randombytes icon indicating copy to clipboard operation
randombytes copied to clipboard

Published 20 hours ago verified publisher icon dsprenkels

Avoid getrandom or syscall(SYS_getrandom) in Android __ANDROID_API__ < 28

Open raidenluikang opened this issue 1 year ago • 4 comments

Android Os older than Android 9.0 (API_LEVEL = 28) broken syscall(SYS_getrandom).

Please, avoid it when building with NDK. Add something like

....
#elif defined(__linux__) || defined(__GNU__) || defined(GNU_KFREEBSD)

//---------- ADD THESE CODE --------------
#if defined(SYS_getrandom) && ((!defined(__ANDROID__) || __ANDROID_API__ >= 28)
       // use getrandom
       return randombytes_linux_randombytes_getrandom(buf, n);
#else 
    // use  /dev/urandom 
     return randombytes_linux_randombytes_urandom(buf, n);
 #endif
 //---------------------------------------
 #elif defined(BSD) ....

raidenluikang avatar Jul 07 '23 16:07 raidenluikang

For details see https://github.com/briansmith/ring/issues/852

raidenluikang avatar Jul 07 '23 20:07 raidenluikang

I feel like in this case, because of the inability to determine which version of linux the Android system will run on, should we (like ring) always fall back to /dev/urandom/ if getrandom fails? Cc @thomwiggers

dsprenkels avatar Nov 09 '23 22:11 dsprenkels

Android versions < SDK API level 30 are no longer allowed for submission to the Google Play store, so this seems like an update that would not help very many people.

thomwiggers avatar Nov 10 '23 08:11 thomwiggers

Relatedly, it seems that all supported Linux kernels have getrandom; of course, there might be some redhat box kicking around though.

thomwiggers avatar Nov 10 '23 08:11 thomwiggers