On Sat, Nov 02, 2024 at 05:32:59PM +0100, Heinrich Schuchardt wrote:
> The PRNG implementing the random() function only has 2^31 states and
> therefore is unsafe to use for cryptography. Use arc4random() instead.
>
> Fixes: cc34f04efd63 ("tools: image-host.c: use random instead of rand")
> Addresses-Coverity-ID: 312953 Calling risky function
> Signed-off-by: Heinrich Schuchardt <heinrich.schucha...@canonical.com>
> ---
> tools/image-host.c | 35 +++--------------------------------
> 1 file changed, 3 insertions(+), 32 deletions(-)
Now I get:
/home/uboot/u-boot/u-boot/tools/image-host.c: In function
'fit_image_setup_cipher':
/home/uboot/u-boot/u-boot/tools/image-host.c:439:17: warning: implicit
declaration of function 'arc4random_buf' [-Wimplicit-function-declaration]
439 | arc4random_buf((void *)info->iv, info->cipher->iv_len);
| ^~~~~~~~~~~~~~
/usr/bin/ld: tools/image-host.o: in function `fit_image_cipher_data':
image-host.c:(.text+0xb41): undefined reference to `arc4random_buf'
collect2: error: ld returned 1 exit status
make[3]: *** [scripts/Makefile.host:104: tools/dumpimage] Error 1
in the docker container. I gather this means arc4random_buf is not as
widely available as assumed.
--
Tom
signature.asc
Description: PGP signature
