Hi. Please add these patches to the hlfs directory.
robert
Submitted By: Robert Connolly <robert at linuxfromscratch dot org> (ashes)
Date: 2005-10-02
Initial Package Version: 4.1.4
Upstream Status: Accepted Upstream
Origin: http://lists.gnu.org/archive/html/bug-gnu-utils/2005-08/txtVau5I71LDV.txt
Description: This corrects a problem with a "Memory exhausted" error when Sed
is linked to uClibc 0.9.28.
diff -Naur sed-4.1.4.orig/lib/regex_internal.c sed-4.1.4/lib/regex_internal.c
--- sed-4.1.4.orig/lib/regex_internal.c 2005-01-28 09:07:56 +0000
+++ sed-4.1.4/lib/regex_internal.c 2005-08-24 03:20:28 +0000
@@ -885,8 +885,9 @@
{
set->alloc = size;
set->nelem = 0;
- set->elems = re_malloc (int, size);
- if (BE (set->elems == NULL, 0))
+ set->elems = re_malloc (int, size); /* can be NULL if size == 0
+ (see re_node_set_init_empty(set)) */
+ if (BE (set->elems == NULL && size != 0, 0))
return REG_ESPACE;
return REG_NOERROR;
}
Submitted By: Robert Connolly <robert at linuxfromscratch dot org> (ashes)
Date: 2005-10-02
Initial Package Version: 5.8.7
Upstream Status: Unknown
Origin: http://linuxfromscratch.org/pipermail/hlfs-dev/2005-August/002360.html
Description: The regex code in this version of Perl segfaults when compiled
with stack smashing protector. This patch disables stack smashing protector
just on the affected files.
diff -Naur perl-5.8.7.orig/cflags.SH perl-5.8.7/cflags.SH
--- perl-5.8.7.orig/cflags.SH 2002-09-30 10:59:07.000000000 +0000
+++ perl-5.8.7/cflags.SH 2005-10-02 04:08:39.000000000 +0000
@@ -165,6 +165,8 @@
esac
: Can we perhaps use $ansi2knr here
+ [[ $file == regcomp ]] && export ccflags="${ccflags} -fno-stack-protector"
+ [[ $file == regexec ]] && export ccflags="${ccflags} -fno-stack-protector"
echo "$cc -c -DPERL_CORE $ccflags $optimize $warn"
eval "$also "'"$cc -DPERL_CORE -c $ccflags $optimize $warn"'
diff -Naur uClibc-0.9.28.orig/.config uClibc-0.9.28/.config
--- uClibc-0.9.28.orig/.config 1970-01-01 00:00:00.000000000 +0000
+++ uClibc-0.9.28/.config 2005-09-14 20:50:25.000000000 +0000
@@ -0,0 +1,191 @@
+#
+# Automatically generated make config: don't edit
+#
+# TARGET_alpha is not set
+# TARGET_arm is not set
+# TARGET_bfin is not set
+# TARGET_cris is not set
+# TARGET_e1 is not set
+# TARGET_frv is not set
+# TARGET_h8300 is not set
+TARGET_i386=y
+# TARGET_i960 is not set
+# TARGET_m68k is not set
+# TARGET_microblaze is not set
+# TARGET_mips is not set
+# TARGET_nios is not set
+# TARGET_nios2 is not set
+# TARGET_powerpc is not set
+# TARGET_sh is not set
+# TARGET_sh64 is not set
+# TARGET_sparc is not set
+# TARGET_v850 is not set
+# TARGET_x86_64 is not set
+
+#
+# Target Architecture Features and Options
+#
+HAVE_ELF=y
+ARCH_SUPPORTS_LITTLE_ENDIAN=y
+TARGET_ARCH="i386"
+CONFIG_GENERIC_386=y
+# CONFIG_386 is not set
+# CONFIG_486 is not set
+# CONFIG_586 is not set
+# CONFIG_586MMX is not set
+# CONFIG_686 is not set
+# CONFIG_PENTIUMII is not set
+# CONFIG_PENTIUMIII is not set
+# CONFIG_PENTIUM4 is not set
+# CONFIG_K6 is not set
+# CONFIG_K7 is not set
+# CONFIG_ELAN is not set
+# CONFIG_CRUSOE is not set
+# CONFIG_WINCHIPC6 is not set
+# CONFIG_WINCHIP2 is not set
+# CONFIG_CYRIXIII is not set
+# CONFIG_NEHEMIAH is not set
+ARCH_LITTLE_ENDIAN=y
+# ARCH_BIG_ENDIAN is not set
+# ARCH_HAS_NO_MMU is not set
+ARCH_HAS_MMU=y
+UCLIBC_HAS_FLOATS=y
