Author: archaic Date: 2005-10-08 08:45:52 -0600 (Sat, 08 Oct 2005) New Revision: 1173
Added: trunk/hlfs/uClibc-0.9.28-arc4random-1.patch trunk/hlfs/uClibc-0.9.28-config-1.patch trunk/hlfs/uClibc-0.9.28-libc_stack_end-1.patch trunk/uClibc/uClibc-0.9.28-arc4random-1.patch trunk/uClibc/uClibc-0.9.28-config-1.patch trunk/uClibc/uClibc-0.9.28-libc_stack_end-1.patch Log: Added updated uClibc patches. Added: trunk/hlfs/uClibc-0.9.28-arc4random-1.patch =================================================================== --- trunk/hlfs/uClibc-0.9.28-arc4random-1.patch 2005-10-08 14:43:57 UTC (rev 1172) +++ trunk/hlfs/uClibc-0.9.28-arc4random-1.patch 2005-10-08 14:45:52 UTC (rev 1173) @@ -0,0 +1 @@ +link ../uClibc/uClibc-0.9.28-arc4random-1.patch \ No newline at end of file Property changes on: trunk/hlfs/uClibc-0.9.28-arc4random-1.patch ___________________________________________________________________ Name: svn:special + * Added: trunk/hlfs/uClibc-0.9.28-config-1.patch =================================================================== --- trunk/hlfs/uClibc-0.9.28-config-1.patch 2005-10-08 14:43:57 UTC (rev 1172) +++ trunk/hlfs/uClibc-0.9.28-config-1.patch 2005-10-08 14:45:52 UTC (rev 1173) @@ -0,0 +1 @@ +link ../uClibc/uClibc-0.9.28-config-1.patch \ No newline at end of file Property changes on: trunk/hlfs/uClibc-0.9.28-config-1.patch ___________________________________________________________________ Name: svn:special + * Added: trunk/hlfs/uClibc-0.9.28-libc_stack_end-1.patch =================================================================== --- trunk/hlfs/uClibc-0.9.28-libc_stack_end-1.patch 2005-10-08 14:43:57 UTC (rev 1172) +++ trunk/hlfs/uClibc-0.9.28-libc_stack_end-1.patch 2005-10-08 14:45:52 UTC (rev 1173) @@ -0,0 +1 @@ +link ../uClibc/uClibc-0.9.28-libc_stack_end-1.patch \ No newline at end of file Property changes on: trunk/hlfs/uClibc-0.9.28-libc_stack_end-1.patch ___________________________________________________________________ Name: svn:special + * Added: trunk/uClibc/uClibc-0.9.28-arc4random-1.patch =================================================================== --- trunk/uClibc/uClibc-0.9.28-arc4random-1.patch 2005-10-08 14:43:57 UTC (rev 1172) +++ trunk/uClibc/uClibc-0.9.28-arc4random-1.patch 2005-10-08 14:45:52 UTC (rev 1173) @@ -0,0 +1,790 @@ +Submitted By: Robert Connolly <robert at linuxfromscratch dot org> (ashes) +Date: 2005-10-02 +Initial Package Version: 0.9.28 +Upstream Status: Submitted, declined +Origin: http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/crypt/arc4random.c +Description: This patch adds the arc4random() and arc4randomII() functions +to uClibc, and hooks so mktemp(3) and SSP can use arc4randomII(). + +Also see: +http://www.linuxfromscratch.org/hlfs/ +http://www.linuxfromscratch.org/hints/downloads/files/entropy.txt + +diff -Naur uClibc-0.9.28.orig/extra/Configs/Config.in uClibc-0.9.28/extra/Configs/Config.in +--- uClibc-0.9.28.orig/extra/Configs/Config.in 2005-08-17 22:49:41.000000000 +0000 ++++ uClibc-0.9.28/extra/Configs/Config.in 2005-09-12 04:04:55.000000000 +0000 +@@ -1138,6 +1138,49 @@ + libraries have to be built with -fPIC or -fpic, and all assembler + functions must be written as position independent code (PIC). + ++config UCLIBC_HAS_ARC4RANDOM ++ bool "Add the arc4random() function to the library" ++ depends on UCLIBC_SECURITY ++ default n ++ help ++ Answer Y to add the OpenBSD-like arc4random() function. arc4random() ++ generates a pseudo-random number using the ARC4 key stream cipher. ++ The arc4random() function is seeded automatically from /dev/urandom ++ and can be in about (2**1700) states. gettimeofday(2) is always ++ included when initializing the state, making it impossible to ++ generate the same random sequence twice. arc4randomII() is identical ++ to arc4random() except that erandom is used as the seed source. ++ arc4random() is safe for an entropy source for cryptography, while ++ arc4randomII() is suited for mktemp, and other functions with a short ++ lifespan. This library is very small (approx. 