[PATCH 1/1] tools: use cryptographically safe RNG
Mark Kettenis
mark.kettenis at xs4all.nl
Fri Nov 15 23:48:45 CET 2024
> From: Rasmus Villemoes <ravi at prevas.dk>
> Date: Fri, 15 Nov 2024 20:21:41 +0100
>
> On Fri, Nov 15 2024, Mark Kettenis <mark.kettenis at xs4all.nl> wrote:
>
> >>
> >> Or use getrandom(), which according to the man page has been exposed via
> >> glibc since glibc 2.25. Or just read from /dev/urandom which should work
> >> everywhere.
> >
> > $ man getrandom
> > man: No entry for getrandom in the manual.
>
> I assume this is intended to inform me that getrandom() doesn't exist on
> *BSD?
Right. We have getentropy(3) though and that made it into the recent
POSIX update.
> As I said, reading from /dev/urandom is probably better as that also
> works on BSDs automatically. If somebody tries to do crypto stuff in an
> environment where they've removed such a basic device node, they get to
> keep both pieces (i.e. the code should just fail)
Should work on OpenBSD, but it is still unportable.
More information about the U-Boot
mailing list