+HAS_FPU=y
+DO_C99_MATH=y
+KERNEL_SOURCE="/usr/src/linux"
+C_SYMBOL_PREFIX=""
+HAVE_DOT_CONFIG=y
+
+#
+# General Library Settings
+#
+# HAVE_NO_PIC is not set
+DOPIC=y
+# HAVE_NO_SHARED is not set
+HAVE_SHARED=y
+# ARCH_HAS_NO_LDSO is not set
+BUILD_UCLIBC_LDSO=y
+FORCE_SHAREABLE_TEXT_SEGMENTS=y
+LDSO_LDD_SUPPORT=y
+LDSO_CACHE_SUPPORT=y
+# LDSO_PRELOAD_FILE_SUPPORT is not set
+LDSO_BASE_FILENAME="ld.so"
+LDSO_RUNPATH=y
+# DL_FINI_CRT_COMPAT is not set
+UCLIBC_CTOR_DTOR=y
+# HAS_NO_THREADS is not set
+UCLIBC_HAS_THREADS=y
+# PTHREADS_DEBUG_SUPPORT is not set
+UCLIBC_HAS_LFS=y
+# UCLIBC_STATIC_LDCONFIG is not set
+# MALLOC is not set
+# MALLOC_SIMPLE is not set
+MALLOC_STANDARD=y
+# MALLOC_GLIBC_COMPAT is not set
+UCLIBC_DYNAMIC_ATEXIT=y
+HAS_SHADOW=y
+UNIX98PTY_ONLY=y
+ASSUME_DEVPTS=y
+UCLIBC_HAS_TM_EXTENSIONS=y
+UCLIBC_HAS_TZ_CACHING=y
+UCLIBC_HAS_TZ_FILE=y
+UCLIBC_HAS_TZ_FILE_READ_MANY=y
+UCLIBC_TZ_FILE_PATH="/etc/TZ"
+
+#
+# Networking Support
+#
+# UCLIBC_HAS_IPV6 is not set
+UCLIBC_HAS_RPC=y
+# UCLIBC_HAS_FULL_RPC is not set
+
+#
+# String and Stdio Support
+#
+UCLIBC_HAS_STRING_GENERIC_OPT=y
+UCLIBC_HAS_STRING_ARCH_OPT=y
+UCLIBC_HAS_CTYPE_TABLES=y
+UCLIBC_HAS_CTYPE_SIGNED=y
+UCLIBC_HAS_CTYPE_UNSAFE=y
+# UCLIBC_HAS_CTYPE_CHECKED is not set
+# UCLIBC_HAS_CTYPE_ENFORCED is not set
+UCLIBC_HAS_WCHAR=y
+UCLIBC_HAS_LOCALE=y
+UCLIBC_PREGENERATED_LOCALE_DATA=y
+# UCLIBC_DOWNLOAD_PREGENERATED_LOCALE_DATA is not set
+# UCLIBC_HAS_XLOCALE is not set
+# UCLIBC_HAS_HEXADECIMAL_FLOATS is not set
+# UCLIBC_HAS_GLIBC_DIGIT_GROUPING is not set
+UCLIBC_HAS_GLIBC_CUSTOM_PRINTF=y
+UCLIBC_PRINTF_SCANF_POSITIONAL_ARGS=9
+# UCLIBC_HAS_SCANF_GLIBC_A_FLAG is not set
+# UCLIBC_HAS_STDIO_BUFSIZ_NONE is not set
+# UCLIBC_HAS_STDIO_BUFSIZ_256 is not set
+# UCLIBC_HAS_STDIO_BUFSIZ_512 is not set
+# UCLIBC_HAS_STDIO_BUFSIZ_1024 is not set
+# UCLIBC_HAS_STDIO_BUFSIZ_2048 is not set
+UCLIBC_HAS_STDIO_BUFSIZ_4096=y
+# UCLIBC_HAS_STDIO_BUFSIZ_8192 is not set
+UCLIBC_HAS_STDIO_BUILTIN_BUFFER_NONE=y
+# UCLIBC_HAS_STDIO_BUILTIN_BUFFER_4 is not set
+# UCLIBC_HAS_STDIO_BUILTIN_BUFFER_8 is not set
+# UCLIBC_HAS_STDIO_SHUTDOWN_ON_ABORT is not set
+UCLIBC_HAS_STDIO_GETC_MACRO=y
+UCLIBC_HAS_STDIO_PUTC_MACRO=y
+UCLIBC_HAS_STDIO_AUTO_RW_TRANSITION=y
+# UCLIBC_HAS_FOPEN_LARGEFILE_MODE is not set
+# UCLIBC_HAS_FOPEN_EXCLUSIVE_MODE is not set
+# UCLIBC_HAS_GLIBC_CUSTOM_STREAMS is not set
+# UCLIBC_HAS_PRINTF_M_SPEC is not set
+UCLIBC_HAS_ERRNO_MESSAGES=y
+# UCLIBC_HAS_SYS_ERRLIST is not set
+UCLIBC_HAS_SIGNUM_MESSAGES=y
+# UCLIBC_HAS_SYS_SIGLIST is not set
+UCLIBC_HAS_GNU_GETOPT=y
+
+#
+# Big and Tall
+#
+UCLIBC_HAS_REGEX=y
+# UCLIBC_HAS_WORDEXP is not set
+# UCLIBC_HAS_FTW is not set
+UCLIBC_HAS_GLOB=y
+
+#
+# Library Installation Options
+#
+SHARED_LIB_LOADER_PREFIX="$(DEVEL_PREFIX)/lib"
+RUNTIME_PREFIX="/usr/$(TARGET_ARCH)-linux-uclibc/"
+DEVEL_PREFIX="/usr/$(TARGET_ARCH)-linux-uclibc/usr/"
+
+#
+# uClibc security related options
+#
+UCLIBC_SECURITY=y
+UCLIBC_BUILD_PIE=y
+UCLIBC_HAS_ARC4RANDOM=y
+MKTEMP_USE_ARC4RANDOM=y
+ARC4RANDOM_USE_SYSCTL=y
+UCLIBC_HAS_SSP=y
+# SSP_QUICK_CANARY is not set
+# SSP_USE_ERANDOM is not set
+SSP_USE_ARC4RANDOM=y
+PROPOLICE_BLOCK_ABRT=y
+# PROPOLICE_BLOCK_SEGV is not set
+# PROPOLICE_BLOCK_KILL is not set
+UCLIBC_BUILD_SSP=y
+UCLIBC_BUILD_RELRO=y
+UCLIBC_BUILD_NOW=y
+UCLIBC_BUILD_NOEXECSTACK=y
