Prefer getrandom(3)/getentropy(3) over arc4random(3bsd)

arc4random(3) without kernel support is unsafe, as it can't know when to drop the buffer. Since we depend on libbsd since recently, we have arc4random(3) functions always available, and thus, this code would have always called arc4random_buf(3bsd), which is unsafe. Put it after some better alternatives, at least until in a decade or so all systems have a recent enough glibc. glibc implements arc4random(3) safely, since it's just a wrapper around getrandom(2). Link: <https://inbox.sourceware.org/libc-alpha/20220722122137.3270666-1-adhemerval.zanella@linaro.org/> Link: <https://inbox.sourceware.org/libc-alpha/5c29df04-6283-9eee-6648-215b52cfa26b@cs.ucla.edu/T/> Cc: Cristian Rodríguez <crrodriguez@opensuse.org> Cc: Adhemerval Zanella <adhemerval.zanella@linaro.org> Cc: Guillem Jover <guillem@hadrons.org> Cc: Björn Esser <besser82@fedoraproject.org> Reviewed-by: "Jason A. Donenfeld" <Jason@zx2c4.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
2022-12-30 12:48:55 +01:00 · 2022-12-30 12:48:55 +01:00 · ac8b81c2b7
commit ac8b81c2b7
parent 39ecca84d4
1 changed files with 6 additions and 6 deletions
--- a/libmisc/salt.c
+++ b/libmisc/salt.c
@ -114,12 +114,6 @@ static long read_random_bytes (void)
 {
 	long randval = 0;

-#ifdef HAVE_ARC4RANDOM_BUF
-	/* arc4random_buf, if it exists, can never fail.  */
-	arc4random_buf (&randval, sizeof (randval));
-	goto end;
-#endif
-
 #ifdef HAVE_GETENTROPY
 	/* getentropy may exist but lack kernel support.  */
 	if (getentropy (&randval, sizeof (randval)) == 0) {
@ -134,6 +128,12 @@ static long read_random_bytes (void)
 	}
 #endif

+#ifdef HAVE_ARC4RANDOM_BUF
+	/* arc4random_buf, if it exists, can never fail.  */
+	arc4random_buf (&randval, sizeof (randval));
+	goto end;
+#endif
+
 	/* Use /dev/urandom as a last resort.  */
 	FILE *f = fopen ("/dev/urandom", "r");
 	if (NULL == f) {