From 6d49b049ee304f1ea0e4801df61e69713b01f0f8 Mon Sep 17 00:00:00 2001 From: Holger Hans Peter Freyther Date: Sat, 7 Jul 2018 21:51:09 +0100 Subject: [PATCH] Move from libc random() to osmo_get_rand_id When starting multiple mobile in the same second, the libc random number generator will be seeded to exactly the same value. The random bits inside the RACH request(s) will be exactly the same across multiple mobile and when the channel fails they all pick the same randomized back-off timing. Use stronger random numbers and replace all calls to random(2) with osmo_get_rand_id. Add a fallback to try random(). Change-Id: Ie0cc64663cd4b90c027b79545dc5d3ac9d87b9dd --- src/host/layer23/src/mobile/gsm322.c | 4 +++- src/host/layer23/src/mobile/gsm48_mm.c | 5 ++++- src/host/layer23/src/mobile/gsm48_rr.c | 4 +++- src/host/layer23/src/mobile/settings.c | 10 ++++++++-- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/src/host/layer23/src/mobile/gsm322.c b/src/host/layer23/src/mobile/gsm322.c index c3485b6a0..ce25cd574 100644 --- a/src/host/layer23/src/mobile/gsm322.c +++ b/src/host/layer23/src/mobile/gsm322.c @@ -959,7 +959,9 @@ static int gsm322_sort_list(struct osmocom_ms *ms) entries++; } while(entries) { - move = random() % entries; + if (osmo_get_rand_id((uint8_t *) &move, sizeof(move)) != 0) + move = random(); + move = move % entries; i = 0; llist_for_each_entry(temp, &temp_list, entry) { if (rxlev2dbm(temp->rxlev) > -85) { diff --git a/src/host/layer23/src/mobile/gsm48_mm.c b/src/host/layer23/src/mobile/gsm48_mm.c index a7af1f5cf..a36e7e86d 100644 --- a/src/host/layer23/src/mobile/gsm48_mm.c +++ b/src/host/layer23/src/mobile/gsm48_mm.c @@ -30,6 +30,7 @@ #include #include #include +#include #include #include @@ -2099,7 +2100,9 @@ static int gsm48_mm_sysinfo(struct osmocom_ms *ms, struct msgb *msg) mm->t3212.timeout.tv_sec = current_time.tv_sec + (t % s->t3212); } else { - uint32_t rand = random(); + uint32_t rand; + if (osmo_get_rand_id((uint8_t *) &rand, sizeof(rand)) != 0) + rand = random(); LOGP(DMM, LOGL_INFO, "New T3212 while timer is not " "running (value %d)\n", s->t3212); diff --git a/src/host/layer23/src/mobile/gsm48_rr.c b/src/host/layer23/src/mobile/gsm48_rr.c index dd3fe9339..db2cb5ed3 100644 --- a/src/host/layer23/src/mobile/gsm48_rr.c +++ b/src/host/layer23/src/mobile/gsm48_rr.c @@ -71,6 +71,7 @@ #include #include #include +#include #include #include @@ -1628,7 +1629,8 @@ fail: } } - chan_req = random(); + if (osmo_get_rand_id((uint8_t *) &chan_req, sizeof(chan_req)) != 0) + chan_req = random(); chan_req &= rr->chan_req_mask; chan_req |= rr->chan_req_val; diff --git a/src/host/layer23/src/mobile/settings.c b/src/host/layer23/src/mobile/settings.c index 7370b0ab0..80b0b4822 100644 --- a/src/host/layer23/src/mobile/settings.c +++ b/src/host/layer23/src/mobile/settings.c @@ -23,6 +23,7 @@ #include #include #include +#include #include #include @@ -178,14 +179,19 @@ int gsm_random_imei(struct gsm_settings *set) { int digits = set->imei_random; char rand[16]; + long rand_num; if (digits <= 0) return 0; if (digits > 15) digits = 15; - sprintf(rand, "%08ld", random() % 100000000); - sprintf(rand + 8, "%07ld", random() % 10000000); + if (osmo_get_rand_id((uint8_t *) &rand_num, sizeof(rand_num)) != 0) + rand_num = random(); + sprintf(rand, "%08ld", rand_num % 100000000); + if (osmo_get_rand_id((uint8_t *) &rand_num, sizeof(rand_num)) != 0) + rand_num = random(); + sprintf(rand + 8, "%07ld", rand_num % 10000000); strcpy(set->imei + 15 - digits, rand + 15 - digits); strncpy(set->imeisv, set->imei, 15);