+
+#
+# uClibc development/debugging options
+#
+CROSS_COMPILER_PREFIX=""
+# DODEBUG is not set
+# DODEBUG_PT is not set
+# DOASSERTS is not set
+# SUPPORT_LD_DEBUG is not set
+# SUPPORT_LD_DEBUG_EARLY is not set
+WARNINGS="-Wall"
+# UCLIBC_MJN3_ONLY is not set
diff -Naur uClibc-0.9.28.orig/extra/Configs/Config.in uClibc-0.9.28/extra/Configs/Config.in
--- uClibc-0.9.28.orig/extra/Configs/Config.in 2005-08-17 22:49:41.000000000 +0000
+++ uClibc-0.9.28/extra/Configs/Config.in 2005-09-12 04:04:55.000000000 +0000
@@ -1138,6 +1138,49 @@
libraries have to be built with -fPIC or -fpic, and all assembler
functions must be written as position independent code (PIC).
+config UCLIBC_HAS_ARC4RANDOM
+ bool "Add the arc4random() function to the library"
+ depends on UCLIBC_SECURITY
+ default n
+ help
+ Answer Y to add the OpenBSD-like arc4random() function. arc4random()
+ generates a pseudo-random number using the ARC4 key stream cipher.
+ The arc4random() function is seeded automatically from /dev/urandom
+ and can be in about (2**1700) states. gettimeofday(2) is always
+ included when initializing the state, making it impossible to
+ generate the same random sequence twice. arc4randomII() is identical
+ to arc4random() except that erandom is used as the seed source.
+ arc4random() is safe for an entropy source for cryptography, while
+ arc4randomII() is suited for mktemp, and other functions with a short
+ lifespan. This library is very small (approx. 2KB) and very fast.
+ If you answer Y here, mktemp(3), and propolice stack protection, can
+ use arc4randomII() for their entropy source.
+ OpenSSL and OpenNTPD also support this function.
+ Erandom requires a modified kernel. More informataion is on:
+ http://frandom.sourceforge.net/
+ and
+ http://www.linuxfromscratch.org/hlfs/
+ Most people will answer N.
+
+config MKTEMP_USE_ARC4RANDOM
+ bool "Use arc4randomII() in mktemp(3)"
+ depends on UCLIBC_HAS_ARC4RANDOM
+ default n
+ help
+ Answer Y to use arc4randomII() as mktemp's (tempname.c) entropy source.
+ This will save kernel entropy while making tempfiles unpredictable.
+ Most people will answer N.
+
+config ARC4RANDOM_USE_SYSCTL
+ bool "Make arc4random() use sysctl if /dev is not accessible"
+ depends on UCLIBC_HAS_ARC4RANDOM
+ default n
+ help
+ Answer Y to use sysctl only if /dev/*random fails (chroot).
+ This requires a modified kernel.
+ For more info see: http://www.linuxfromscratch.org/hlfs/
+ Most people will answer N.
+
config UCLIBC_HAS_SSP
bool "Support for propolice smashing stack protector"
depends on UCLIBC_SECURITY
@@ -1152,26 +1195,14 @@
<http://www.research.ibm.com/trl/projects/security/ssp/>
Most people will answer N.
-config SSP_QUICK_CANARY
- bool "Use simple guard values without accessing /dev/urandom"
- depends on UCLIBC_HAS_SSP
- default n
- help
- Use gettimeofday(2) to define the __guard without accessing
- /dev/urandom.
- WARNING: This makes smashing stack protector vulnerable to timing
- attacks.
- Most people will answer N.
-
-config SSP_USE_ERANDOM
- bool "Use erandom for setting guard value if /dev/urandom fails"
- depends on UCLIBC_HAS_SSP && !SSP_QUICK_CANARY
+config SSP_USE_ARC4RANDOM
+ bool "Make propolice use arc4randomII()"
+ depends on UCLIBC_HAS_ARC4RANDOM
default n
help
- Use /dev/erandom to define the guard if /dev/urandom fails (chroot).
