Bug 4417

Summary: arc4random function addition
Product: glibc Reporter: Robert Connolly <robert>
Component: libcAssignee: Adhemerval Zanella <adhemerval.zanella>
Status: RESOLVED FIXED    
Severity: enhancement CC: adhemerval.zanella, fweimer, glibc-bugs, yann
Priority: P3 Flags: fweimer: security-
Version: unspecified   
Target Milestone: 2.36   
Host: Target:
Build: Last reconfirmed:
Attachments: --with-prng-device patch
arc4random() patch
arc4random mktemp/tempname patch

Description Robert Connolly 2007-04-24 04:20:45 UTC 
Hello. I'm attaching patches for adding the arc4random(3) library function. The 
patch includes a manual page. This function uses the free Arcfour (another-rc4) 
stream cipher, seeded with entropy. This function is intended for 
non-cryptographic uses, such as for mktemp.

As-is this patch takes 128 bits from /dev/urandom, or gettimeofday/getpid 
if /dev/urandom is not available. This can be more flexable, to use hp-timing. 
I would suggest arc4random() is used in place of hp-timing throughout the Glibc 
package, with the exception of the stack protector (for performance reasons), 
and use hp-timing in arc4random.c.
Comment 1 Robert Connolly 2007-04-24 04:24:25 UTC 
Created attachment 1734 [details]
--with-prng-device patch

This patch adds --with-prng-device= to allow users to specify their
/dev/urandom or /dev/arandom or /dev/erandom, to use with ssp and arc4random,
and future.
Comment 2 Robert Connolly 2007-04-24 04:26:45 UTC 
Created attachment 1735 [details]
arc4random() patch

This patch adds the arc4random() code. It depends on the prng patch to build it
as-is.
Comment 3 Robert Connolly 2007-04-24 04:28:08 UTC 
Created attachment 1736 [details]
arc4random mktemp/tempname patch

This patch is for tempname.c to make mktemp, and friends, use arc4random().
Comment 4 Robert Connolly 2007-04-24 07:48:23 UTC 
In resolv/res_init.c, res_randomid() could use arc4random() instead of 
getpid().
Comment 5 Ulrich Drepper 2007-04-24 19:52:36 UTC 
glibc is no dumping ground for arbitrary code.  The existing code is just find.
 Put your code in separate libraries.
Comment 6 Yann Droneaud 2018-06-21 11:24:05 UTC 
Florian Weimer posted another implementation of arc4random() in https://sourceware.org/ml/libc-alpha/2018-05/msg00891.html
Comment 7 Florian Weimer 2018-06-21 11:26:13 UTC 
I'm working on this.
Comment 8 Adhemerval Zanella 2022-04-12 11:36:01 UTC 
I am working on a new version for arc4random.
Comment 9 Adhemerval Zanella 2022-08-01 15:49:53 UTC 
Added on 2.36.