qpdf/libqpdf/InsecureRandomDataProvider.cc

#include <qpdf/InsecureRandomDataProvider.hh>

#include <qpdf/qpdf-config.h>
#include <qpdf/QUtil.hh>
#include <stdlib.h>

InsecureRandomDataProvider::InsecureRandomDataProvider() :
    seeded_random(false)
{
}

InsecureRandomDataProvider::~InsecureRandomDataProvider()
{
}

void
InsecureRandomDataProvider::provideRandomData(unsigned char* data, size_t len)
{
    for (size_t i = 0; i < len; ++i)
    {
        data[i] = static_cast<unsigned char>((this->random() & 0xff0) >> 4);
    }
}

long
InsecureRandomDataProvider::random()
{
    if (! this->seeded_random)
    {
	// Seed the random number generator with something simple, but
	// just to be interesting, don't use the unmodified current
	// time.  It would be better if this were a more secure seed.
        QUtil::srandom(static_cast<unsigned int>(
                           QUtil::get_current_time() ^ 0xcccc));
	this->seeded_random = true;
    }

#  ifdef HAVE_RANDOM
    return ::random();
#  else
    return rand();
#  endif
}

RandomDataProvider*
InsecureRandomDataProvider::getInstance()
{
    static InsecureRandomDataProvider instance;
    return &instance;
}
Refactor random data generation Add new RandomDataProvider object and implement existing random number generation in terms of that. This enables end users to supply their own random data providers. 2013-11-30 17:02:56 +00:00			`#include <qpdf/InsecureRandomDataProvider.hh>`

			`#include <qpdf/qpdf-config.h>`
			`#include <qpdf/QUtil.hh>`
			`#include <stdlib.h>`

			`InsecureRandomDataProvider::InsecureRandomDataProvider() :`
			`seeded_random(false)`
			`{`
			`}`

			`InsecureRandomDataProvider::~InsecureRandomDataProvider()`
			`{`
			`}`

			`void`
			`InsecureRandomDataProvider::provideRandomData(unsigned char* data, size_t len)`
			`{`
			`for (size_t i = 0; i < len; ++i)`
			`{`
			`data[i] = static_cast<unsigned char>((this->random() & 0xff0) >> 4);`
			`}`
			`}`

			`long`
			`InsecureRandomDataProvider::random()`
			`{`
			`if (! this->seeded_random)`
			`{`
			`// Seed the random number generator with something simple, but`
			`// just to be interesting, don't use the unmodified current`
			`// time. It would be better if this were a more secure seed.`
Fix sign and conversion warnings (major) This makes all integer type conversions that have potential data loss explicit with calls that do range checks and raise an exception. After this commit, qpdf builds with no warnings when -Wsign-conversion -Wconversion is used with gcc or clang or when -W3 -Wd4800 is used with MSVC. This significantly reduces the likelihood of potential crashes from bogus integer values. There are some parts of the code that take int when they should take size_t or an offset. Such places would make qpdf not support files with more than 2^31 of something that usually wouldn't be so large. In the event that such a file shows up and is valid, at least qpdf would raise an error in the right spot so the issue could be legitimately addressed rather than failing in some weird way because of a silent overflow condition. 2019-06-21 03:35:23 +00:00			`QUtil::srandom(static_cast<unsigned int>(`
			`QUtil::get_current_time() ^ 0xcccc));`
Refactor random data generation Add new RandomDataProvider object and implement existing random number generation in terms of that. This enables end users to supply their own random data providers. 2013-11-30 17:02:56 +00:00			`this->seeded_random = true;`
			`}`

			`# ifdef HAVE_RANDOM`
			`return ::random();`
			`# else`
			`return rand();`
			`# endif`
			`}`

			`RandomDataProvider*`
			`InsecureRandomDataProvider::getInstance()`
			`{`
			`static InsecureRandomDataProvider instance;`
			`return &instance;`
			`}`