Submitted By: Robert Connolly (ashes) Date: 2009-06-01 Initial Package Version: 2.10.1 Upstream Status: Rejected http://sources.redhat.com/bugzilla/show_bug.cgi?id=4417 Origin: http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/arc4random.c Revision 1.9 http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/arc4random.3 Revision 1.7 Description: This patch adds arc4random(3) to the Glibc library. Minimal changes were performed to arc4random.c to use internal Glibc functions, to remove compiler warnings, and to add test code at the bottom of arc4random.c. After 'make install' you will probably want to install the manual page 'manual/arc4random.3' to '/usr/share/man/man3/'. diff -Naur glibc-2.10.1.orig/manual/arc4random.3 glibc-2.10.1/manual/arc4random.3 --- glibc-2.10.1.orig/manual/arc4random.3 1970-01-01 00:00:00.000000000 +0000 +++ glibc-2.10.1/manual/arc4random.3 2005-12-26 19:40:14.000000000 +0000 @@ -0,0 +1,113 @@ +.\" $NetBSD: arc4random.3,v 1.7 2005/12/26 19:40:14 perry Exp $ +.\" $OpenBSD: arc4random.3,v 1.17 2000/12/21 14:07:41 aaron Exp $ +.\" +.\" Copyright 1997 Niels Provos +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by Niels Provos. +.\" 4. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" Manual page, using -mandoc macros +.\" +.Dd April 15, 1997 +.Dt ARC4RANDOM 3 +.Os +.Sh NAME +.Nm arc4random , +.Nm arc4random_stir , +.Nm arc4random_addrandom +.Nd arc4 random number generator +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In stdlib.h +.Ft uint32_t +.Fn arc4random "void" +.Ft void +.Fn arc4random_stir "void" +.Ft void +.Fn arc4random_addrandom "u_char *dat" "int datlen" +.Sh DESCRIPTION +The +.Fn arc4random +function provides a high quality 32-bit pseudo-random +number very quickly. +.Fn arc4random +seeds itself on a regular basis from the kernel strong random number +subsystem described in +.Xr rnd 4 . +On each call, an ARC4 generator is used to generate a new result. +The +.Fn arc4random +function uses the ARC4 cipher key stream generator, +which uses 8*8 8 bit S-Boxes. +The S-Boxes can be in about (2**1700) states. +.Pp +.Fn arc4random +fits into a middle ground not covered by other subsystems such as +the strong, slow, and resource expensive random +devices described in +.Xr rnd 4 +versus the fast but poor quality interfaces described in +.Xr rand 3 , +.Xr random 3 , +and +.Xr drand48 3 . +.Pp +The +.Fn arc4random_stir +function reads data from +.Pa /dev/urandom +and uses it to permute the S-Boxes via +.Fn arc4random_addrandom . +.Pp +There is no need to call +.Fn arc4random_stir +before using +.Fn arc4random , +since +.Fn arc4random +automatically initializes itself. +.Sh SEE ALSO +.Xr rand 3 , +.Xr rand48 3 , +.Xr random 3 +.Sh HISTORY +An algorithm called +.Pa RC4 +was designed by RSA Data Security, Inc. +It was considered a trade secret, but not trademarked. +Because it was a trade secret, it obviously could not be patented. +A clone of this was posted anonymously to USENET and confirmed to +be equivalent by several sources who had access to the original cipher. +Because of the trade secret situation, RSA Data Security, Inc. can do +nothing about the release of the ARC4 algorithm. +Since +.Pa RC4 +used to be a trade secret, the cipher is now referred to as +.Pa ARC4 . +.Pp +These functions first appeared in +.Ox 2.1 . diff -Naur glibc-2.10.1.orig/scripts/data/localplt-i386-linux-gnu.data glibc-2.10.1/scripts/data/localplt-i386-linux-gnu.data --- glibc-2.10.1.orig/scripts/data/localplt-i386-linux-gnu.data 2006-01-11 21:06:19.000000000 +0000 +++ glibc-2.10.1/scripts/data/localplt-i386-linux-gnu.data 2009-06-01 21:14:51.757750211 +0000 @@ -1,7 +1,11 @@ libc.so: _Unwind_Find_FDE +libc.so: arc4random +libc.so: arc4random_stir libc.so: calloc libc.so: free libc.so: malloc libc.so: memalign +libc.so: open +libc.so: puts libc.so: realloc libm.so: matherr diff -Naur glibc-2.10.1.orig/stdlib/Makefile glibc-2.10.1/stdlib/Makefile --- glibc-2.10.1.orig/stdlib/Makefile 2009-03-08 19:46:06.000000000 +0000 +++ glibc-2.10.1/stdlib/Makefile 2009-06-01 21:15:21.580155361 +0000 @@ -30,7 +30,7 @@ routines := \ atof atoi atol atoll \ - abort \ + abort arc4random \ bsearch qsort msort \ getenv putenv setenv secure-getenv \ exit on_exit atexit cxa_atexit cxa_finalize old_atexit \ diff -Naur glibc-2.10.1.orig/stdlib/Versions glibc-2.10.1/stdlib/Versions --- glibc-2.10.1.orig/stdlib/Versions 2009-03-08 19:46:19.000000000 +0000 +++ glibc-2.10.1/stdlib/Versions 2009-06-01 21:16:16.276079408 +0000 @@ -11,6 +11,7 @@ # a* a64l; abort; abs; atexit; atof; atoi; atol; atoll; + arc4random_stir; arc4random_addrandom; arc4random; # b* bsearch; diff -Naur glibc-2.10.1.orig/stdlib/arc4random.c glibc-2.10.1/stdlib/arc4random.c --- glibc-2.10.1.orig/stdlib/arc4random.c 1970-01-01 00:00:00.000000000 +0000 +++ glibc-2.10.1/stdlib/arc4random.c 2009-06-01 22:29:50.556434725 +0000 @@ -0,0 +1,249 @@ +/* $NetBSD: arc4random.c,v 1.9 2005/12/24 21:11:16 perry Exp $ */ +/* $OpenBSD: arc4random.c,v 1.6 2001/06/05 05:05:38 pvalchev Exp $ */ + +/* Modified by Robert Connolly for Glibc. June 1, 2009. + All changes have comments. */ + +/* + * Arc4 random number generator for OpenBSD. + * Copyright 1996 David Mazieres . + * + * Modification and redistribution in source and binary forms is + * permitted provided that due credit is given to the author and the + * OpenBSD project by leaving this copyright notice intact. + */ + +/* + * This code is derived from section 17.1 of Applied Cryptography, + * second edition, which describes a stream cipher allegedly + * compatible with RSA Labs "RC4" cipher (the actual description of + * which is a trade secret). The same algorithm is used as a stream + * cipher called "arcfour" in Tatu Ylonen's ssh package. + * + * Here the stream cipher has been modified always to include the time + * when initializing the state. That makes it impossible to + * regenerate the same random sequence twice, so this can't be used + * for encryption, but will generate good random numbers. + * + * RC4 is a registered trademark of RSA Laboratories. + */ + +/* #include */ /* Not needed for Glibc. */ +#if defined(LIBC_SCCS) && !defined(lint) +__RCSID("$NetBSD: arc4random.c,v 1.9 2005/12/24 21:11:16 perry Exp $"); +#endif /* LIBC_SCCS and not lint */ + +/* #include "namespace.h" */ /* Not needed for Glibc. */ +#include +#include +#include +#include +/* #include */ /* Not needed for Glibc. */ +#include +/* #include */ /* Not needed for Glibc. */ + +#ifdef __GNUC__ /* Added for Glibc. */ + #define inline __inline + #if defined(_LIBC) + #define getpid __getpid + #define gettimeofday __gettimeofday + #define open __open + #define read __read + #define close __close + #endif +#else + #define inline +#endif + +#ifdef __weak_alias +__weak_alias(arc4random,_arc4random) +#endif + +struct arc4_stream { + u_int8_t i; + u_int8_t j; + u_int8_t s[256]; +}; + +static int rs_initialized; +static struct arc4_stream rs; + +static inline void arc4_init(struct arc4_stream *); +static inline void arc4_addrandom(struct arc4_stream *, u_char *, int); +static void arc4_stir(struct arc4_stream *); +static inline u_int8_t arc4_getbyte(struct arc4_stream *); +static inline u_int32_t arc4_getword(struct arc4_stream *); + +static inline void +arc4_init(as) + struct arc4_stream *as; +{ + int