This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Holger Freyther gerrit-no-reply at lists.osmocom.orgPatch Set 9: Code-Review+1 (4 comments) But I prefer the usage of RAND_bytes (the wrapper of it) over a weak random number generator. https://gerrit.osmocom.org/#/c/464/9/openbsc/include/openbsc/gprs_sgsn.h File openbsc/include/openbsc/gprs_sgsn.h: Line 161: uint8_t auth_ref; Please add a comment, first thing I see in the patch and the name is not obvious to me. :) https://gerrit.osmocom.org/#/c/464/9/openbsc/src/gprs/gprs_gmm.c File openbsc/src/gprs/gprs_gmm.c: Line 420: static int gsm48_tx_gmm_auth_ciph_req(struct sgsn_mm_ctx *mm, uint8_t *rnd, Why the rename here? Line 442: acreq->ac_ref_nr = rand(); What randomness is needed here? rand() is not a secure random number generator and most likely (e.g. mersenne twister based) one can predict numbers based on past output. We have wrapped(?) libcrypto RAND_bytes() somewhere for a secure random number generator. Line 495: if (acr->ac_ref_nr != ctx->auth_ref) { ac_ref_nr_used instead of auth_ref? -- To view, visit https://gerrit.osmocom.org/464 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I3638821a9b4a0532b28dbbb50faa30c4082579f6 Gerrit-PatchSet: 9 Gerrit-Project: openbsc Gerrit-Branch: master Gerrit-Owner: Max <msuraev at sysmocom.de> Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org> Gerrit-Reviewer: Holger Freyther <holger at freyther.de> Gerrit-Reviewer: Jenkins Builder Gerrit-HasComments: Yes