Hi Max,
On Fri, Oct 06, 2017 at 06:57:03PM +0200, Max wrote:
However, from application PoV it should not matter anyway: if call to some function might fail than we should handle it. There are basically 2 things we can do after logging the error:
terminate the application
fallback to insecure random numbers
So far we used the latter. If understood the summary of ongoing discussion right, than we should opt for former. Shall I make it configurable via application vty/config (OsmoBSC/OsmoMSC/OsmoSGSN)?
I think it should be a compile time decision for now, and the default should be "no fallback". So basically the entire fallback code is #ifdef'd out unless somebody builds libosmocore with a possibly dangerous compile option and has a good reason to do so.
If the user does that, there should be a related warning at the end of the ./configure step, and we should also print runtime WARNING level messages once we actually start to fallback to insecure rand().