In the code base three different syntaxes for overriding virtual member
functions could be found:
1) virtual ... override
2) virtual ...
3) ... override
This converts all of them to the third syntax, as recommended by the ISO
C++ core guidelines in C.128
Signed-off-by: Heiko Hund <heiko@openvpn.net>
The need of having to call the assert_crypto() member function to ensure
that a cryptographically strong RNG is used where needed, was reported
as potentially insecure, since calling it manually can easily be missed.
In the commit the two new classes StrongRandomAPI and WeakRandomAPI are
introduced. They are to be used instead of just RandomAPI, unless it
doesn't matter what strength the RNG is.
All the places the assert_crypto() was called were converted to using
StrongRandomAPI instead. Also the RNGs for which assert_crypto() was not
throwing are now inheriting from StrongRandomAPI.
Variable names, which have the StrongRandomAPI type, but were called
prng, are changed to rng instead to follow the source code convention.
Signed-off-by: Heiko Hund <heiko@openvpn.net>
- Used static_cast instead of direct type conversions in places where
it's safe
- Used numeric_cast where failure is possible
- Changed types of arguments and locals when practical
Signed-off-by: Charlie Vigue <charlie.vigue@openvpn.com>
The undefined behavior is unary negation of T:min of a signed type
attempting to get a positive value of the same signed type.
This commit adds a unit test that exposes the original bug and well as
a fix for it.
Signed-off-by: Mark Deric <jmark@openvpn.net>
This is the result after running 'clang-format -i' on all C++ files and
headers, with the defined formatting rules in .clang-format.
Only the openvpn/common/unicode-impl.hpp has been excluded, as that is
mostly a copy of an external project.
Signed-off-by: David Sommerseth <davids@openvpn.net>
CID 10990 (#2 of 2): Using a moved object (USE_AFTER_MOVE)
2. use_after_move: rng_arg is used after it has been already moved.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
This avoids the mistake of using the insecure MTRand in anything but
a unit test and has the advantage that not all MTRand in a unit test
suite report being secure
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This is useful for unit tests that must produce deterministic results.
You would never want to define this in production, because it turns off
the check that prevents non-crypto RNGs from being used for crypto
purposes.
Signed-off-by: James Yonan <james@openvpn.net>
Initializing MTRand with a constant seed is useful for unit tests
that need to produce deterministic output.
Signed-off-by: James Yonan <james@openvpn.net>
both cryptographic and non-cryptographic algorithms, as
a failsafe, add a new virtual method assert_crypto()
that will throw an exception if the algorithm is not
crypto strength. assert_crypto() should now be called
before any RNG is used for crypto purposes.
an attacker from using knowledge about the hash table
bucket hashing function to maliciously attempt to create
unbalanced hash buckets, which in turn could lead to DoS.