Replaces fortuna seeding mechanism for libtomcrypt with rng_get_bytes()

sjlombardo · sjlombardo · commit 7dbc295e6852 · 2025-08-21T21:51:36.000-04:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,7 @@ Notable changes to this project are documented in this file.
 ## [4.11.0] - (? 2025 - [4.11.0 changes])
 - Converts log output to UTF-16 when writing to stdout or stderr on Windows
 - Fixes scope issues to allow --disable-amalgamation to work properly
+- Replaces fortuna seeding mechanism for libtomcrypt with rng_get_bytes()
 - Removes CocoaPods support (SQLCipher.podspec.json)
 
 ## [4.10.0] - (August 2025 - [4.10.0 changes])
diff --git a/src/crypto_libtomcrypt.c b/src/crypto_libtomcrypt.c
@@ -73,6 +73,7 @@ static int sqlcipher_ltc_add_random(void *ctx, const void *buffer, int length) {
 
 static int sqlcipher_ltc_activate(void *ctx) {
   unsigned char random_buffer[FORTUNA_MAX_SZ];
+  int bytes = 0;
 
   sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MUTEX, "sqlcipher_ltc_activate: entering SQLCIPHER_MUTEX_PROVIDER_ACTIVATE");
   sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
@@ -94,8 +95,9 @@ static int sqlcipher_ltc_activate(void *ctx) {
   ltc_ref_count++;
 
 #ifndef SQLCIPHER_TEST
-  sqlite3_randomness(FORTUNA_MAX_SZ, random_buffer);
+  bytes = rng_get_bytes(random_buffer, FORTUNA_MAX_SZ, NULL);
 #endif
+  sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_PROVIDER, "sqlcipher_ltc_activate: seeded fortuna with %d bytes from rng_get_bytes", bytes);
 
   if(sqlcipher_ltc_add_random(ctx, random_buffer, FORTUNA_MAX_SZ) != SQLITE_OK) {
     return SQLITE_ERROR;
