2009/7/18 Dave Korn <dave.korn.cyg...@googlemail.com>: > Kai Tietz wrote: > >> * gnu/java/security/jce/prng/natVMSecureRandomWin32.cc: Implementation >> for native win32. >> >> Tested for x86 and x64 mingw targets. Ok for apply? > > + for (a = 0; a < length; a++, count++) > + *bytes++= (jbyte) rand (); > > Surely not, the standard C library rand() function is completely unsuitable > for security purposes. It should use the win32 crypto api to get real > high-quality random data I think. > > cheers, > DaveK > >
Yes, I agree to this as I said in the patch post. Can we assume that any win32 target has a working wincrypt.h file? I just suggested this patch, to have at least an implementation here for win32 for further improvement (Btw I missed in my initial patch to include explicit <stdlib.h> here, too). I am just running through libjava for an initial port for x64 windows. There are a lot of assumptions about sizeof (long) == sizeof (void*), but the worse thing I see is the casting of HANDLE values to jint. For x86 this is fine, but for x64 this can lead to serious troubles. Cheers, Kai -- | (\_/) This is Bunny. Copy and paste | (='.'=) Bunny into your signature to help | (")_(") him gain world domination