Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 9 Jan 2004 07:03:30 -0800 (PST)
From:      Jeff Ito <jeffi@rcn.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   bin/61126: libc arc4random does not discard first N words (libkern arc4random does)
Message-ID:  <200401091503.i09F3U22067948@www.freebsd.org>
Resent-Message-ID: <200401091510.i09FANoL024110@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         61126
>Category:       bin
>Synopsis:       libc arc4random does not discard first N words (libkern arc4random does)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 09 07:10:23 PST 2004
>Closed-Date:
>Last-Modified:
>Originator:     Jeff Ito
>Release:        CURRENT
>Organization:
>Environment:
N/A
>Description:
libc's arc4random does not discard the first N words as suggested in the Fluher, Martin & Shamir paper, and as already implemented in libkern's arc4random
>How-To-Repeat:
N/A
>Fix:
      
Index: arc4random.c
===================================================================
RCS file: /cvs/fbsd/src/lib/libc/gen/arc4random.c,v
retrieving revision 1.6
diff -u -r1.6 arc4random.c
--- arc4random.c        22 Mar 2002 21:52:05 -0000      1.6
+++ arc4random.c        9 Jan 2004 14:59:43 -0000
@@ -45,6 +45,8 @@
 static int rs_initialized;
 static struct arc4_stream rs;

+static inline u_int32_t arc4_getword(struct arc4_stream *);
+
 static inline void
 arc4_init(as)
        struct arc4_stream *as;
@@ -80,7 +82,7 @@
 arc4_stir(as)
        struct arc4_stream *as;
 {
-       int     fd;
+       int     fd, n;
        struct {
                struct timeval tv;
                pid_t pid;
@@ -98,6 +100,14 @@
         * stack... */

        arc4_addrandom(as, (void *) &rdat, sizeof(rdat));
+
+       /*
+        * Throw away the first N words of output, as suggested in the
+        * paper "Weaknesses in the Key Scheduling Algorithm of RC4"
+        * by Fluher, Mantin, and Shamir.  (N = 256 in our case.)
+        */
+       for (n = 0; n < 256; n++)
+               arc4_getword(as);
 }

 static inline u_int8_t

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200401091503.i09F3U22067948>