4417 – arc4random function addition

Bug 4417 - arc4random function addition

Summary: arc4random function addition

Status:	RESOLVED FIXED

Alias:	None

Product:	glibc
Classification:	Unclassified
Component:	libc (show other bugs)
Version:	unspecified

Importance:	P3 enhancement
Target Milestone:	2.36
Assignee:	Adhemerval Zanella

URL:
Keywords:

Depends on:
Blocks:

Reported:	2007-04-24 04:20 UTC by Robert Connolly
Modified:	2022-08-01 15:49 UTC (History)
CC List:	4 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Flags:	fweimer: security-

Attachments
--with-prng-device patch (1.29 KB, patch) 2007-04-24 04:24 UTC, Robert Connolly	Details \| Diff
arc4random() patch (4.57 KB, patch) 2007-04-24 04:26 UTC, Robert Connolly	Details \| Diff
arc4random mktemp/tempname patch (1.19 KB, patch) 2007-04-24 04:28 UTC, Robert Connolly	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Connolly 2007-04-24 04:20:45 UTC

Hello. I'm attaching patches for adding the arc4random(3) library function. The 
patch includes a manual page. This function uses the free Arcfour (another-rc4) 
stream cipher, seeded with entropy. This function is intended for 
non-cryptographic uses, such as for mktemp.

As-is this patch takes 128 bits from /dev/urandom, or gettimeofday/getpid 
if /dev/urandom is not available. This can be more flexable, to use hp-timing. 
I would suggest arc4random() is used in place of hp-timing throughout the Glibc 
package, with the exception of the stack protector (for performance reasons), 
and use hp-timing in arc4random.c.

Comment 1 Robert Connolly 2007-04-24 04:24:25 UTC

Created attachment 1734 [details]
--with-prng-device patch

This patch adds --with-prng-device= to allow users to specify their
/dev/urandom or /dev/arandom or /dev/erandom, to use with ssp and arc4random,
and future.

Comment 2 Robert Connolly 2007-04-24 04:26:45 UTC

Created attachment 1735 [details]
arc4random() patch

This patch adds the arc4random() code. It depends on the prng patch to build it
as-is.

Comment 3 Robert Connolly 2007-04-24 04:28:08 UTC

Created attachment 1736 [details]
arc4random mktemp/tempname patch

This patch is for tempname.c to make mktemp, and friends, use arc4random().

Comment 4 Robert Connolly 2007-04-24 07:48:23 UTC

In resolv/res_init.c, res_randomid() could use arc4random() instead of 
getpid().

Comment 5 Ulrich Drepper 2007-04-24 19:52:36 UTC

glibc is no dumping ground for arbitrary code.  The existing code is just find.
 Put your code in separate libraries.

Comment 6 Yann Droneaud 2018-06-21 11:24:05 UTC

Florian Weimer posted another implementation of arc4random() in https://sourceware.org/ml/libc-alpha/2018-05/msg00891.html

Comment 7 Florian Weimer 2018-06-21 11:26:13 UTC

I'm working on this.

Comment 8 Adhemerval Zanella 2022-04-12 11:36:01 UTC

I am working on a new version for arc4random.

Comment 9 Adhemerval Zanella 2022-08-01 15:49:53 UTC

Added on 2.36.