This does not quite look right:
ARC4RANDOM_EXPORT void
arc4random_addrandom(const unsigned char *dat, int datlen)
{
int j;
_ARC4_LOCK();
if (!rs_initialized)
arc4_stir();
for (j = 0; j < datlen; j += 256) {
/* arc4_addrandom() ignores all but the first 256 bytes of
* its input. We want to make sure to look at ALL the
* data in 'dat', just in case the user is doing something
* crazy like passing us all the files in /var/log. */
arc4_addrandom(dat + j, datlen - j);
}
_ARC4_UNLOCK();
}
It looks like its a O(n^2) algorithm, and it could be painful if all
the data in /var/log is passed in.
Iter 0:
data + 0, datalen - 0
Iter 1:
data + 256, datalen - 256
Iter 2:
data + 512, datalen - 512
...
Pictorially, I think its:
****************
************
********
...
It feels like it should be:
k = min(256, datlen - j);
arc4_addrandom(dat + j, k);
Jeff
***********************************************************************
To unsubscribe, send an e-mail to [email protected] with
unsubscribe libevent-users in the body.
