Why is getentropy marked with warn_unused_result?

Florian Bruhin me@the-compiler.org
Sun Jul 23 10:17:00 GMT 2017 

On Sun, Jul 23, 2017 at 11:41:04AM +0200, Florian Weimer wrote:
> * Paul Pluzhnikov:
> 
> > On Sat, Jul 22, 2017 at 2:14 PM, Florian Bruhin <me@the-compiler.org> wrote:
> >
> >> Why is that, since it shouldn't fail under normal circumstances (at
> >> least that's what Qt's sources claim)?
> >
> > If you didn't check the return value, how would you ever know whether
> > you got entropy or not?
> >
> > The fact that something doesn't fail under normal conditions doesn't
> > absolve you from the need to check for abnormal conditions, especially
> > when dealing with random data that is likely to be used for crypto.
> 
> I did not see the start of the thread.  Was it posted to the
> libc-alpha list?  Do you have a pointer to the Qt sources in question?

I posted to libc-help, not sure if it was intended that the answer got
to libc-alpha - I re-added libc-help now.

Here is my original message:
https://sourceware.org/ml/libc-help/2017-07/msg00020.html

And here are the current sources:
https://github.com/qt/qtbase/blob/9ca3443a37284bedaf74475c26af173b00757178/src/corelib/global/qrandom.cpp#L123-L134

> In practice, a getentropy implementation which does not fail if called
> properly requires emulation using /dev/urandom if the system call is
> not available in the kernel, but the glibc community rejected that
> approach.

FWIW looks like Qt is adding an assertion now:
https://codereview.qt-project.org/#/c/200161/

But Thiago Macieira says there:

    We don't accept ENOSYS. If you're using a glibc new enough to have
    the getentropy() function (2.25), then your kernel should be new
    enough (> 3.17). This is also recorded in the ELF note section
    indicating that we need kernel 3.17.
    
    $ file lib/libQt5Core.t.so.5.10.0 
    lib/libQt5Core.t.so.5.10.0: ELF 64-bit LSB shared object, x86-64,
    version 1 (SYSV), dynamically linked, interpreter
    /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.17.0,
    BuildID[sha1]=2cf147fe0b09697860b702f833acde6c0f7e039d, with
    debug_info, not stripped

Florian

-- 
https://www.qutebrowser.org  | me@the-compiler.org (Mail/XMPP)
   GPG: 916E B0C8 FD55 A072  | https://the-compiler.org/pubkey.asc
         I love long mails!  | https://email.is-not-s.ms/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://sourceware.org/pipermail/libc-help/attachments/20170723/007a5a3b/attachment.sig>

More information about the Libc-help mailing list