Improve the Random Seeding of SPI Generator
Re-seeing the SPI generator with time_t caused
initial seeds generated at approximately the
same time to be the same. This means that SPIs
were either the same if the xfrm_id differed,
or were sequential if the xfrm_id was the same.
While that's technically not broken,
it's not good behavior. This patch converts to
using a better random seed, which in turn improves
the entropy of the generated SPIs.
Bug: 67507803
Test: manual
Change-Id: I58b84dbca17cfa6c27534de15416bd8906195739
diff --git a/server/XfrmController.cpp b/server/XfrmController.cpp
index ddfda5a..2721013 100644
--- a/server/XfrmController.cpp
+++ b/server/XfrmController.cpp
@@ -16,6 +16,7 @@
*/
#include <string>
+#include <random>
#include <vector>
#include <ctype.h>
@@ -308,10 +309,10 @@
class RandomSpi {
public:
RandomSpi(int min, int max) : mMin(min) {
- time_t t;
- srand((unsigned int)time(&t));
- // TODO: more random random
- mNext = rand();
+ // Re-seeding should be safe because the seed itself is
+ // sufficiently random and we don't need secure random
+ std::mt19937 rnd = std::mt19937(std::random_device()());
+ mNext = std::uniform_int_distribution<>(1, INT_MAX)(rnd);
mSize = max - min + 1;
mCount = mSize;
}