diff options
author | Vernon Mauery <vernon.mauery@linux.intel.com> | 2018-10-24 14:02:16 -0700 |
---|---|---|
committer | Tom Joseph <tomjoseph@in.ibm.com> | 2018-11-14 14:59:52 +0000 |
commit | 8977d12a4f6d647958b50003c11e396fadffde51 (patch) | |
tree | d6ea56c718265ed0e908fc21e3af694fcb5e6510 | |
parent | 07e5b28c142abc0d2f1a94d6ce9ef21446226f5e (diff) | |
download | phosphor-net-ipmid-8977d12a4f6d647958b50003c11e396fadffde51.tar.gz phosphor-net-ipmid-8977d12a4f6d647958b50003c11e396fadffde51.zip |
netipmid: use libcrypto prng instead of insecure std::rand
std::rand is insecure. Add a simple openssl-crypto wrapper for a similar
interface that can replace it.
Tested-by: Run ipmitool six times in parallel to see that five
independent sessions are created and the sixth one causes the
BMC to dump the session list on the console. Note that the
session numbers are still random.
Change-Id: I0b387f1343abefc45be0d62cf9af45fbd5563047
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
-rw-r--r-- | prng.hpp | 16 | ||||
-rw-r--r-- | session.hpp | 3 | ||||
-rw-r--r-- | sessions_manager.cpp | 2 |
3 files changed, 18 insertions, 3 deletions
diff --git a/prng.hpp b/prng.hpp new file mode 100644 index 0000000..95946f7 --- /dev/null +++ b/prng.hpp @@ -0,0 +1,16 @@ +#include <openssl/rand.h> + +namespace crypto +{ + +struct prng +{ + static unsigned int rand() + { + unsigned int v; + RAND_bytes(reinterpret_cast<unsigned char*>(&v), sizeof(v)); + return v; + } +}; + +} // namespace crypto diff --git a/session.hpp b/session.hpp index 4ba3fa6..f3dc2ae 100644 --- a/session.hpp +++ b/session.hpp @@ -4,6 +4,7 @@ #include "crypt_algo.hpp" #include "endian.hpp" #include "integrity_algo.hpp" +#include "prng.hpp" #include "socket_channel.hpp" #include <chrono> @@ -111,7 +112,7 @@ class Session * @param[in] priv - Privilege Level requested in the Command */ Session(SessionID inRemoteConsoleSessID, Privilege priv) : - curPrivLevel(priv), bmcSessionID(std::rand()), + curPrivLevel(priv), bmcSessionID(crypto::prng::rand()), remoteConsoleSessionID(inRemoteConsoleSessID) { } diff --git a/sessions_manager.cpp b/sessions_manager.cpp index bf7ff34..52d749b 100644 --- a/sessions_manager.cpp +++ b/sessions_manager.cpp @@ -20,8 +20,6 @@ Manager::Manager() * through the lifetime of the Session Manager. */ sessionsMap.emplace(0, std::make_shared<Session>()); - // Seeding the pseudo-random generator - std::srand(std::time(0)); } std::shared_ptr<Session> |