio/kamailio/commit/e376fe8aacd37c9f2f889e16d98fb3d…

1 0

git:master:787b95a5: tls: docs for rand_engine parameter
by Daniel-Constantin Mierla 03 Oct '19

03 Oct '19

Module: kamailio Branch: master Commit: 787b95a5a0573d4e81b2475a84bad59076e34faf URL: https://github.com/kamailio/kamailio/commit/787b95a5a0573d4e81b2475a84bad59… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2019-10-03T11:36:28+02:00 tls: docs for rand_engine parameter --- Modified: src/modules/tls/doc/params.xml --- Diff: https://github.com/kamailio/kamailio/commit/787b95a5a0573d4e81b2475a84bad59… Patch: https://github.com/kamailio/kamailio/commit/787b95a5a0573d4e81b2475a84bad59… --- diff --git a/src/modules/tls/doc/params.xml b/src/modules/tls/doc/params.xml index 6ef2d4123f..6028642b5f 100644 --- a/src/modules/tls/doc/params.xml +++ b/src/modules/tls/doc/params.xml @@ -1241,6 +1241,39 @@ end </example> </section> + <section id="tls.p.rand_engine"> + <title><varname>rand_engine</varname> (str)</title> + <para> + Set the ranondom number generator engine for libssl. + </para> + <para> + Note: the default random number generator (PRNG) engine of libssl v1.1.x + is not designed for multi-process applications and can result in a crash. + Therefore set the PRNG engine to one of the options listed in this + section. If libssl 1.1.x (or newer) is detected at compile time, then + the PRNG engine is set to "fastrand". + </para> + <para> + The following options are avaialble: + </para> + <itemizedlist> + <listitem><para>krand - use internal kam_rand() function</para></listitem> + <listitem><para>fastrand - use internal fastrand function</para></listitem> + </itemizedlist> + <para> + The default value is empty (not set) for libssl v1.0.x or older, and + "fastrand" for libssl v1.1.x or newer. + </para> + <example> + <title>Set <varname>rand_engine</varname> parameter</title> + <programlisting> +... +modparam("tls", "rand_engine", "fastrand") +... + </programlisting> + </example> + </section> + <section id="tls.p.engine"> <title><varname>engine</varname> (string)</title> <para>

1 0

git:master:6d154fbb: tls: set random number engine to fastrand for libssl1.1+
by Daniel-Constantin Mierla 03 Oct '19

03 Oct '19

Module: kamailio Branch: master Commit: 6d154fbb2ff1d2941316281fad120b5db219deb1 URL: https://github.com/kamailio/kamailio/commit/6d154fbb2ff1d2941316281fad120b5… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2019-10-03T11:36:28+02:00 tls: set random number engine to fastrand for libssl1.1+ --- Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/6d154fbb2ff1d2941316281fad120b5… Patch: https://github.com/kamailio/kamailio/commit/6d154fbb2ff1d2941316281fad120b5… --- diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index 87759249b2..75d8aa8fd2 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -561,6 +561,12 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2) return -1; register_tls_hooks(&tls_h); + +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + LM_DBG("setting fastrand random engine\n"); + RAND_set_rand_method(RAND_ksr_fastrand_method()); +#endif + sr_kemi_modules_add(sr_kemi_tls_exports); return 0;

1 0

git:master:4f514a79: tls: option to set use fastrand for rand_engine
by Daniel-Constantin Mierla 03 Oct '19

