summaryrefslogtreecommitdiff
path: root/lib/libc/crypt/arc4random.c
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2003-11-26 21:40:09 +0000
committerDamien Miller <djm@cvs.openbsd.org>2003-11-26 21:40:09 +0000
commit15344b1f957fb5130cef1de67610b7542784fb12 (patch)
tree4747addd8a227f69cac7317fe5b2ced3a9496e19 /lib/libc/crypt/arc4random.c
parent07159db459d0b6dc201c6202e5c9325e9a4201e7 (diff)
Discard first 256 bytes of keystream, as per recommendation in
"Weaknesses in the Key Scheduling Algorithm of RC4", Fluhrer, Mantin and Shamir. ok itojun@
Diffstat (limited to 'lib/libc/crypt/arc4random.c')
-rw-r--r--lib/libc/crypt/arc4random.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/lib/libc/crypt/arc4random.c b/lib/libc/crypt/arc4random.c
index 5e3b2925a68..5b376488ec0 100644
--- a/lib/libc/crypt/arc4random.c
+++ b/lib/libc/crypt/arc4random.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: arc4random.c,v 1.9 2003/08/16 19:07:40 tedu Exp $ */
+/* $OpenBSD: arc4random.c,v 1.10 2003/11/26 21:40:08 djm Exp $ */
/*
* Arc4 random number generator for OpenBSD.
@@ -48,6 +48,8 @@ static int rs_initialized;
static struct arc4_stream rs;
static pid_t arc4_stir_pid;
+static inline u_int8_t arc4_getbyte(struct arc4_stream *);
+
static inline void
arc4_init(struct arc4_stream *as)
{
@@ -98,6 +100,13 @@ arc4_stir(struct arc4_stream *as)
arc4_stir_pid = getpid();
arc4_addrandom(as, (void *) &rdat, sizeof(rdat));
+
+ /*
+ * Discard early keystream, as per recommendations in:
+ * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
+ */
+ for (i = 0; i < 256; i++)
+ (void) arc4_getbyte(as);
}
static inline u_int8_t