structeq looks like a great candidate to have type-aware memmp() of two structures: https://github.com/rustyrussell/ccan/tree/master/ccan/structeq
type-safe callbacks rather than 'void *' pointers: https://github.com/rustyrussell/ccan/blob/master/ccan/typesafe_cb/_info
assert at build time: https://github.com/rustyrussell/ccan/blob/master/ccan/build_assert/_info
fast pseudo-random generator. Too sas that we want real random numbres for authentication challenges in GSUP/OAP? https://github.com/rustyrussell/ccan/blob/master/ccan/isaac/_info
On Wed, Feb 24, 2016 at 06:03:17PM +0100, Harald Welte wrote:
fast pseudo-random generator. Too sas that we want real random numbres for authentication challenges in GSUP/OAP? https://github.com/rustyrussell/ccan/blob/master/ccan/isaac/_info
This makes me think of
openbsc/src/osmo-bsc_mgcp/mgcp_main.c: srand(time(NULL)); openbsc/src/osmo-bsc/osmo_bsc_main.c: srand(time(NULL)); openbsc/src/osmo-bsc_nat/bsc_nat.c: srand(time(NULL)); openbsc/src/osmo-nitb/bsc_hack.c: srand(time(NULL));
Crypto nightmare. Are we using those for challenges, actually?
~Neels
On 25 Feb 2016, at 12:49, Neels Hofmeyr nhofmeyr@sysmocom.de wrote:
Are we using those for challenges, actually?
We are using RAND_bytes for at least TMSI, P-TMSI (thus TLLI) and challenge response on the NAT.
-
Harald Welte -
Holger Freyther -
Neels Hofmeyr