This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Holger Freyther gerrit-no-reply at lists.osmocom.org
Patch Set 9: Code-Review+1
(4 comments)
But I prefer the usage of RAND_bytes (the wrapper of it) over a weak random number generator.
https://gerrit.osmocom.org/#/c/464/9/openbsc/include/openbsc/gprs_sgsn.h
File openbsc/include/openbsc/gprs_sgsn.h:
Line 161: uint8_t auth_ref;
Please add a comment, first thing I see in the patch and the name is not obvious to me. :)
https://gerrit.osmocom.org/#/c/464/9/openbsc/src/gprs/gprs_gmm.c
File openbsc/src/gprs/gprs_gmm.c:
Line 420: static int gsm48_tx_gmm_auth_ciph_req(struct sgsn_mm_ctx *mm, uint8_t *rnd,
Why the rename here?
Line 442: acreq->ac_ref_nr = rand();
What randomness is needed here? rand() is not a secure random number generator and most likely (e.g. mersenne twister based) one can predict numbers based on past output.
We have wrapped(?) libcrypto RAND_bytes() somewhere for a secure random number generator.
Line 495: if (acr->ac_ref_nr != ctx->auth_ref) {
ac_ref_nr_used instead of auth_ref?
--
To view, visit https://gerrit.osmocom.org/464
To unsubscribe, visit https://gerrit.osmocom.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I3638821a9b4a0532b28dbbb50faa30c4082579f6
Gerrit-PatchSet: 9
Gerrit-Project: openbsc
Gerrit-Branch: master
Gerrit-Owner: Max <msuraev at sysmocom.de>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Holger Freyther <holger at freyther.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-HasComments: Yes