n; + + for (n = 0; n < 256; n++) + as->s[n] = n; + as->i = 0; + as->j = 0; +} + +static inline void +arc4_addrandom(as, dat, datlen) + struct arc4_stream *as; + u_char *dat; + int datlen; +{ + int n; + u_int8_t si; + + as->i--; + for (n = 0; n < 256; n++) { + as->i = (as->i + 1); + si = as->s[as->i]; + as->j = (as->j + si + dat[n % datlen]); + as->s[as->i] = as->s[as->j]; + as->s[as->j] = si; + } + as->j = as->i; +} + +static void +arc4_stir(as) + struct arc4_stream *as; +{ + int fd; + struct { + struct timeval tv; + u_int rnd[(128 - sizeof(struct timeval)) / sizeof(u_int)]; + } rdat; + int n; + + gettimeofday(&rdat.tv, NULL); + fd = open("/dev/urandom", O_RDONLY); + if (fd != -1) { + /* Glibc's _FORTIFY_SOURCE make me wrap read() with an if. */ + if (read(fd, rdat.rnd, sizeof(rdat.rnd)) != -1) + close(fd); + } +#ifdef KERN_URND + else { + int mib[2]; + u_int i; + size_t len; + + /* Device could not be opened, we might be chrooted, take + * randomness from sysctl. */ + + mib[0] = CTL_KERN; + mib[1] = KERN_URND; + + for (i = 0; i < sizeof(rdat.rnd) / sizeof(u_int); i++) { + len = sizeof(u_int); + if (sysctl(mib, 2, &rdat.rnd[i], &len, NULL, 0) == -1) + break; + } + } +#endif + /* fd < 0 or failed sysctl ? Ah, what the heck. We'll just take + * whatever was on the stack... */ + + arc4_addrandom(as, (void *) &rdat, sizeof(rdat)); + + /* + * Throw away the first N words of output, as suggested in the + * paper "Weaknesses in the Key Scheduling Algorithm of RC4" + * by Fluher, Mantin, and Shamir. (N = 256 in our case.) + */ + for (n = 0; n < 256 * 4; n++) + arc4_getbyte(as); +} + +static inline u_int8_t +arc4_getbyte(as) + struct arc4_stream *as; +{ + u_int8_t si, sj; + + as->i = (as->i + 1); + si = as->s[as->i]; + as->j = (as->j + si); + sj = as->s[as->j]; + as->s[as->i] = sj; + as->s[as->j] = si; + return (as->s[(si + sj) & 0xff]); +} + +static inline u_int32_t +arc4_getword(as) + struct arc4_stream *as; +{ + u_int32_t val; + val = arc4_getbyte(as) << 24; + val |= arc4_getbyte(as) << 16; + val |= arc4_getbyte(as) << 8; + val |= arc4_getbyte(as); + return val; +} + +void +arc4random_stir() +{ + if (!rs_initialized) { + arc4_init(&rs); + rs_initialized = 1; + } + arc4_stir(&rs); +} + +void +arc4random_addrandom(dat, datlen) + u_char *dat; + int datlen; +{ + if (!rs_initialized) + arc4random_stir(); + arc4_addrandom(&rs, dat, datlen); +} + +u_int32_t +arc4random() +{ + if (!rs_initialized) + arc4random_stir(); + return arc4_getword(&rs); +} + +#if 0 +/*-------- Test code for i386 --------*/ +#include +#include +int +main(int argc, char **argv) +{ + const int iter = 1000000; + int i; + pctrval v; + + v = rdtsc(); + for (i = 0; i < iter; i++) + arc4random(); + v = rdtsc() - v; + v /= iter; + + printf("%qd cycles\n", v); +} +#endif +#if defined(TEST) /* This test if for Glibc. */ +#include + +u_int32_t arc4random(void); +void arc4random_stir(void); +void arc4random_addrandom(unsigned char *, int); + +int main(void) +{ + int random_number; + random_number = arc4random() % 65536; + printf("%d\n", random_number); + return 0; +} +#endif diff -Naur glibc-2.10.1.orig/stdlib/stdlib.h glibc-2.10.1/stdlib/stdlib.h --- glibc-2.10.1.orig/stdlib/stdlib.h 2009-03-08 19:52:44.000000000 +0000 +++ glibc-2.10.1/stdlib/stdlib.h 2009-06-01 21:22:28.552627663 +0000 @@ -459,6 +459,11 @@ extern int lcong48_r (unsigned short int __param[7], struct drand48_data *__buffer) __THROW __nonnull ((1, 2)); + +/* Arcfour random number generator. */ +extern u_int32_t arc4random(void); +extern void arc4random_stir(void); +extern void arc4random_addrandom(unsigned char *, int); # endif /* Use misc. */ #endif /* Use SVID or X/Open. */