Avoid getrandom or syscall(SYS_getrandom) in Android __ANDROID_API__ < 28

dsprenkels / randombytes

A portable C library for generating cypto-secure random bytes

MIT License

96 stars 37 forks source link

Avoid getrandom or syscall(SYS_getrandom) in Android __ANDROID_API__ < 28 #46

Open raidenluikang opened 1 year ago

raidenluikang commented 1 year ago

Android Os older than Android 9.0 (API_LEVEL = 28) broken syscall(SYS_getrandom).

Please, avoid it when building with NDK. Add something like

....
#elif defined(__linux__) || defined(__GNU__) || defined(GNU_KFREEBSD)

//---------- ADD THESE CODE --------------
#if defined(SYS_getrandom) && ((!defined(__ANDROID__) || __ANDROID_API__ >= 28)
       // use getrandom
       return randombytes_linux_randombytes_getrandom(buf, n);
#else 
    // use  /dev/urandom 
     return randombytes_linux_randombytes_urandom(buf, n);
 #endif
 //---------------------------------------
 #elif defined(BSD) ....

raidenluikang commented 1 year ago

For details see https://github.com/briansmith/ring/issues/852

dsprenkels commented 10 months ago

I feel like in this case, because of the inability to determine which version of linux the Android system will run on, should we (like ring) always fall back to /dev/urandom/ if getrandom fails? Cc @thomwiggers

thomwiggers commented 10 months ago

Android versions < SDK API level 30 are no longer allowed for submission to the Google Play store, so this seems like an update that would not help very many people.

thomwiggers commented 10 months ago

Relatedly, it seems that all supported Linux kernels have getrandom; of course, there might be some redhat box kicking around though.