Milenage's auts function outputs sqn, it doesn't consume it

src/lib/sim/milenage.c

@@ -314,7 +314,7 @@ int milenage_umts_generate(uint8_t autn[MILENAGE_AUTN_SIZE],
 
 /** Milenage AUTS validation
  *
- * @param[out] sqn	Buffer for SQN = 48-bit sequence number (host byte order).
+ * @param[out] sqn	SQN = 48-bit sequence number (host byte order).
  * @param[in] opc	128-bit operator variant algorithm configuration field (encr.).
  * @param[in] ki	128-bit subscriber key.
  * @param[in] rand	128-bit random challenge.
@@ -323,7 +323,7 @@ int milenage_umts_generate(uint8_t autn[MILENAGE_AUTN_SIZE],
  *	- 0 on success with sqn filled.
  *	- -1 on failure.
  */
-int milenage_auts(uint64_t sqn,
+int milenage_auts(uint64_t *sqn,
 		  uint8_t const opc[MILENAGE_OPC_SIZE],
 		  uint8_t const ki[MILENAGE_KI_SIZE],
 		  uint8_t const rand[MILENAGE_RAND_SIZE],
@@ -334,12 +334,13 @@ int milenage_auts(uint64_t sqn,
 	uint8_t		sqn_buff[MILENAGE_SQN_SIZE];
 	size_t		i;
 
-	uint48_to_buff(sqn_buff, sqn);
-
 	if (milenage_f2345(NULL, NULL, NULL, NULL, ak, opc, ki, rand)) return -1;
 	for (i = 0; i < sizeof(sqn_buff); i++) sqn_buff[i] = auts[i] ^ ak[i];
 
 	if (milenage_f1(NULL, mac_s, opc, ki, rand, sqn_buff, amf) || CRYPTO_memcmp(mac_s, auts + 6, 8) != 0) return -1;
+
+	*sqn = uint48_from_buff(sqn_buff);
+
 	return 0;
 }
 

src/lib/sim/milenage.h

@@ -99,7 +99,7 @@ int	milenage_umts_generate(uint8_t autn[MILENAGE_AUTN_SIZE],
 			       uint64_t sqn,
 			       uint8_t const rand[MILENAGE_RAND_SIZE]);
 
-int	milenage_auts(uint64_t sqn,
+int	milenage_auts(uint64_t *sqn,
 		      uint8_t const opc[MILENAGE_OPC_SIZE],
 		      uint8_t const ki[MILENAGE_KI_SIZE],
 		      uint8_t const rand[MILENAGE_RAND_SIZE],