Improve usage of rand() for certain LCG implementations

Signed-off-by: Jan Bartels <[email protected]>

Author: jbsgh

library/rsa.c

@@ -2890,14 +2890,18 @@ void mbedtls_rsa_free(mbedtls_rsa_context *ctx)
 static int myrand(void *rng_state, unsigned char *output, size_t len)
 {
 #if !defined(__OpenBSD__) && !defined(__NetBSD__)
-    size_t i;
-
     if (rng_state != NULL) {
         rng_state  = NULL;
     }
 
-    for (i = 0; i < len; ++i) {
-        output[i] = rand();
+    while (len > 0) {
+        #if (RAND_MAX >= 0x00FFFFFF)
+        *output = (unsigned char) (rand() >> 16);
+        #else
+        *output = (unsigned char) rand() ; /* e. g. Visual C */
+        #endif
+        output += 1;
+        len -= 1;
     }
 #else
     if (rng_state != NULL) {

programs/fuzz/common.c

@@ -59,7 +59,6 @@ int fuzz_recv(void *ctx, unsigned char *buf, size_t len)
 int dummy_random(void *p_rng, unsigned char *output, size_t output_len)
 {
     int ret;
-    size_t i;
 
 #if defined(MBEDTLS_CTR_DRBG_C)
     //mbedtls_ctr_drbg_random requires a valid mbedtls_ctr_drbg_context in p_rng
@@ -74,24 +73,35 @@ int dummy_random(void *p_rng, unsigned char *output, size_t output_len)
     (void) p_rng;
     ret = 0;
 #endif
-    for (i = 0; i < output_len; i++) {
-        //replace result with pseudo random
-        output[i] = (unsigned char) rand();
+    //replace result with pseudo random
+    while (output_len > 0) {
+        #if (RAND_MAX >= 0x00FFFFFF)
+        *output = (unsigned char) (rand() >> 16);
+        #else
+        *output = (unsigned char) rand() ; /* e. g. Visual C */
+        #endif
+        output += 1;
+        output_len -= 1;
     }
     return ret;
 }
 
 int dummy_entropy(void *data, unsigned char *output, size_t len)
 {
-    size_t i;
     (void) data;
 
     //use mbedtls_entropy_func to find bugs in it
     //test performance impact of entropy
     //ret = mbedtls_entropy_func(data, output, len);
-    for (i = 0; i < len; i++) {
-        //replace result with pseudo random
-        output[i] = (unsigned char) rand();
+    //replace result with pseudo random
+    while (len > 0) {
+        #if (RAND_MAX >= 0x00FFFFFF)
+        *output = (unsigned char) (rand() >> 16);
+        #else
+        *output = (unsigned char) rand() ; /* e. g. Visual C */
+        #endif
+        output += 1;
+        len -= 1;
     }
     return 0;
 }

programs/ssl/ssl_test_lib.c

@@ -48,14 +48,19 @@ mbedtls_time_t dummy_constant_time(mbedtls_time_t *time)
 #if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
 static int dummy_entropy(void *data, unsigned char *output, size_t len)
 {
-    size_t i;
     int ret;
     (void) data;
 
     ret = mbedtls_entropy_func(data, output, len);
-    for (i = 0; i < len; i++) {
-        //replace result with pseudo random
-        output[i] = (unsigned char) rand();
+    //replace result with pseudo random
+    while (len > 0) {
+        #if (RAND_MAX >= 0x00FFFFFF)
+        *output = (unsigned char) (rand() >> 16);
+        #else
+        *output = (unsigned char) rand() ; /* e. g. Visual C */
+        #endif
+        output += 1;
+        len -= 1;
     }
     return ret;
 }

programs/test/benchmark.c

@@ -455,23 +455,20 @@ static void mbedtls_set_alarm(int seconds)
 
 static int myrand(void *rng_state, unsigned char *output, size_t len)
 {
-    size_t use_len;
     int rnd;
 
     if (rng_state != NULL) {
         rng_state  = NULL;
     }
 
     while (len > 0) {
-        use_len = len;
-        if (use_len > sizeof(int)) {
-            use_len = sizeof(int);
-        }
-
-        rnd = rand();
-        memcpy(output, &rnd, use_len);
-        output += use_len;
-        len -= use_len;
+        #if (RAND_MAX >= 0x00FFFFFF)
+        *output = (unsigned char) (rand() >> 16);
+        #else
+        *output = (unsigned char) rand() ; /* e. g. Visual C */
+        #endif
+        output += 1;
+        len -= 1;
     }
 
     return 0;

tests/src/test_helpers/ssl_helpers.c

@@ -15,8 +15,14 @@
 int mbedtls_test_random(void *p_rng, unsigned char *output, size_t output_len)
 {
     (void) p_rng;
-    for (size_t i = 0; i < output_len; i++) {
-        output[i] = rand();
+    while (output_len > 0) {
+        #if (RAND_MAX >= 0x00FFFFFF)
+        *output = (unsigned char) (rand() >> 16);
+        #else
+        *output = (unsigned char) rand() ; /* e. g. Visual C */
+        #endif
+        output += 1;
+        output_len -= 1;
     }
 
     return 0;