Are the fallbacks for `bolt_get_random_data()` safe?
We did a security review of the bolt version 0.6 code base for inclusion in the openSUSE distribution. One thing we noticed is the way
bolt_get_random_data() is implemented:
getrandom()is called with
GRND_NONBLOCK, this means if the entropy pool has not yet been initialized it will fail. Subsequently the fallback to reading directly from /dev/urandom is used, possibly reading bad random data from there.
- If also reading from /dev/urandom fails for some reason, pseudo random data is generated.
Is there a specific reason for these approaches? Wouldn't it be better to safely fail in those cases than to rely on possibly bad random data?