require a strong PRNG for session id generation

Since session ids should always be truly random require a cryptographically strong random number generator. Since all places in the codes (besides tests) already pass a strong random source, this is just a formality. Signed-off-by: Heiko Hund <heiko@openvpn.net>
2024-09-20 04:02:15 +02:00 · 2023-11-21 01:01:25 +01:00 · 2023-11-21 01:01:25 +01:00 · e484aceec9
commit e484aceec9
parent be3f20dc58
2 changed files with 6 additions and 6 deletions
--- a/openvpn/common/sess_id.hpp
+++ b/openvpn/common/sess_id.hpp
@ -55,7 +55,7 @@ class SessionIDType
    }

    // Create a random Session ID.
-    explicit SessionIDType(RandomAPI &rng)
+    explicit SessionIDType(StrongRandomAPI &rng)
    {
        rng.rand_bytes(u.data, sizeof(u.data));
    }
--- a/test/unittests/test_session_id.cpp
+++ b/test/unittests/test_session_id.cpp
@ -117,7 +117,7 @@ struct SessionID : public SessionID128
        // dump("default");
    }

-    SessionID(RandomAPI &rng)
+    SessionID(StrongRandomAPI &rng)
        : SessionID128(rng)
    {
        // dump("rng");
@ -137,7 +137,7 @@ struct SessionID : public SessionID128
 class Session
 {
  public:
-    Session(RandomAPI &rng)
+    Session(StrongRandomAPI &rng)
        : sid(rng)
    {
    }
@ -160,9 +160,9 @@ std::string test(Session *session)

 TEST(sessid, refscope1)
 {
-    MTRand rng(123456789);
-    Session sess(rng);
-    EXPECT_EQ("Name: myname SessID: DsiRkfGnT1l1WtMoM59SRA..", test(&sess));
+    FakeSecureRand fake_rng(0x42);
+    Session sess(fake_rng);
+    EXPECT_EQ("Name: myname SessID: QkNERUZHSElKS0xNTk9QUQ..", test(&sess));
    EXPECT_EQ("Name: myname SessID: AAAAAAAAAAAAAAAAAAAAAA..", test(nullptr));
 }