gprs/gb_proxy: Use RAND_bytes for gbproxy TLLI/TMSI allocation
This change has some implications for the test case. It manipulated
bss_ptmsi_state and sgsn_tlli_state variables to make the output of
rand_r() and thus the TLLI/TMSI used predictable.
This possibility is gone when using RAND_bytes() so instead it is
overridden by a function that returns a deterministic sequence of values
(0x00dead00, 0x00dead01, ...). The test cases are adapted to expect
these values instead of the pseudo random values before.
The gbproxy_test stdout file changes as well, but only where the
TLLI/TMSI is displayed (in the hex dumps as well as the TLLI cache
entries). All other output is the same.
diff --git a/openbsc/src/gprs/Makefile.am b/openbsc/src/gprs/Makefile.am
index dcc6842..f012003 100644
--- a/openbsc/src/gprs/Makefile.am
+++ b/openbsc/src/gprs/Makefile.am
@@ -2,7 +2,7 @@
AM_CFLAGS=-Wall -fno-strict-aliasing $(LIBOSMOCORE_CFLAGS) \
$(LIBOSMOGSM_CFLAGS) $(LIBOSMOVTY_CFLAGS) $(LIBOSMOCTRL_CFLAGS) \
$(LIBOSMOABIS_CFLAGS) $(LIBOSMOGB_CFLAGS) $(COVERAGE_CFLAGS) \
- $(LIBCARES_CFLAGS)
+ $(LIBCARES_CFLAGS) $(LIBCRYPTO_CFLAGS)
OSMO_LIBS = $(LIBOSMOCORE_LIBS) $(LIBOSMOGSM_LIBS) $(LIBOSMOVTY_LIBS) \
$(LIBOSMOCTRL_LIBS) $(LIBOSMOGB_LIBS)
@@ -20,7 +20,7 @@
gb_proxy_patch.c gb_proxy_tlli.c gb_proxy_peer.c \
gprs_gb_parse.c gprs_llc_parse.c crc24.c gprs_utils.c
osmo_gbproxy_LDADD = $(top_builddir)/src/libcommon/libcommon.a \
- $(OSMO_LIBS) -lrt
+ $(OSMO_LIBS) $(LIBCRYPTO_LIBS) -lrt
osmo_sgsn_SOURCES = gprs_gmm.c gprs_sgsn.c gprs_sndcp.c gprs_sndcp_vty.c \
sgsn_main.c sgsn_vty.c sgsn_libgtp.c \
diff --git a/openbsc/src/gprs/gb_proxy.c b/openbsc/src/gprs/gb_proxy.c
index 21cd405..5b3ee28 100644
--- a/openbsc/src/gprs/gb_proxy.c
+++ b/openbsc/src/gprs/gb_proxy.c
@@ -50,6 +50,8 @@
#include <openbsc/gsm_04_08_gprs.h>
#include <openbsc/gprs_utils.h>
+#include <openssl/rand.h>
+
static const struct rate_ctr_desc global_ctr_description[] = {
{ "inv-bvci", "Invalid BVC Identifier " },
{ "inv-lai", "Invalid Location Area Identifier" },
@@ -232,7 +234,11 @@
bss_ptmsi = sgsn_ptmsi;
} else {
do {
- bss_ptmsi = rand_r(&peer->cfg->bss_ptmsi_state);
+ if (RAND_bytes((uint8_t *) &bss_ptmsi, sizeof(bss_ptmsi)) != 1) {
+ bss_ptmsi = GSM_RESERVED_TMSI;
+ break;
+ }
+
bss_ptmsi = bss_ptmsi | 0xC0000000;
if (gbproxy_link_info_by_ptmsi(peer, bss_ptmsi))
@@ -265,7 +271,11 @@
} else {
do {
/* create random TLLI, 0b01111xxx... */
- sgsn_tlli = rand_r(&peer->cfg->sgsn_tlli_state);
+ if (RAND_bytes((uint8_t *) &sgsn_tlli, sizeof(sgsn_tlli)) != 1) {
+ sgsn_tlli = 0;
+ break;
+ }
+
sgsn_tlli = (sgsn_tlli & 0x7fffffff) | 0x78000000;
if (gbproxy_link_info_by_any_sgsn_tlli(peer, sgsn_tlli))
@@ -1365,8 +1375,6 @@
INIT_LLIST_HEAD(&cfg->bts_peers);
cfg->ctrg = rate_ctr_group_alloc(tall_bsc_ctx, &global_ctrg_desc, 0);
clock_gettime(CLOCK_REALTIME, &tp);
- cfg->bss_ptmsi_state = tp.tv_sec + tp.tv_nsec;
- cfg->sgsn_tlli_state = tp.tv_sec - tp.tv_nsec;
return 0;
}