- This requires a modified kernel.
- More information at:
- <http://frandom.sourceforge.net/>
+ Answer Y to use arc4randomII() as propolice's __guard entropy
+ source. This will save kernel entropy while making __guard's value
+ unpredictable.
Most people will answer N.
choice
diff -Naur uClibc-0.9.28.orig/include/stdlib.h uClibc-0.9.28/include/stdlib.h
--- uClibc-0.9.28.orig/include/stdlib.h 2005-08-17 22:49:41.000000000 +0000
+++ uClibc-0.9.28/include/stdlib.h 2005-09-12 04:04:55.000000000 +0000
@@ -449,7 +449,18 @@
extern int lcong48_r (unsigned short int __param[7],
struct drand48_data *__buffer) __THROW;
-# endif /* Use misc. */
+
+#if defined(__UCLIBC_HAS_ARC4RANDOM__)
+#define HAVE_ARC4RANDOM
+u_int32_t arc4random(void);
+void arc4random_stir(void);
+void arc4random_addrandom(unsigned char *, int);
+u_int32_t arc4randomII(void);
+void arc4random_stirII(void);
+void arc4random_addrandomII(unsigned char *, int);
+#endif
+
+# endif /* Use misc. */
#endif /* Use SVID or X/Open. */
#endif /* don't just need malloc and calloc */
diff -Naur uClibc-0.9.28.orig/libc/misc/internals/tempname.c uClibc-0.9.28/libc/misc/internals/tempname.c
--- uClibc-0.9.28.orig/libc/misc/internals/tempname.c 2005-08-17 22:49:48.000000000 +0000
+++ uClibc-0.9.28/libc/misc/internals/tempname.c 2005-09-12 04:04:55.000000000 +0000
@@ -122,6 +122,7 @@
static const char letters[] =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+#if !defined(__MKTEMP_USE_ARC4RANDOM__)
static unsigned int fillrand(unsigned char *buf, unsigned int len)
{
int fd;
@@ -136,6 +137,7 @@
}
return result;
}
+#endif
static void brain_damaged_fillrand(unsigned char *buf, unsigned int len)
{
@@ -193,10 +195,16 @@
XXXXXX = &tmpl[len - 6];
/* Get some random data. */
+ #if defined(__MKTEMP_USE_ARC4RANDOM__)
+ for (i = 0 ; i < sizeof(randomness) ; i++) {
+ randomness[i] = (arc4randomII() % 62);
+ }
+ #else
if (fillrand(randomness, sizeof(randomness)) != sizeof(randomness)) {
/* if random device nodes failed us, lets use the braindamaged ver */
brain_damaged_fillrand(randomness, sizeof(randomness));
}
+ #endif
for (i = 0 ; i < sizeof(randomness) ; i++) {
k = ((randomness[i]) % 62);
XXXXXX[i] = letters[k];
diff -Naur uClibc-0.9.28.orig/libc/stdlib/Makefile uClibc-0.9.28/libc/stdlib/Makefile
--- uClibc-0.9.28.orig/libc/stdlib/Makefile 2005-08-17 22:49:41.000000000 +0000
+++ uClibc-0.9.28/libc/stdlib/Makefile 2005-09-12 04:04:55.000000000 +0000
@@ -90,6 +90,10 @@
ifeq ($(UCLIBC_HAS_FLOATS),y)
CSRC += drand48.c drand48_r.c erand48.c erand48_r.c
endif
+ifeq ($(UCLIBC_HAS_ARC4RANDOM),y)
+ CSRC += arc4random.c arc4randomII.c
+endif
+
COBJS=$(patsubst %.c,%.o, $(CSRC))
OBJS=$(MOBJ) $(MOBJx) $(MOBJ1) $(MOBJ1x) $(MOBJ2) $(COBJS)
diff -Naur uClibc-0.9.28.orig/libc/stdlib/arc4random.c uClibc-0.9.28/libc/stdlib/arc4random.c
--- uClibc-0.9.28.orig/libc/stdlib/arc4random.c 1970-01-01 00:00:00.000000000 +0000
+++ uClibc-0.9.28/libc/stdlib/arc4random.c 2005-09-12 04:04:55.000000000 +0000
@@ -0,0 +1,217 @@
+/*
+ * Arc4 random number generator for OpenBSD.
+ * Copyright 1996 David Mazieres <[EMAIL PROTECTED]>.
+ *
+ * Modification and redistribution in source and binary forms is
+ * permitted provided that due credit is given to the author and the
+ * OpenBSD project by leaving this copyright notice intact.
+ */
+
+/*
+ * This code is derived from section 17.1 of Applied Cryptography,
+ * second edition, which describes a stream cipher allegedly
+ * compatible with RSA Labs "RC4" cipher (the actual description of
+ * which is a trade secret). The same algorithm is used as a stream
+ * cipher called "arcfour" in Tatu Ylonen's ssh package.
