This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Why is getentropy marked with warn_unused_result?
- From: Florian Weimer <fw at deneb dot enyo dot de>
- To: Paul Pluzhnikov <ppluzhnikov at google dot com>
- Cc: Florian Bruhin <me at the-compiler dot org>, GLIBC Devel <libc-alpha at sourceware dot org>
- Date: Sun, 23 Jul 2017 11:41:04 +0200
- Subject: Re: Why is getentropy marked with warn_unused_result?
- Authentication-results: sourceware.org; auth=none
- References: <20170722211442.wmqbkjsw4t6rd4i3@hooch.localdomain> <CALoOobMps6BSAOfBdu1cxN9+MD-YsNPfzp1SZJ8oUJYt11t4uQ@mail.gmail.com>
* Paul Pluzhnikov:
> On Sat, Jul 22, 2017 at 2:14 PM, Florian Bruhin <me@the-compiler.org> wrote:
>
>> Why is that, since it shouldn't fail under normal circumstances (at
>> least that's what Qt's sources claim)?
>
> If you didn't check the return value, how would you ever know whether
> you got entropy or not?
>
> The fact that something doesn't fail under normal conditions doesn't
> absolve you from the need to check for abnormal conditions, especially
> when dealing with random data that is likely to be used for crypto.
I did not see the start of the thread. Was it posted to the
libc-alpha list? Do you have a pointer to the Qt sources in question?
In practice, a getentropy implementation which does not fail if called
properly requires emulation using /dev/urandom if the system call is
not available in the kernel, but the glibc community rejected that
approach.