03 Oct '19

Module: kamailio Branch: master Commit: 4f514a7956534f1afc1ef30d8332f5dc3547de4b URL: https://github.com/kamailio/kamailio/commit/4f514a7956534f1afc1ef30d8332f5d… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2019-10-03T11:36:28+02:00 tls: option to set use fastrand for rand_engine --- Modified: src/modules/tls/tls_mod.c Modified: src/modules/tls/tls_rand.c Modified: src/modules/tls/tls_rand.h --- Diff: https://github.com/kamailio/kamailio/commit/4f514a7956534f1afc1ef30d8332f5d… Patch: https://github.com/kamailio/kamailio/commit/4f514a7956534f1afc1ef30d8332f5d… --- diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index 52a45353d6..87759249b2 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -449,7 +449,10 @@ int ksr_rand_engine_param(modparam_t type, void* val) LM_DBG("random engine: %.*s\n", reng->len, reng->s); if(reng->len == 5 && strncasecmp(reng->s, "krand", 5) == 0) { LM_DBG("setting krand random engine\n"); - RAND_set_rand_method(RAND_ksr_method()); + RAND_set_rand_method(RAND_ksr_krand_method()); + } else if(reng->len == 8 && strncasecmp(reng->s, "fastrand", 8) == 0) { + LM_DBG("setting fastrand random engine\n"); + RAND_set_rand_method(RAND_ksr_fastrand_method()); } #endif return 0; diff --git a/src/modules/tls/tls_rand.c b/src/modules/tls/tls_rand.c index 7be0d335f7..3f78cb93e9 100644 --- a/src/modules/tls/tls_rand.c +++ b/src/modules/tls/tls_rand.c @@ -27,8 +27,9 @@ #include "../../core/dprint.h" #include "../../core/rand/kam_rand.h" +#include "../../core/rand/fastrand.h" -static int ksr_rand_bytes(unsigned char *outdata, int size) +static int ksr_krand_bytes(unsigned char *outdata, int size) { int r; @@ -51,28 +52,75 @@ static int ksr_rand_bytes(unsigned char *outdata, int size) return 1; } -static int ksr_rand_pseudorand(unsigned char *outdata, int size) +static int ksr_krand_pseudorand(unsigned char *outdata, int size) { - return ksr_rand_bytes(outdata, size); + return ksr_krand_bytes(outdata, size); } -static int ksr_rand_status(void) +static int ksr_krand_status(void) { return 1; } -const RAND_METHOD _ksr_rand_method = { +const RAND_METHOD _ksr_krand_method = { NULL, - ksr_rand_bytes, + ksr_krand_bytes, NULL, NULL, - ksr_rand_pseudorand, - ksr_rand_status + ksr_krand_pseudorand, + ksr_krand_status }; -const RAND_METHOD *RAND_ksr_method(void) +const RAND_METHOD *RAND_ksr_krand_method(void) { - return &_ksr_rand_method; + return &_ksr_krand_method; +} + +static int ksr_fastrand_bytes(unsigned char *outdata, int size) +{ + int r; + + if (size < 0) { + return 0; + } else if (size == 0) { + return 1; + } + + while(size >= sizeof(int)) { + r = kam_rand(); + memcpy(outdata, &r, sizeof(int)); + size -= sizeof(int); + outdata += sizeof(int); + } + if(size>0) { + r = kam_rand(); + memcpy(outdata, &r, size); + } + return 1; +} + +static int ksr_fastrand_pseudorand(unsigned char *outdata, int size) +{ + return ksr_fastrand_bytes(outdata, size); +} + +static int ksr_fastrand_status(void) +{ + return 1; +} + +const RAND_METHOD _ksr_fastrand_method = { + NULL, + ksr_fastrand_bytes, + NULL, + NULL, + ksr_fastrand_pseudorand, + ksr_fastrand_status +}; + +const RAND_METHOD *RAND_ksr_fastrand_method(void) +{ + return &_ksr_fastrand_method; } #endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */ diff --git a/src/modules/tls/tls_rand.h b/src/modules/tls/tls_rand.h index 20b5a20e9c..d1a3f0d37f 100644 --- a/src/modules/tls/tls_rand.h +++ b/src/modules/tls/tls_rand.h @@ -25,7 +25,8 @@ #include <openssl/rand.h> -const RAND_METHOD *RAND_ksr_method(void); +const RAND_METHOD *RAND_ksr_krand_method(void); +const RAND_METHOD *RAND_ksr_fastrand_method(void); #endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */ #endif

1 0

← Newer
1
...
37
38
39
40
41
42
43
44
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev October 2019