+ *
+ * Here the stream cipher has been modified always to include the time
+ * when initializing the state. That makes it impossible to
+ * regenerate the same random sequence twice, so this can't be used
+ * for encryption, but will generate good random numbers.
+ *
+ * RC4 is a registered trademark of RSA Laboratories.
+ */
+
+/*
+ * Modified by Robert Connolly from OpenBSD lib/libc/crypt/arc4random.c v1.11.
+ * This is arc4random(3) using urandom.
+ */
+
+#include <fcntl.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/time.h>
+#if defined(__ARC4RANDOM_USE_SYSCTL__)
+#include <sys/sysctl.h>
+#endif
+
+#ifdef __GNUC__
+#define inline __inline
+#else /* !__GNUC__ */
+#define inline
+#endif /* !__GNUC__ */
+
+#ifdef __UCLIBC__
+extern int __libc_open(__const char *file, int flags, ...);
+extern ssize_t __libc_read(int fd, void *buf, size_t count);
+extern int __libc_close(int fd);
+#else
+# define __libc_open(file, flags) __open(file, flags)
+# define __libc_read(fd, buf, count) __read(fd, buf, count)
+# define __libc_close(fd) __close(fd)
+#endif
+
+struct arc4_stream {
+ u_int8_t i;
+ u_int8_t j;
+ u_int8_t s[256];
+};
+
+static int rs_initialized;
+static struct arc4_stream rs;
+static pid_t arc4_stir_pid;
+
+static inline u_int8_t arc4_getbyte(struct arc4_stream *);
+
+static inline void
+arc4_init(struct arc4_stream *as)
+{
+ int n;
+
+ for (n = 0; n < 256; n++)
+ as->s[n] = n;
+ as->i = 0;
+ as->j = 0;
+}
+
+static inline void
+arc4_addrandom(struct arc4_stream *as, u_char *dat, int datlen)
+{
+ int n;
+ u_int8_t si;
+
+ as->i--;
+ for (n = 0; n < 256; n++) {
+ as->i = (as->i + 1);
+ si = as->s[as->i];
+ as->j = (as->j + si + dat[n % datlen]);
+ as->s[as->i] = as->s[as->j];
+ as->s[as->j] = si;
+ }
+ as->j = as->i;
+}
+
+static void
+arc4_stir(struct arc4_stream *as)
+{
+ int n, fd;
+ struct {
+ struct timeval tv;
+ u_int rnd[(128 - sizeof(struct timeval)) / sizeof(u_int)];
+ } rdat;
+
+ gettimeofday(&rdat.tv, NULL);
+
+ /* /dev/urandom is a multithread interface, sysctl is not. */
+ /* Try to use /dev/urandom before sysctl. */
+ fd = __libc_open("/dev/urandom", O_RDONLY);
+ if (fd != -1) {
+ __libc_read(fd, rdat.rnd, sizeof(rdat.rnd));
+ __libc_close(fd);
+ }
+
+#if defined(__ARC4RANDOM_USE_SYSCTL__)
+ else {
+ /* /dev/urandom failed? Maybe we're in a chroot. */
+ int mib[]={CTL_KERN, KERN_RANDOM, RANDOM_URANDOM};
+ u_int i;
+ size_t len;
+
+ for (i = 0; i < sizeof(rdat.rnd) / sizeof(u_int); i ++) {
+ len = sizeof(u_int);
+ if (sysctl(mib, 3, &rdat.rnd[i], &len, NULL, 0) == -1)
+ break;
+ }
+ if (i < sizeof(rdat.rnd) / 4) {
+ /* Sysctl urandom failed? Maybe we're running a vanilla kernel. */
+ mib[2] = RANDOM_UUID;
+ for (i = 0; i < sizeof(rdat.rnd) / sizeof(u_int); i ++) {
+ len = sizeof(u_int);
+ if (sysctl(mib, 3, &rdat.rnd[i], &len, NULL, 0) == -1)
+ break;
+ }
+ }
+ }
+#endif
+
+ arc4_stir_pid = getpid();
+ /*
+ * Time to give up. If no entropy could be found then we will just
+ * use gettimeofday.
+ */
+ arc4_addrandom(as, (void *)&rdat, sizeof(rdat));
+
+ /*
+ * Discard early keystream, as per recommendations in:
+ * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
+ * We discard 256 words. A long word is 4 bytes.
