ac8b81c2b7
arc4random(3) without kernel support is unsafe, as it can't know when to drop the buffer. Since we depend on libbsd since recently, we have arc4random(3) functions always available, and thus, this code would have always called arc4random_buf(3bsd), which is unsafe. Put it after some better alternatives, at least until in a decade or so all systems have a recent enough glibc. glibc implements arc4random(3) safely, since it's just a wrapper around getrandom(2). Link: <https://inbox.sourceware.org/libc-alpha/20220722122137.3270666-1-adhemerval.zanella@linaro.org/> Link: <https://inbox.sourceware.org/libc-alpha/5c29df04-6283-9eee-6648-215b52cfa26b@cs.ucla.edu/T/> Cc: Cristian Rodríguez <crrodriguez@opensuse.org> Cc: Adhemerval Zanella <adhemerval.zanella@linaro.org> Cc: Guillem Jover <guillem@hadrons.org> Cc: Björn Esser <besser82@fedoraproject.org> Reviewed-by: "Jason A. Donenfeld" <Jason@zx2c4.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
14 KiB
14 KiB