The s_read_wincsp function has a size_t argument n to specify the number of random bytes to generate.
|
static mp_err s_read_wincsp(void *p, size_t n) |
This argument blindly gets converted into a DWORD
|
return CryptGenRandom(hProv, (DWORD)n, (BYTE *)p) == TRUE ? MP_OKAY : MP_ERR; |
According to the documentation, a DWORD stores 32-bits. However, a size_t can potentially store more than 32-bits.
For example, if someone wants to generate more than 4 GB of random data on a 64-bit system, then s_read_wincsp might silently not generate the correct amount of random data.
The
s_read_wincspfunction has asize_targumentnto specify the number of random bytes to generate.libtommath/s_mp_rand_platform.c
Line 33 in 8355b88
This argument blindly gets converted into a
DWORDlibtommath/s_mp_rand_platform.c
Line 46 in 8355b88
According to the documentation, a
DWORDstores 32-bits. However, asize_tcan potentially store more than 32-bits.For example, if someone wants to generate more than 4 GB of random data on a 64-bit system, then
s_read_wincspmight silently not generate the correct amount of random data.