Re: recent coverity and rand

On 02/10/14 17:44, Caolán McNamara wrote:
> The latest coverity has taken a dislike to "rand" and we've a big block
> of cids, cid#1242372 to cid#1242410 now marked with
> static_checker_DC.WEAK_CRYPTO "Don't call".

there were definitely bad implementations of standard C library random
functions; no idea if that is the case on current desktop platforms...
iirc couple years ago users were actually complaining about bad random
numbers in Calc generated from rand() on Windows.

> We have our own random pool stuff in sal, is there a drop in replacement
> for rand in there somewhere or a common pattern we could follow in
> replacing those ?

let's see what we've got:

* direct usage of boost::random for fancy distributions in Calc,
  sc/source/ui/StatisticsDialogs/RandomNumberGeneratorDialog.cxx

* include/comphelper/random.hxx:
  double uniform() function with [0,1) range
  implemented with boost::random / MersenneTwister for speed

* include/rtl/random.h
  rtlRandomPool
  MD5-based PRNG, probably designed for cryptographic purposes,
  although mostly untouched since the 90s and perhaps insufficient
  for crypto today; it doesn't even appear to be seeded with *real*
  entropy... (if there are actual cryptographic uses of this they
  probably should be replaced with something from NSS)

... so i'd guess that the comphelper/random.hxx approach is most
promising for general-purpose random numbers (i.e. not crypto); it even
nicely encapsulates the boost template madness behind a small ABI.

oh, there is also a <random> header in C++11, likely inspired by
boost::random; i wonder if our new baseline toolchains have support for
this... actually GCC 4.5 release notes list it as a new feature, and
MSVC 2012 has it too:

http://msdn.microsoft.com/en-us/library/bb982398%28v=vs.110%29.aspx

... so perhaps <random> is usable for us already.