Hi Max,
On Fri, Oct 06, 2017 at 06:57:03PM +0200, Max wrote:
However, from application PoV it should not matter
anyway: if call to some function
might fail than we should handle it. There are basically 2 things we can do after
logging the error:
- terminate the application
- fallback to insecure random numbers
So far we used the latter. If understood the summary of ongoing discussion right,
than we should opt for former. Shall I make it configurable via application
vty/config (OsmoBSC/OsmoMSC/OsmoSGSN)?
I think it should be a compile time decision for now, and the default
should be "no fallback". So basically the entire fallback code is
#ifdef'd out unless somebody builds libosmocore with a possibly
dangerous compile option and has a good reason to do so.
If the user does that, there should be a related warning at the end of
the ./configure step, and we should also print runtime WARNING level
messages once we actually start to fallback to insecure rand().
--
- Harald Welte <laforge(a)gnumonks.org>
http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)