[PATCH 1/1] tools: use cryptographically safe RNG
Tom Rini
trini at konsulko.com
Thu Nov 14 18:26:54 CET 2024
On Sat, Nov 02, 2024 at 05:32:59PM +0100, Heinrich Schuchardt wrote:
> The PRNG implementing the random() function only has 2^31 states and
> therefore is unsafe to use for cryptography. Use arc4random() instead.
>
> Fixes: cc34f04efd63 ("tools: image-host.c: use random instead of rand")
> Addresses-Coverity-ID: 312953 Calling risky function
> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
> ---
> tools/image-host.c | 35 +++--------------------------------
> 1 file changed, 3 insertions(+), 32 deletions(-)
Now I get:
/home/uboot/u-boot/u-boot/tools/image-host.c: In function 'fit_image_setup_cipher':
/home/uboot/u-boot/u-boot/tools/image-host.c:439:17: warning: implicit declaration of function 'arc4random_buf' [-Wimplicit-function-declaration]
439 | arc4random_buf((void *)info->iv, info->cipher->iv_len);
| ^~~~~~~~~~~~~~
/usr/bin/ld: tools/image-host.o: in function `fit_image_cipher_data':
image-host.c:(.text+0xb41): undefined reference to `arc4random_buf'
collect2: error: ld returned 1 exit status
make[3]: *** [scripts/Makefile.host:104: tools/dumpimage] Error 1
in the docker container. I gather this means arc4random_buf is not as
widely available as assumed.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20241114/abe0b024/attachment.sig>
More information about the U-Boot
mailing list