On Sat, Nov 02, 2024 at 05:32:59PM +0100, Heinrich Schuchardt wrote:

> The PRNG implementing the random() function only has 2^31 states and
> therefore is unsafe to use for cryptography. Use arc4random() instead.
> 
> Fixes: cc34f04efd63 ("tools: image-host.c: use random instead of rand")
> Addresses-Coverity-ID: 312953 Calling risky function
> Signed-off-by: Heinrich Schuchardt <heinrich.schucha...@canonical.com>
> ---
>  tools/image-host.c | 35 +++--------------------------------
>  1 file changed, 3 insertions(+), 32 deletions(-)

Now I get:
/home/uboot/u-boot/u-boot/tools/image-host.c: In function 
'fit_image_setup_cipher':
/home/uboot/u-boot/u-boot/tools/image-host.c:439:17: warning: implicit 
declaration of function 'arc4random_buf' [-Wimplicit-function-declaration]
  439 |                 arc4random_buf((void *)info->iv, info->cipher->iv_len);
      |                 ^~~~~~~~~~~~~~
/usr/bin/ld: tools/image-host.o: in function `fit_image_cipher_data':
image-host.c:(.text+0xb41): undefined reference to `arc4random_buf'
collect2: error: ld returned 1 exit status
make[3]: *** [scripts/Makefile.host:104: tools/dumpimage] Error 1

in the docker container. I gather this means arc4random_buf is not as
widely available as assumed.

-- 
Tom

Attachment: signature.asc
Description: PGP signature

Reply via email to