diff options
Diffstat (limited to 'libc/stdlib/arc4random.c')
| -rw-r--r-- | libc/stdlib/arc4random.c | 216 |
1 files changed, 0 insertions, 216 deletions
diff --git a/libc/stdlib/arc4random.c b/libc/stdlib/arc4random.c deleted file mode 100644 index 03b2234ae..000000000 --- a/libc/stdlib/arc4random.c +++ /dev/null @@ -1,216 +0,0 @@ -/* - * Copyright (c) 1996, David Mazieres <dm@uun.org> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * Arc4 random number generator for OpenBSD. - * - * This code is derived from section 17.1 of Applied Cryptography, - * second edition, which describes a stream cipher allegedly - * compatible with RSA Labs "RC4" cipher (the actual description of - * which is a trade secret). The same algorithm is used as a stream - * cipher called "arcfour" in Tatu Ylonen's ssh package. - * - * Here the stream cipher has been modified always to include entropy - * when initializing the state. That makes it impossible to - * regenerate the same random sequence twice, so this can't be used - * for encryption, but will generate good random numbers. - * - * RC4 is a registered trademark of RSA Laboratories. - */ - -/* $OpenBSD: arc4random.c,v 1.16 2007/02/12 19:58:47 otto Exp $ */ - -#include <features.h> - -#include <fcntl.h> -#include <stdlib.h> -#include <unistd.h> -#include <sys/types.h> -#include <sys/time.h> - -struct arc4_stream { - u_int8_t i; - u_int8_t j; - u_int8_t s[256]; -}; - -static smallint rs_initialized; -static struct arc4_stream rs; -static pid_t arc4_stir_pid; -static int arc4_count; - -static __inline__ void -arc4_init(struct arc4_stream *as) -{ - int n; - - for (n = 0; n < 256; n++) - as->s[n] = n; - as->i = 0; - as->j = 0; -} - -static __inline__ u_int8_t -arc4_getbyte(struct arc4_stream *as) -{ - u_int8_t si, sj; - - as->i = (as->i + 1); - si = as->s[as->i]; - as->j = (as->j + si); - sj = as->s[as->j]; - as->s[as->i] = sj; - as->s[as->j] = si; - return (as->s[(si + sj) & 0xff]); -} - -static __inline__ void -arc4_addrandom(struct arc4_stream *as, u_char *dat, int datlen) -{ - int n; - u_int8_t si; - - as->i--; - for (n = 0; n < 256; n++) { - as->i = (as->i + 1); - si = as->s[as->i]; - as->j = (as->j + si + dat[n % datlen]); - as->s[as->i] = as->s[as->j]; - as->s[as->j] = si; - } - as->j = as->i; -} - -static void -arc4_stir(struct arc4_stream *as) -{ - int n; - u_char rnd[128]; - struct timeval tv; - -#ifndef __ARC4RANDOM_USES_NODEV__ - int fd; - - fd = open("/dev/urandom", O_RDONLY); - if (fd != -1) { - read(fd, rnd, sizeof(rnd)); - close(fd); - } - /* Did the pseudo-random device fail? Use gettimeofday(). */ - else -#endif - if (gettimeofday(&tv, NULL) != (-1)) { - - /* Initialize the first element so it's hopefully not '0', - * to help out the next loop. Tossing in some prime numbers - * probably can't hurt. */ - rnd[0] = (tv.tv_sec % 10000) * 3 + tv.tv_usec * 7 + \ - (getpid() % 1000) * 13; - - for (n = 1; n < 127 ; n++) { - - /* Take advantage of the stack space. Only initialize - * elements equal to '0'. This will make the rnd[] - * array much less vulnerable to timing attacks. Here - * we'll stir getpid() into the value of the previous - * element. Approximately 1 in 128 elements will still - * become '0'. */ - - if (rnd[n] == 0) { - rnd[n] = ((rnd[n - 1] + n) ^ \ - ((getpid() % 1000) * 17)); - } - } - } - else { - /* gettimeofday() failed? Do the same thing as above, but only - * with getpid(). */ - - rnd[0] = (getpid() % 1000) * 19; - for (n = 1; n < 127 ; n++) { - if (rnd[n] == 0) { - rnd[n] = ((rnd[n - 1] + n) ^ \ - ((getpid() % 1000) * 23)); - } - } - } - - arc4_stir_pid = getpid(); - arc4_addrandom(as, rnd, sizeof(rnd)); - - /* - * Discard early keystream, as per recommendations. - * Network Operations Division Cryptographic requirements - * published on wikileaks on march 2017 - */ - for (n = 0; n < 3072; n++) - (void)arc4_getbyte(as); - arc4_count = 1600000; -} - -#if 0 -static void __arc4random_stir(void); -/* - * __arc4_getbyte() is a libc private function intended for use - * with malloc. - */ -u_int8_t -__arc4_getbyte(void) -{ - if (--arc4_count == 0 || !rs_initialized) - __arc4random_stir(); - return arc4_getbyte(&rs); -} -#endif - -static __inline__ u_int32_t -arc4_getword(struct arc4_stream *as) -{ - u_int32_t val; - val = arc4_getbyte(as) << 24; - val |= arc4_getbyte(as) << 16; - val |= arc4_getbyte(as) << 8; - val |= arc4_getbyte(as); - return val; -} - -static void -__arc4random_stir(void) -{ - if (!rs_initialized) { - arc4_init(&rs); - rs_initialized = 1; - } - arc4_stir(&rs); -} -strong_alias(__arc4random_stir,arc4random_stir) - -void -arc4random_addrandom(u_char *dat, int datlen) -{ - if (!rs_initialized) - __arc4random_stir(); - arc4_addrandom(&rs, dat, datlen); -} - -u_int32_t -arc4random(void) -{ - arc4_count -= 4; - if (arc4_count <= 0 || !rs_initialized || arc4_stir_pid != getpid()) - __arc4random_stir(); - return arc4_getword(&rs); -} |