Prefer getrandom(3)/getentropy(3) over arc4random(3bsd)
arc4random(3) without kernel support is unsafe, as it can't know when to drop the buffer. Since we depend on libbsd since recently, we have arc4random(3) functions always available, and thus, this code would have always called arc4random_buf(3bsd), which is unsafe. Put it after some better alternatives, at least until in a decade or so all systems have a recent enough glibc. glibc implements arc4random(3) safely, since it's just a wrapper around getrandom(2). Link: <https://inbox.sourceware.org/libc-alpha/20220722122137.3270666-1-adhemerval.zanella@linaro.org/> Link: <https://inbox.sourceware.org/libc-alpha/5c29df04-6283-9eee-6648-215b52cfa26b@cs.ucla.edu/T/> Cc: Cristian Rodríguez <crrodriguez@opensuse.org> Cc: Adhemerval Zanella <adhemerval.zanella@linaro.org> Cc: Guillem Jover <guillem@hadrons.org> Cc: Björn Esser <besser82@fedoraproject.org> Reviewed-by: "Jason A. Donenfeld" <Jason@zx2c4.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
This commit is contained in:
parent
39ecca84d4
commit
ac8b81c2b7
@ -114,12 +114,6 @@ static long read_random_bytes (void)
|
|||||||
{
|
{
|
||||||
long randval = 0;
|
long randval = 0;
|
||||||
|
|
||||||
#ifdef HAVE_ARC4RANDOM_BUF
|
|
||||||
/* arc4random_buf, if it exists, can never fail. */
|
|
||||||
arc4random_buf (&randval, sizeof (randval));
|
|
||||||
goto end;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef HAVE_GETENTROPY
|
#ifdef HAVE_GETENTROPY
|
||||||
/* getentropy may exist but lack kernel support. */
|
/* getentropy may exist but lack kernel support. */
|
||||||
if (getentropy (&randval, sizeof (randval)) == 0) {
|
if (getentropy (&randval, sizeof (randval)) == 0) {
|
||||||
@ -134,6 +128,12 @@ static long read_random_bytes (void)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef HAVE_ARC4RANDOM_BUF
|
||||||
|
/* arc4random_buf, if it exists, can never fail. */
|
||||||
|
arc4random_buf (&randval, sizeof (randval));
|
||||||
|
goto end;
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Use /dev/urandom as a last resort. */
|
/* Use /dev/urandom as a last resort. */
|
||||||
FILE *f = fopen ("/dev/urandom", "r");
|
FILE *f = fopen ("/dev/urandom", "r");
|
||||||
if (NULL == f) {
|
if (NULL == f) {
|
||||||
|
Loading…
x
Reference in New Issue
Block a user