diff options
| author | laanwj <126646+laanwj@users.noreply.github.com> | 2022-02-10 10:00:46 +0100 |
|---|---|---|
| committer | laanwj <126646+laanwj@users.noreply.github.com> | 2022-02-10 10:00:51 +0100 |
| commit | a7e80449c0811b361cdaea39b6bab78ca5fbf668 (patch) | |
| tree | 10c1c2e4e6b640fbc65c93090553f9bf532c860f /src | |
| parent | 243a9c39250dee95b6fe62ac5ae2f8e3eafecf1b (diff) | |
| parent | 0c49e52b22be1baa8d51670e4f3c437fd3c0baa7 (diff) | |
Merge bitcoin/bitcoin#24238: random: use arc4random on OpenBSD
0c49e52b22be1baa8d51670e4f3c437fd3c0baa7 build: remove unneeded getentropy detection (HAVE_GETENTROPY) (Sebastian Falbesoner)
5cd15ffdceace3a077d4719ef7c1704336d602e1 random: use arc4random on OpenBSD (Sebastian Falbesoner)
Pull request description:
Inspired by a discussion on obtaining randomness on various OSes in a secp256k1 PR (https://github.com/bitcoin-core/secp256k1/pull/748#discussion_r524605472, see also https://bitcoincore.reviews/libsecp256k1-748), I think it makes sense to follow best practices and use `arc4random_buf` rather than `getentropy` on OpenBSD in our random module.
The [getentropy(2) man page](https://man.openbsd.org/getentropy.2) states:
```
getentropy() is not intended for regular code; please use the
arc4random(3) family of functions instead.
```
The [arc4random(3) man page](https://man.openbsd.org/arc4random.3) states:
```
Use of these functions is encouraged for almost all random number
consumption because the other interfaces are deficient in either quality,
portability, standardization, or availability.
```
On the linked PR discussion worries about using RC4 internally has been expressed (see https://security.stackexchange.com/questions/85601/is-arc4random-secure-enough/172905#172905), but this would only affect users of OpenBSD <5.5, using a version that was released more than 8 years ago.
ACKs for top commit:
laanwj:
Tested ACK 0c49e52b22be1baa8d51670e4f3c437fd3c0baa7
Tree-SHA512: b5ed3d0718962c5a3839db9a28f93d08a0ac93094cc664f83bc4cf1cfad25049e6240b7b81fe06b71e6a3a0ca24a2c337eab088abec5470ad014e10c04fdb216
Diffstat (limited to 'src')
| -rw-r--r-- | src/random.cpp | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/src/random.cpp b/src/random.cpp index 5dae80fe31..b862510524 100644 --- a/src/random.cpp +++ b/src/random.cpp @@ -32,10 +32,8 @@ #include <sys/syscall.h> #include <linux/random.h> #endif -#if defined(HAVE_GETENTROPY) || (defined(HAVE_GETENTROPY_RAND) && defined(MAC_OSX)) -#include <unistd.h> -#endif #if defined(HAVE_GETENTROPY_RAND) && defined(MAC_OSX) +#include <unistd.h> #include <sys/random.h> #endif #ifdef HAVE_SYSCTL_ARND @@ -305,16 +303,14 @@ void GetOSRand(unsigned char *ent32) RandFailure(); } } -#elif defined(HAVE_GETENTROPY) && defined(__OpenBSD__) - /* On OpenBSD this can return up to 256 bytes of entropy, will return an - * error if more are requested. - * The call cannot return less than the requested number of bytes. - getentropy is explicitly limited to openbsd here, as a similar (but not - the same) function may exist on other platforms via glibc. +#elif defined(__OpenBSD__) + /* OpenBSD. From the arc4random(3) man page: + "Use of these functions is encouraged for almost all random number + consumption because the other interfaces are deficient in either + quality, portability, standardization, or availability." + The function call is always successful. */ - if (getentropy(ent32, NUM_OS_RANDOM_BYTES) != 0) { - RandFailure(); - } + arc4random_buf(ent32, NUM_OS_RANDOM_BYTES); // Silence a compiler warning about unused function. (void)GetDevURandom; #elif defined(HAVE_GETENTROPY_RAND) && defined(MAC_OSX) |