netipmid: use libcrypto prng instead of insecure std::rand

std::rand is insecure. Add a simple openssl-crypto wrapper for a similar
interface that can replace it.

Tested-by: Run ipmitool six times in parallel to see that five
           independent sessions are created and the sixth one causes the
           BMC to dump the session list on the console. Note that the
           session numbers are still random.

Change-Id: I0b387f1343abefc45be0d62cf9af45fbd5563047
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

3 files changed, 18 insertions, 3 deletions

diff --git a/prng.hpp b/prng.hpp
new file mode 100644
index 0000000..95946f7
--- /dev/null
+++ b/prng.hpp
@@ -0,0 +1,16 @@
+#include <openssl/rand.h>
+
+namespace crypto
+{
+
+struct prng
+{
+    static unsigned int rand()
+    {
+        unsigned int v;
+        RAND_bytes(reinterpret_cast<unsigned char*>(&v), sizeof(v));
+        return v;
+    }
+};
+
+} // namespace crypto
diff --git a/session.hpp b/session.hpp
index 4ba3fa6..f3dc2ae 100644
--- a/session.hpp
+++ b/session.hpp
@@ -4,6 +4,7 @@
 #include "crypt_algo.hpp"
 #include "endian.hpp"
 #include "integrity_algo.hpp"
+#include "prng.hpp"
 #include "socket_channel.hpp"
 
 #include <chrono>
@@ -111,7 +112,7 @@ class Session
      * @param[in] priv - Privilege Level requested in the Command
      */
     Session(SessionID inRemoteConsoleSessID, Privilege priv) :
-        curPrivLevel(priv), bmcSessionID(std::rand()),
+        curPrivLevel(priv), bmcSessionID(crypto::prng::rand()),
         remoteConsoleSessionID(inRemoteConsoleSessID)
     {
     }
diff --git a/sessions_manager.cpp b/sessions_manager.cpp
index bf7ff34..52d749b 100644
--- a/sessions_manager.cpp
+++ b/sessions_manager.cpp
@@ -20,8 +20,6 @@ Manager::Manager()
      * through the lifetime of the Session Manager.
      */
     sessionsMap.emplace(0, std::make_shared<Session>());
-    // Seeding the pseudo-random generator
-    std::srand(std::time(0));
 }
 
 std::shared_ptr<Session>