2 * Copyright (c) 1999,2000,2004 Damien Miller <djm@mindrot.org>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 #include <sys/types.h>
27 #ifndef HAVE_ARC4RANDOM
29 #include <openssl/rand.h>
30 #include <openssl/rc4.h>
31 #include <openssl/err.h>
33 /* Size of key to use */
36 /* Number of bytes to reseed after */
37 #define REKEY_BYTES (1 << 24)
39 static int rc4_ready
= 0;
46 static int first_time
= 1;
55 RC4(&rc4
, sizeof(r
), (unsigned char *)&r
, (unsigned char *)&r
);
57 rc4_ready
-= sizeof(r
);
65 unsigned char rand_buf
[SEED_SIZE
];
68 memset(&rc4
, 0, sizeof(rc4
));
69 if (RAND_bytes(rand_buf
, sizeof(rand_buf
)) <= 0)
70 fatal("Couldn't obtain random bytes (error %ld)",
72 RC4_set_key(&rc4
, sizeof(rand_buf
), rand_buf
);
75 * Discard early keystream, as per recommendations in:
76 * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
78 for(i
= 0; i
<= 256; i
+= sizeof(rand_buf
))
79 RC4(&rc4
, sizeof(rand_buf
), rand_buf
, rand_buf
);
81 memset(rand_buf
, 0, sizeof(rand_buf
));
83 rc4_ready
= REKEY_BYTES
;
85 #endif /* !HAVE_ARC4RANDOM */
87 #ifndef HAVE_ARC4RANDOM_BUF
89 arc4random_buf(void *_buf
, size_t n
)
93 char *buf
= (char *)_buf
;
95 for (i
= 0; i
< n
; i
++) {
103 #endif /* !HAVE_ARC4RANDOM_BUF */
105 #ifndef HAVE_ARC4RANDOM_UNIFORM
107 * Calculate a uniformly distributed random number less than upper_bound
108 * avoiding "modulo bias".
110 * Uniformity is achieved by generating new random numbers until the one
111 * returned is outside the range [0, 2**32 % upper_bound). This
112 * guarantees the selected random number will be inside
113 * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound)
114 * after reduction modulo upper_bound.
117 arc4random_uniform(u_int32_t upper_bound
)
124 #if (ULONG_MAX > 0xffffffffUL)
125 min
= 0x100000000UL
% upper_bound
;
127 /* Calculate (2**32 % upper_bound) avoiding 64-bit math */
128 if (upper_bound
> 0x80000000)
129 min
= 1 + ~upper_bound
; /* 2**32 - upper_bound */
131 /* (2**32 - (x * 2)) % x == 2**32 % x when x <= 2**31 */
132 min
= ((0xffffffff - (upper_bound
* 2)) + 1) % upper_bound
;
137 * This could theoretically loop forever but each retry has
138 * p > 0.5 (worst case, usually far better) of selecting a
139 * number inside the range we need, so it should rarely need
148 return r
% upper_bound
;
150 #endif /* !HAVE_ARC4RANDOM_UNIFORM */