Are the fallbacks for `bolt_get_random_data()` safe?
We did a security review of the bolt version 0.6 code base for inclusion in the openSUSE distribution. One thing we noticed is the way bolt_get_random_data()
is implemented:
-
getrandom()
is called withGRND_NONBLOCK
, this means if the entropy pool has not yet been initialized it will fail. Subsequently the fallback to reading directly from /dev/urandom is used, possibly reading bad random data from there. - If also reading from /dev/urandom fails for some reason, pseudo random data is generated.
Is there a specific reason for these approaches? Wouldn't it be better to safely fail in those cases than to rely on possibly bad random data?
Thank you!