[tor-bugs] #17981 [Tor]: [PATCH] replace getentropy() with arc4random_buf()
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jan 3 05:03:23 UTC 2016
#17981: [PATCH] replace getentropy() with arc4random_buf()
------------------------+-----------------
Reporter: logan | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Tor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Sponsor:
------------------------+-----------------
This patch will probably raise a few eyebrows.
Mark Kettenis (senior openbsd dev) sent a mail to another developer
concerning getentropy():
Noticed the following commit:
> CVSROOT: /cvs
> Module name: ports
> Changes by: robert at cvs.openbsd.org 2016/01/02 06:57:12
>
> Modified files:
> mail/zarafa/zarafa: Makefile
> mail/zarafa/zarafa/patches: patch-common_platform_linux_cpp
> patch-configure_ac
>
> Log message:
> use getentropy(2) instead of directly opening /dev/urandom;
> this unbreaks zarafa-webapp running with chroot'd php
This really looks like a case where you should be calling
arc4random_buf(3) instead of getentropy(2). In fact calling
getentropy(2) is almost always the wrong approach.
OpenBSD subsequently amended the man page for getentropy() to clarify
this:
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-
current/man2/getentropy.2?query=getentropy&sec=2
getentropy() is not intended for regular code; please use the
arc4random(3) family of functions instead.
Attached is a patch that replaces getentropy() with arc4random_buf().
Feedback welcomed.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17981>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list