[openbsc 3/4] libmsc: Use RAND_bytes to choose auth tuple

From: Daniel Willmann &lt;dwillmann(a)sysmocom.de&gt; --- openbsc/src/libmsc/auth.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/openbsc/src/libmsc/auth.c b/openbsc/src/libmsc/auth.c index 10d8edf..93ee71f 100644 --- a/openbsc/src/libmsc/auth.c +++ b/openbsc/src/libmsc/auth.c @@ -27,6 +27,8 @@ #include <osmocom/gsm/comp128.h> +#include <openssl/rand.h> + #include <stdlib.h> @@ -100,8 +102,11 @@ int auth_get_tuple_for_subscr(struct gsm_auth_tuple *atuple, /* Generate a new one */ atuple->use_count = 1; atuple->key_seq = (atuple->key_seq + 1) % 7; - for (i=0; i<sizeof(atuple->rand); i++) - atuple->rand[i] = random() & 0xff; + + if (RAND_bytes(atuple->rand, sizeof(atuple->rand)) != 1) { + LOGP(DMM, LOGL_NOTICE, "RAND_bytes failed, can't generate new auth tuple\n"); + return -1; + } switch (ainfo.auth_algo) { case AUTH_ALGO_NONE: -- 2.1.4