[PATCH 1/1] tools: use cryptographically safe RNG
Heinrich Schuchardt
heinrich.schuchardt at canonical.com
Thu Nov 14 18:35:44 CET 2024
Tom Rini <trini at konsulko.com> schrieb am Do., 14. Nov. 2024, 18:27:
> On Sat, Nov 02, 2024 at 05:32:59PM +0100, Heinrich Schuchardt wrote:
>
> > The PRNG implementing the random() function only has 2^31 states and
> > therefore is unsafe to use for cryptography. Use arc4random() instead.
> >
> > Fixes: cc34f04efd63 ("tools: image-host.c: use random instead of rand")
> > Addresses-Coverity-ID: 312953 Calling risky function
> > Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
> > ---
> > tools/image-host.c | 35 +++--------------------------------
> > 1 file changed, 3 insertions(+), 32 deletions(-)
>
> Now I get:
> /home/uboot/u-boot/u-boot/tools/image-host.c: In function
> 'fit_image_setup_cipher':
> /home/uboot/u-boot/u-boot/tools/image-host.c:439:17: warning: implicit
> declaration of function 'arc4random_buf' [-Wimplicit-function-declaration]
> 439 | arc4random_buf((void *)info->iv,
> info->cipher->iv_len);
> | ^~~~~~~~~~~~~~
> /usr/bin/ld: tools/image-host.o: in function `fit_image_cipher_data':
> image-host.c:(.text+0xb41): undefined reference to `arc4random_buf'
> collect2: error: ld returned 1 exit status
> make[3]: *** [scripts/Makefile.host:104: tools/dumpimage] Error 1
>
> in the docker container. I gather this means arc4random_buf is not as
> widely available as assumed.
>
glibc 2.36 is required published 2022-08. Ubuntu Jammy is 22.04.
Besr regards
Heinrich
> --
> Tom
>
More information about the U-Boot
mailing list