libtommath icon indicating copy to clipboard operation
libtommath copied to clipboard

Published 20 hours ago verified publisher icon libtom

Potentially lossy conversion in s_read_wincsp

Open mabuchner opened this issue 4 years ago • 1 comments
trafficstars

The s_read_wincsp function has a size_t argument n to specify the number of random bytes to generate.

https://github.com/libtom/libtommath/blob/8355b88db088e41d6f7e19a8d58d46c9ed0333d3/s_mp_rand_platform.c#L33

This argument blindly gets converted into a DWORD

https://github.com/libtom/libtommath/blob/8355b88db088e41d6f7e19a8d58d46c9ed0333d3/s_mp_rand_platform.c#L46

According to the documentation, a DWORD stores 32-bits. However, a size_t can potentially store more than 32-bits.

For example, if someone wants to generate more than 4 GB of random data on a 64-bit system, then s_read_wincsp might silently not generate the correct amount of random data.

mabuchner avatar Nov 19 '21 07:11 mabuchner

a fix of this could be done when fixing libtom/libtommath#513

sjaeckel avatar Dec 07 '21 17:12 sjaeckel