[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #17981 [Tor]: [PATCH] replace getentropy() with arc4random_buf()



#17981: [PATCH] replace getentropy() with arc4random_buf()
------------------------+-----------------
     Reporter:  logan   |      Owner:
         Type:  defect  |     Status:  new
     Priority:  Medium  |  Milestone:
    Component:  Tor     |    Version:
     Severity:  Normal  |   Keywords:
Actual Points:          |  Parent ID:
       Points:          |    Sponsor:
------------------------+-----------------
 This patch will probably raise a few eyebrows.

 Mark Kettenis (senior openbsd dev) sent a mail to another developer
 concerning getentropy():

 Noticed the following commit:

 > CVSROOT:        /cvs
 > Module name:    ports
 > Changes by:     robert@xxxxxxxxxxxxxxx  2016/01/02 06:57:12
 >
 > Modified files:
 >         mail/zarafa/zarafa: Makefile
 >         mail/zarafa/zarafa/patches: patch-common_platform_linux_cpp
 >                                     patch-configure_ac
 >
 > Log message:
 > use getentropy(2) instead of directly opening /dev/urandom;
 > this unbreaks zarafa-webapp running with chroot'd php

 This really looks like a case where you should be calling
 arc4random_buf(3) instead of getentropy(2).  In fact calling
 getentropy(2) is almost always the wrong approach.


 OpenBSD subsequently amended the man page for getentropy() to clarify
 this:

 http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-
 current/man2/getentropy.2?query=getentropy&sec=2

 getentropy() is not intended for regular code; please use the
 arc4random(3) family of functions instead.

 Attached is a patch that replaces getentropy() with arc4random_buf().
 Feedback welcomed.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17981>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs