On 02/10/14 17:44, Caolán McNamara wrote:
The latest coverity has taken a dislike to "rand" and we've a big block
of cids, cid#1242372 to cid#1242410 now marked with
static_checker_DC.WEAK_CRYPTO "Don't call".
there were definitely bad implementations of standard C library random
functions; no idea if that is the case on current desktop platforms...
iirc couple years ago users were actually complaining about bad random
numbers in Calc generated from rand() on Windows.
We have our own random pool stuff in sal, is there a drop in replacement
for rand in there somewhere or a common pattern we could follow in
replacing those ?
let's see what we've got:
* direct usage of boost::random for fancy distributions in Calc,
sc/source/ui/StatisticsDialogs/RandomNumberGeneratorDialog.cxx
* include/comphelper/random.hxx:
double uniform() function with [0,1) range
implemented with boost::random / MersenneTwister for speed
* include/rtl/random.h
rtlRandomPool
MD5-based PRNG, probably designed for cryptographic purposes,
although mostly untouched since the 90s and perhaps insufficient
for crypto today; it doesn't even appear to be seeded with *real*
entropy... (if there are actual cryptographic uses of this they
probably should be replaced with something from NSS)
... so i'd guess that the comphelper/random.hxx approach is most
promising for general-purpose random numbers (i.e. not crypto); it even
nicely encapsulates the boost template madness behind a small ABI.
oh, there is also a <random> header in C++11, likely inspired by
boost::random; i wonder if our new baseline toolchains have support for
this... actually GCC 4.5 release notes list it as a new feature, and
MSVC 2012 has it too:
http://msdn.microsoft.com/en-us/library/bb982398%28v=vs.110%29.aspx
... so perhaps <random> is usable for us already.
Context
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.