From: Pauli Date: Thu, 28 Sep 2023 01:45:01 +0000 (+1000) Subject: Coverity 1545174: calling risky function X-Git-Tag: openssl-3.2.0-beta1~163 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=eaf08794398ac3caaadffcfd670854bf51f610fa;p=thirdparty%2Fopenssl.git Coverity 1545174: calling risky function Remove the call to rand() and replace with an xor-shift RNG. There are no security implications to worry about here. This RNG is used during testing only. Reviewed-by: Tomas Mraz Reviewed-by: Tom Cosgrove (Merged from https://github.com/openssl/openssl/pull/22211) --- diff --git a/providers/implementations/rands/test_rng.c b/providers/implementations/rands/test_rng.c index 0006468d066..57b36469caa 100644 --- a/providers/implementations/rands/test_rng.c +++ b/providers/implementations/rands/test_rng.c @@ -47,6 +47,7 @@ typedef struct { unsigned char *entropy, *nonce; size_t entropy_len, entropy_pos, nonce_len; CRYPTO_RWLOCK *lock; + uint32_t seed; } PROV_TEST_RNG; static void *test_rng_new(void *provctx, void *parent, @@ -88,6 +89,7 @@ static int test_rng_instantiate(void *vtest, unsigned int strength, t->state = EVP_RAND_STATE_READY; t->entropy_pos = 0; + t->seed = 221953166; /* Value doesn't matter, so long as it isn't zero */ return 1; } @@ -103,7 +105,22 @@ static int test_rng_uninstantiate(void *vtest) static unsigned char gen_byte(PROV_TEST_RNG *t) { - return rand() & 0xff; + uint32_t n; + + /* + * Implement the 32 bit xorshift as suggested by George Marsaglia in: + * https://doi.org/10.18637/jss.v008.i14 + * + * This is a very fast PRNG so there is no need to extract bytes one at a + * time and use the entire value each time. + */ + n = t->seed; + n ^= n << 13; + n ^= n >> 17; + n ^= n << 5; + t->seed = n; + + return n & 0xff; } static int test_rng_generate(void *vtest, unsigned char *out, size_t outlen,