pseudo_random & arc4random

Robert Connolly robert at linuxfromscratch.org
Fri Feb 11 06:23:15 PST 2005


Hi. Attached are a pair of patches. The kernel one adds an option for sysctl 
urandom, and the frandom patch was combined. A bit of new code was added so 
frandom and erandom will be discovered by udev, but without being 
in /etc/udev/permissions.d they're read-only by root.. so I guess the udev 
config will need modifications or a patch.

The uclibc patch adds arc4random() and arc4randomII(), using urandom and 
erandom. Options were added to use arc4randomII with propolice, and with 
mktemp. The erandom-ssp option was removed. I added a man page for arc4random 
too (uClibc-0.9.27/libc/stdlib/man/arc4random.3); if you search google and 
find freebsd/netbsd/openbsd's arc4random(3) man page it is written assuming 
we have an arandom device, but in Linux we don't, so the man page is very 
misleading about what the library does.

Glibc's mktemp is much more confusing than uClibc's, but I'll try to port 
arc4random to it too.

I looked at OpenSSL, it has support for arc4random in crypto/rand/rand_unix.c. 
A couple #ifdef's need to be patched, or maybe sed can handle it. Their 
portable alternative is to use getpid(), so this will be a good improvement.

I need to test these more, I haven't build frandom as a module.. etc. But it 
should be 90+% good now. I'm not sure if any of you are able to help me test 
these patches. Or read them to see if I did everything okay. My benchmarks so 
far have been excellent.

Looking at openbsd's source I found a short list of apps that can be patched 
for arc4random, including dhclient, bcrypt, passwd, bind, apache, ntpd, 
rdate, ssh, and maybe a couple others.

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linux-2.6.10-pseudo_random-1.patch-testing
Type: text/x-diff
Size: 15321 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20050211/18ebac0f/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: uClibc-0.9.27-arc4random-1.patch-testing
Type: text/x-diff
Size: 20314 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20050211/18ebac0f/attachment-0001.diff>


More information about the hlfs-dev mailing list