[Openvpn-devel,v2] Make get_random return int64 instead of long
Commit Message
From: Arne Schwabe <arne@rfc2549.org>
This avoids having get_ranomd being different on 32bit/Windows vs
64 bit Unix platform. Also adjust platform_create_temp_file to
create the same files on all platforms.
Change-Id: Ifefb3ad204c0c16cb4952dd6e8661fdc9136b125
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1732
---
This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1732
This mail reflects revision 2 of this Change.
Acked-by according to Gerrit (reflected above):
Gert Doering <gert@greenie.muc.de>
Comments
This needs a bit of explanation - on a 64 bit platform, this changes
exactly nothing. On 32 bit platforms (which we still support and test)
this ensures that the file names follow the same format and have the
same amount of randomness as on 64 bit platforms. This in itself
is an "improvement", not a "bugfix" - but there is a CVE bugfix coming,
which brings a unit test with it that verifies "will generated file
names be what we expect here?" - and that test fails on 32 bit
platforms, because, different filenames.
One could have adjusted the unit test ("#ifdef 32BIT"), but we decided
to go for "consistent file names across all platforms" - and since the
bugfix has to go back to 2.5 :-( this one also goes back all the way.
Tested on the offending 32 bit platform (NetBSD) with the offending
unit test, and BB + GHA tested all the rest.
Your patch has been applied to the master, release/2.7, release/2.6
and release/2.5 branch.
commit 712f3d61488a47e80577112489e9e9f98a32aac6 (master)
commit 4558e23156b67ccad389b0594b8d7097c03db999 (release/2.7)
commit bab5ee23e06a5ae1c266ddcd74f8ac09b91eed17 (release/2.6)
commit 8d590a16da67b26971109471ed1aa8afcbfc71c1 (release/2.5)
Author: Arne Schwabe
Date: Fri Jun 26 17:29:46 2026 +0200
Make get_random return int64 instead of long
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1732
Message-Id: <20260626152951.29207-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg37322.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
--
kind regards,
Gert Doering
@@ -1731,11 +1731,12 @@
ASSERT(rand_bytes(output, len));
}
-/* an analogue to the random() function, but use prng_bytes */
-long int
+/* an analogue to the random() function, but use prng_bytes and
+ * also int64_t instead of long to avoid LLP64 vs LP64 */
+int64_t
get_random(void)
{
- long int l;
+ int64_t l;
prng_bytes((unsigned char *)&l, sizeof(l));
if (l < 0)
{
@@ -603,8 +603,13 @@
*/
void prng_bytes(uint8_t *output, int len);
-/* an analogue to the random() function, but use prng_bytes */
-long int get_random(void);
+/**
+ * an analogue to the random() function, but use prng_bytes and
+ * also int64_t instead of long to avoid LLP64 vs LP64
+ *
+ * @return Returns a random positive 63 bit integer
+ */
+int64_t get_random(void);
/** Print a cipher list entry */
void print_cipher(const char *cipher);
@@ -543,7 +543,7 @@
const char *retfname = NULL;
unsigned int attempts = 0;
char fname[256] = { 0 };
- const char *fname_fmt = PACKAGE "_%.*s_%08lx%08lx.tmp";
+ const char *fname_fmt = PACKAGE "_%.*s_%08" PRIx64 "%08" PRIx64 ".tmp";
const int max_prefix_len = sizeof(fname) - (sizeof(PACKAGE) + 7 + (2 * 8));
while (attempts < 6)
@@ -551,7 +551,7 @@
++attempts;
if (!checked_snprintf(fname, sizeof(fname), fname_fmt, max_prefix_len, prefix,
- (unsigned long)get_random(), (unsigned long)get_random()))
+ get_random(), get_random()))
{
msg(M_WARN, "ERROR: temporary filename too long");
return NULL;