gtkask.c: use dedicated PRNG for initial area choice.

At Coverity's urging, I put in an instance of the Fortuna PRNG in place of the use of rand() to select which drawing area to light up next on a keypress. But Coverity turns out to be unhappy that I'm still using rand() to select the _initial_ area, before the user enters any input at all. It's even harder to imagine this being a genuine information leak than the previous complaint. But I don't really see a reason _not_ to switch it over, now it's been pointed out.
2025-01-09 17:38:00 +00:00 · 2019-07-23 18:40:09 +01:00 · 2019-07-23 18:40:09 +01:00 · 8872a97ebd
commit 8872a97ebd
parent 37bff968eb
1 changed files with 7 additions and 4 deletions
--- a/unix/gtkask.c
+++ b/unix/gtkask.c
@ -78,7 +78,7 @@ static void cleanup_keypress_prng(void)
 {
    prng_free(keypress_prng);
 }
-static int choose_new_area(int prev_area)
+static uint64_t keypress_prng_value(void)
 {
    /*
     * Don't actually put the passphrase keystrokes themselves into
@ -89,8 +89,11 @@ static int choose_new_area(int prev_area)
    noise_ultralight(NOISE_SOURCE_KEY, 0);
    uint8_t data[8];
    prng_read(keypress_prng, data, 8);
-    uint64_t randval = GET_64BIT_MSB_FIRST(data);
-    int reduced = randval % (N_DRAWING_AREAS - 1);
+    return GET_64BIT_MSB_FIRST(data);
+}
+static int choose_new_area(int prev_area)
+{
+    int reduced = keypress_prng_value() % (N_DRAWING_AREAS - 1);
    return (prev_area + 1 + reduced) % N_DRAWING_AREAS;
 }

@ -353,7 +356,7 @@ static gboolean try_grab_keyboard(gpointer vctx)
     * And repaint the key-acknowledgment drawing areas as not greyed
     * out.
     */
-    ctx->active_area = rand() % N_DRAWING_AREAS;
+    ctx->active_area = keypress_prng_value() % N_DRAWING_AREAS;
    for (i = 0; i < N_DRAWING_AREAS; i++) {
        ctx->drawingareas[i].state =
            (i == ctx->active_area ? CURRENT : NOT_CURRENT);