openbsc[master]: SGSN: use unique AUTH REQ reference

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Holger Freyther gerrit-no-reply at lists.osmocom.org
Sat Jul 9 06:16:40 UTC 2016


Patch Set 9: Code-Review+1

(4 comments)

But I prefer the usage of RAND_bytes (the wrapper of it) over a weak random number generator.

https://gerrit.osmocom.org/#/c/464/9/openbsc/include/openbsc/gprs_sgsn.h
File openbsc/include/openbsc/gprs_sgsn.h:

Line 161: 	uint8_t auth_ref;
Please add a comment, first thing I see in the patch and the name is not obvious to me. :)


https://gerrit.osmocom.org/#/c/464/9/openbsc/src/gprs/gprs_gmm.c
File openbsc/src/gprs/gprs_gmm.c:

Line 420: static int gsm48_tx_gmm_auth_ciph_req(struct sgsn_mm_ctx *mm, uint8_t *rnd,
Why the rename here?


Line 442: 	acreq->ac_ref_nr = rand();
What randomness is needed here? rand() is not a secure random number generator and most likely (e.g. mersenne twister based) one can predict numbers based on past output.

We have wrapped(?) libcrypto RAND_bytes() somewhere for a secure random number generator.


Line 495: 	if (acr->ac_ref_nr != ctx->auth_ref) {
ac_ref_nr_used instead of auth_ref?


-- 
To view, visit https://gerrit.osmocom.org/464
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I3638821a9b4a0532b28dbbb50faa30c4082579f6
Gerrit-PatchSet: 9
Gerrit-Project: openbsc
Gerrit-Branch: master
Gerrit-Owner: Max <msuraev at sysmocom.de>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Holger Freyther <holger at freyther.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-HasComments: Yes



More information about the gerrit-log mailing list