+ */
+ for (n = 0; n < 256 * 4; n ++)
+ arc4_getbyte(as);
+}
+
+static inline u_int8_t
+arc4_getbyte(struct arc4_stream *as)
+{
+ u_int8_t si, sj;
+
+ as->i = (as->i + 1);
+ si = as->s[as->i];
+ as->j = (as->j + si);
+ sj = as->s[as->j];
+ as->s[as->i] = sj;
+ as->s[as->j] = si;
+ return (as->s[(si + sj) & 0xff]);
+}
+
+static inline u_int32_t
+arc4_getword(struct arc4_stream *as)
+{
+ u_int32_t val;
+ val = arc4_getbyte(as) << 24;
+ val |= arc4_getbyte(as) << 16;
+ val |= arc4_getbyte(as) << 8;
+ val |= arc4_getbyte(as);
+ return val;
+}
+
+void
+arc4random_stir(void)
+{
+ if (!rs_initialized) {
+ arc4_init(&rs);
+ rs_initialized = 1;
+ }
+ arc4_stir(&rs);
+}
+
+void
+arc4random_addrandom(u_char *dat, int datlen)
+{
+ if (!rs_initialized)
+ arc4random_stir();
+ arc4_addrandom(&rs, dat, datlen);
+}
+
+u_int32_t
+arc4random(void)
+{
+ if (!rs_initialized || arc4_stir_pid != getpid())
+ arc4random_stir();
+ return arc4_getword(&rs);
+}
+
+#if 0
+/*-------- Test code --------*/
+#include <stdlib.h>
+#include <stdio.h>
+
+int main(void) {
+ int random_number;
+ random_number = arc4random() % 65536;
+ printf("A random number between 0 and 65536 is %d\n", random_number);
+ return 0;
+}
+#endif
diff -Naur uClibc-0.9.28.orig/libc/stdlib/arc4randomII.c uClibc-0.9.28/libc/stdlib/arc4randomII.c
--- uClibc-0.9.28.orig/libc/stdlib/arc4randomII.c 1970-01-01 00:00:00.000000000 +0000
+++ uClibc-0.9.28/libc/stdlib/arc4randomII.c 2005-09-12 04:04:55.000000000 +0000
@@ -0,0 +1,208 @@
+/*
+ * Arc4 random number generator for OpenBSD.
+ * Copyright 1996 David Mazieres <[EMAIL PROTECTED]>.
+ *
+ * Modification and redistribution in source and binary forms is
+ * permitted provided that due credit is given to the author and the
+ * OpenBSD project by leaving this copyright notice intact.
+ */
+
+/*
+ * This code is derived from section 17.1 of Applied Cryptography,
+ * second edition, which describes a stream cipher allegedly
+ * compatible with RSA Labs "RC4" cipher (the actual description of
+ * which is a trade secret). The same algorithm is used as a stream
+ * cipher called "arcfour" in Tatu Ylonen's ssh package.
+ *
+ * Here the stream cipher has been modified always to include the time
+ * when initializing the state. That makes it impossible to
+ * regenerate the same random sequence twice, so this can't be used
+ * for encryption, but will generate good random numbers.
+ *
+ * RC4 is a registered trademark of RSA Laboratories.
+ */
+
+/*
+ * Modified by Robert Connolly from OpenBSD lib/libc/crypt/arc4random.c v1.11.
+ * This is arc4randomII(3) using erandom.
+ */
+
+#include <fcntl.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/time.h>
+#if defined(__ARC4RANDOM_USE_SYSCTL__)
+#include <sys/sysctl.h>
+#endif
+
+#ifdef __GNUC__
+#define inline __inline
+#else /* !__GNUC__ */
+#define inline
+#endif /* !__GNUC__ */
+
+#ifdef __UCLIBC__
+extern int __libc_open(__const char *file, int flags, ...);
+extern ssize_t __libc_read(int fd, void *buf, size_t count);
+extern int __libc_close(int fd);
+#else
+# define __libc_open(file, flags) __open(file, flags)
+# define __libc_read(fd, buf, count) __read(fd, buf, count)
+# define __libc_close(fd) __close(fd)
+#endif
+
+struct arc4_streamII {
+ u_int8_t i;
+ u_int8_t j;
+ u_int8_t s[256];
+};
+
+static int rs_initializedII;
+static struct arc4_streamII rs;
+static pid_t arc4_stir_pidII;
+
+static inline u_int8_t arc4_getbyteII(struct arc4_streamII *);
+
+static inline void
+arc4_initII(struct arc4_streamII *as)
+{
+ int n;
+
+ for (n = 0; n < 256; n++)
+ as->s[n] = n;
+ as->i = 0;
+ as->j = 0;
+}
+
+static inline void
+arc4_addrandomII(struct arc4_streamII *as, u_char *dat, int datlen)
+{
+ int n;
+ u_int8_t si;
+
+ as->i--;
+ for (n = 0; n < 256; n++) {
+ as->i = (as->i + 1);
+ si = as->s[as->i];
+ as->j = (as->j + si + dat[n % datlen]);
+ as->s[as->i] = as->s[as->j];
+ as->s[as->j] = si;
+ }
+ as->j = as->i;
+}
+
+static void
+arc4_stirII(struct arc4_streamII *as)
+{
+ int n, fd;
+ struct {
+ struct timeval tv;
+ u_int rnd[(128 - sizeof(struct timeval)) / sizeof(u_int)];
+ } rdat;
+
+ gettimeofday(&rdat.tv, NULL);
+
+ /* /dev/urandom is a multithread interface, sysctl is not. */
+ /* Try to use /dev/urandom before sysctl. */
+ fd = __libc_open("/dev/erandom", O_RDONLY);
+ if (fd != -1) {
+ __libc_read(fd, rdat.rnd, sizeof(rdat.rnd));
+ __libc_close(fd);
+ }
+
+#if defined(__ARC4RANDOM_USE_SYSCTL__)
+ else {
+ /* /dev/urandom failed? Maybe we're in a chroot. */
+ int mib[]={CTL_KERN, KERN_RANDOM, RANDOM_ERANDOM};
+ u_int i;
+ size_t len;
+
+ for (i = 0; i < sizeof(rdat.rnd) / sizeof(u_int); i++) {
+ len = sizeof(u_int);
+ if (sysctl(mib, 3, &rdat.rnd[i], &len, NULL, 0) == -1)
+ break;
+ }
+ }
+#endif
+
+ arc4_stir_pidII = getpid();
+ /*
+ * Time to give up. If no entropy could be found then we will just
+ * use gettimeofday.
+ */
+ arc4_addrandomII(as, (void *)&rdat, sizeof(rdat));
+
+ /*
+ * Discard early keystream, as per recommendations in:
+ * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
+ * We discard 256 words. A long word is 4 bytes.
+ */
+ for (n = 0; n < 256 * 4; n ++)
+ arc4_getbyteII(as);
+}
+
+static inline u_int8_t
+arc4_getbyteII(struct arc4_streamII *as)
+{
+ u_int8_t si, sj;
+
+ as->i = (as->i + 1);
+ si = as->s[as->i];
+ as->j = (as->j + si);
+ sj = as->s[as->j];
+ as->s[as->i] = sj;
+ as->s[as->j] = si;
+ return (as->s[(si + sj) & 0xff]);
+}
+
+static inline u_int32_t
+arc4_getwordII(struct arc4_streamII *as)
+{
+ u_int32_t val;
+ val = arc4_getbyteII(as) << 24;
+ val |= arc4_getbyteII(as) << 16;
+ val |= arc4_getbyteII(as) << 8;
+ val |= arc4_getbyteII(as);
+ return val;
+}
+
+void
+arc4random_stirII(void)
+{
+ if (!rs_initializedII) {
+ arc4_initII(&rs);
+ rs_initializedII = 1;
+ }
+ arc4_stirII(&rs);
+}
+
+void
+arc4random_addrandomII(u_char *dat, int datlen)
+{
+ if (!rs_initializedII)
+ arc4random_stirII();
+ arc4_addrandomII(&rs, dat, datlen);
+}
+
+u_int32_t
+arc4randomII(void)
+{
+ if (!rs_initializedII || arc4_stir_pidII != getpid())
+ arc4random_stirII();
+ return arc4_getwordII(&rs);
+}
+
+#if 0
+/*-------- Test code --------*/
+#include <stdlib.h>
+#include <stdio.h>
+
+int main(void) {
+ int random_number;
+ random_number = arc4randomII() % 65536;
+ printf("A random number between 0 and 65536 is %d\n", random_number);
+ return 0;
+}
+#endif
diff -Naur uClibc-0.9.28.orig/libc/stdlib/man/arc4random.3 uClibc-0.9.28/libc/stdlib/man/arc4random.3
--- uClibc-0.9.28.orig/libc/stdlib/man/arc4random.3 1970-01-01 00:00:00.000000000 +0000
+++ uClibc-0.9.28/libc/stdlib/man/arc4random.3 2005-09-12 04:04:55.000000000 +0000
@@ -0,0 +1,74 @@
+.TH ARC4RANDOM 3 "February 11, 2005"
+.SH NAME
+arc4random - arc4 random number generator
+.SH SYNOPSIS
+.nf
+.B #include <stdlib.h>
+.sp
+.I u_int32_t
+.B arc4random(void);
+.sp
+.I u_int32_t
+.B arc4randomII(void);
+.fi
+.SH DESCRIPTION
+The \fBarc4random()\fP function generates a pseudo-random number using the
+ARC4 cipher key stream generator. ARCFOUR uses 8*8 8 bit S-Boxes, and can
+be in about (2**1700) states.
+
+The \fBarc4random()\fP function is seeded automatically from /dev/urandom,
+or from sysctl \fBurandom\fP if /dev/urandom is not accessible (chroot), or from
+sysctl random.uuid if sysctl \fBurandom\fP is not accessible. \fBgettimeofday(2)\fP
+is always included when initializing the state of \fBarc4random()\fP, this makes
+it impossible to generate the same random sequence twice. \fBarc4random()\fP
+is intended to be safe to use with encryption software to provide entropy.
+
+The \fBarc4randomII()\fP function is identical to \fBarc4random()\fP except
+that \fBarc4randomII()\fP is seeded automatically from /dev/erandom, and
+sysctl erandom. \fBarc4randomII()\fP is NOT intended for cryptography, but is
+ideal for \fBmktemp(3)\fP, and other functions with a short lifespan.
+\fBarc4randomII()\fP and erandom do not consume any kernel entropy.
+
+Sysctl urandom, and erandom require a modified kernel. See:
+http://www.linuxfromscratch.org/hlfs/
+
+.SH EXAMPLES
+.TP
+Return a random number between 0 and 100.
+.sp
+arc4random() % 100;
+.TP
+Return any random number.
+.sp
+arc4random();
+.TP
+.nf
+Sample program; this will display a number between 0 and 65536.
+
+#include <stdlib.h>
+#include <stdio.h>
+
+int main(void) {
+ int random_number;
+ random_number = arc4random() % 65536;
+ printf("%d\n", random_number);
+ return 0;
+}
+.fi
+.SH "SEE ALSO"
+.BR random (3),
+.BR gettimeofday (2),
+.BR mktemp (3)
+
+.SH HISTORY
+An algorithm called RC4 was designed by RSA Data Security, Inc. It was
+considered a trade secret, but not trademarked. Because it was a trade
+secret, it obviously could not be patented. A clone of this was posted
+anonymously to USENET and confirmed to be equivalent by several sources
+who had access to the original cipher. Because of the trade secret situation,
+RSA Data Security, Inc. can do nothing about the release of the
+ARC4 algorithm. Since RC4 used to be a trade secret, the cipher is now
+referred to as ARC4 (Another RC4).
+
+These functions first appeared in OpenBSD 2.1.
+
diff -Naur uClibc-0.9.28.orig/libc/sysdeps/linux/common/ssp.c uClibc-0.9.28/libc/sysdeps/linux/common/ssp.c
--- uClibc-0.9.28.orig/libc/sysdeps/linux/common/ssp.c 2005-08-17 22:49:42.000000000 +0000
+++ uClibc-0.9.28/libc/sysdeps/linux/common/ssp.c 2005-09-12 04:06:31.000000000 +0000
@@ -16,16 +16,15 @@
*
*/
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
#ifdef __SSP__
# error ssp.c has to be built w/ -fno-stack-protector
#endif
#include <stdio.h>
#include <string.h>
+#if defined(__SSP_USE_ARC4RANDOM__)
+#include <stdlib.h> /* For arc4random() */
+#endif
#include <fcntl.h>
#include <unistd.h>
#include <signal.h>
@@ -33,9 +32,6 @@
#include <sys/un.h>
#include <sys/syslog.h>
#include <sys/time.h>
-#ifdef __SSP_USE_ERANDOM__
-# include <sys/sysctl.h>
-#endif
#ifdef __PROPOLICE_BLOCK_SEGV__
# define SSP_SIGTYPE SIGSEGV
@@ -65,7 +61,9 @@
void __guard_setup(void) __attribute__ ((constructor));
void __guard_setup(void)
{
- size_t size;
+ int i=0;
+ size_t size;
+ struct timeval tv;
if (__guard != 0UL)
return;
@@ -73,48 +71,26 @@
/* Start with the "terminator canary". */
__guard = 0xFF0A0D00UL;
-#ifndef __SSP_QUICK_CANARY__
-# ifdef __SSP_USE_ERANDOM__
- {
- int mib[3];
- /* Random is another depth in Linux, hence an array of 3. */
- mib[0] = CTL_KERN;
- mib[1] = KERN_RANDOM;
- mib[2] = RANDOM_ERANDOM;
+ /* Then with the time. */
+ gettimeofday(&tv, NULL);
+ __guard ^= tv.tv_usec ^ tv.tv_sec;
+#if defined(__SSP_USE_ARC4RANDOM__)
+ for (i = 0; i < sizeof(__guard) / 4; i ++) {
size = sizeof(unsigned long);
- if (__sysctl(mib, 3, &__guard, &size, NULL, 0) != (-1))
- if (__guard != 0UL)
- return;
+ if ((__guard = (int)(arc4randomII())) == (-1))
+ break;
}
-# endif /* ifdef __SSP_USE_ERANDOM__ */
- /*
- * Attempt to open kernel pseudo random device if one exists before
- * opening urandom to avoid system entropy depletion.
- */
- {
- int fd;
-
-# ifdef __SSP_USE_ERANDOM__
- if ((fd = __libc_open("/dev/erandom", O_RDONLY)) == (-1))
-# endif
- fd = __libc_open("/dev/urandom", O_RDONLY);
+#else
+ int fd=0;
+ if (i < sizeof(__guard) / 4) {
+ fd = __libc_open("/dev/urandom", O_RDONLY);
if (fd != (-1)) {
size = __libc_read(fd, (char *) &__guard, sizeof(__guard));
- __libc_close(fd);
- if (size == sizeof(__guard))
- return;
- }
- }
-#endif /* ifndef __SSP_QUICK_CANARY__ */
-
- /* Everything failed? Or we are using a weakened model of the
- * terminator canary */
- {
- struct timeval tv;
- gettimeofday(&tv, NULL);
- __guard ^= tv.tv_usec ^ tv.tv_sec;
- }
+ __libc_close(fd);
+ if (size == sizeof(__guard))
+ return;
+#endif
}
void __stack_smash_handler(char func[], int damaged __attribute__ ((unused)));
--
http://linuxfromscratch.org/mailman/listinfo/patches
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
