On Sat, Nov 02, 2024 at 05:32:59PM +0100, Heinrich Schuchardt wrote: > The PRNG implementing the random() function only has 2^31 states and > therefore is unsafe to use for cryptography. Use arc4random() instead. > > Fixes: cc34f04efd63 ("tools: image-host.c: use random instead of rand") > Addresses-Coverity-ID: 312953 Calling risky function > Signed-off-by: Heinrich Schuchardt <heinrich.schucha...@canonical.com> > --- > tools/image-host.c | 35 +++-------------------------------- > 1 file changed, 3 insertions(+), 32 deletions(-)
Now I get: /home/uboot/u-boot/u-boot/tools/image-host.c: In function 'fit_image_setup_cipher': /home/uboot/u-boot/u-boot/tools/image-host.c:439:17: warning: implicit declaration of function 'arc4random_buf' [-Wimplicit-function-declaration] 439 | arc4random_buf((void *)info->iv, info->cipher->iv_len); | ^~~~~~~~~~~~~~ /usr/bin/ld: tools/image-host.o: in function `fit_image_cipher_data': image-host.c:(.text+0xb41): undefined reference to `arc4random_buf' collect2: error: ld returned 1 exit status make[3]: *** [scripts/Makefile.host:104: tools/dumpimage] Error 1 in the docker container. I gather this means arc4random_buf is not as widely available as assumed. -- Tom
signature.asc
Description: PGP signature