2KB) and very fast. ++ If you answer Y here, mktemp(3), and propolice stack protection, can ++ use arc4randomII() for their entropy source. ++ OpenSSL and OpenNTPD also support this function. ++ Erandom requires a modified kernel. More informataion is on: ++ http://frandom.sourceforge.net/ ++ and ++ http://www.linuxfromscratch.org/hlfs/ ++ Most people will answer N. ++ ++config MKTEMP_USE_ARC4RANDOM ++ bool "Use arc4randomII() in mktemp(3)" ++ depends on UCLIBC_HAS_ARC4RANDOM ++ default n ++ help ++ Answer Y to use arc4randomII() as mktemp's (tempname.c) entropy source. ++ This will save kernel entropy while making tempfiles unpredictable. ++ Most people will answer N. ++ ++config ARC4RANDOM_USE_SYSCTL ++ bool "Make arc4random() use sysctl if /dev is not accessible" ++ depends on UCLIBC_HAS_ARC4RANDOM ++ default n ++ help ++ Answer Y to use sysctl only if /dev/*random fails (chroot). ++ This requires a modified kernel. ++ For more info see: http://www.linuxfromscratch.org/hlfs/ ++ Most people will answer N. ++ + config UCLIBC_HAS_SSP + bool "Support for propolice smashing stack protector" + depends on UCLIBC_SECURITY +@@ -1152,26 +1195,14 @@ + <http://www.research.ibm.com/trl/projects/security/ssp/> + Most people will answer N. + +-config SSP_QUICK_CANARY +- bool "Use simple guard values without accessing /dev/urandom" +- depends on UCLIBC_HAS_SSP +- default n +- help +- Use gettimeofday(2) to define the __guard without accessing +- /dev/urandom. +- WARNING: This makes smashing stack protector vulnerable to timing +- attacks. +- Most people will answer N. +- +-config SSP_USE_ERANDOM +- bool "Use erandom for setting guard value if /dev/urandom fails" +- depends on UCLIBC_HAS_SSP && !SSP_QUICK_CANARY ++config SSP_USE_ARC4RANDOM ++ bool "Make propolice use arc4randomII()" ++ depends on UCLIBC_HAS_ARC4RANDOM + default n + help +- Use /dev/erandom to define the guard if /dev/urandom fails (chroot). +- This requires a modified kernel. +- More information at: +- <http://frandom.sourceforge.net/> ++ Answer Y to use arc4randomII() as propolice's __guard entropy ++ source. This will save kernel entropy while making __guard's value ++ unpredictable. + Most people will answer N. + + choice +diff -Naur uClibc-0.9.28.orig/include/stdlib.h uClibc-0.9.28/include/stdlib.h +--- uClibc-0.9.28.orig/include/stdlib.h 2005-08-17 22:49:41.000000000 +0000 ++++ uClibc-0.9.28/include/stdlib.h 2005-09-12 04:04:55.000000000 +0000 +@@ -449,7 +449,18 @@ + + extern int lcong48_r (unsigned short int __param[7], + struct drand48_data *__buffer) __THROW; +-# endif /* Use misc. */ ++ ++#if defined(__UCLIBC_HAS_ARC4RANDOM__) ++#define HAVE_ARC4RANDOM ++u_int32_t arc4random(void); ++void arc4random_stir(void); ++void arc4random_addrandom(unsigned char *, int); ++u_int32_t arc4randomII(void); ++void arc4random_stirII(void); ++void arc4random_addrandomII(unsigned char *, int); ++#endif ++ ++# endif /* Use misc. */ + #endif /* Use SVID or X/Open. */ + + #endif /* don't just need malloc and calloc */ +diff -Naur uClibc-0.9.28.orig/libc/misc/internals/tempname.c uClibc-0.9.28/libc/misc/internals/tempname.c +--- uClibc-0.9.28.orig/libc/misc/internals/tempname.c 2005-08-17 22:49:48.000000000 +0000 ++++ uClibc-0.9.28/libc/misc/internals/tempname.c 2005-09-12 04:04:55.000000000 +0000 +@@ -122,6 +122,7 @@ + static const char letters[] = + "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; + ++#if !defined(__MKTEMP_USE_ARC4RANDOM__) + static unsigned int fillrand(unsigned char *buf, unsigned int len) + { + int fd; +@@ -136,6 +137,7 @@ + } + return result; + } ++#endif + + static void brain_damaged_fillrand(unsigned char *buf, unsigned int len) + { +@@ -193,10 +195,16 @@ + XXXXXX = &tmpl[len - 6]; + + /* Get some random data. */ ++ #if defined(__MKTEMP_USE_ARC4RANDOM__) ++ for (i = 0 ; i < sizeof(randomness) ; i++) { ++ randomness[i] = (arc4randomII() % 62); ++ } ++ #else + if (fillrand(randomness, sizeof(randomness)) != sizeof(randomness)) { + /* if random device nodes failed us, lets use the braindamaged ver */ + brain_damaged_fillrand(randomness, sizeof(randomness)); + } ++ #endif + for (i = 0 ; i < sizeof(randomness) ; i++) { + k = ((randomness[i]) % 62); + XXXXXX[i] = letters[k]; +diff -Naur uClibc-0.9.28.orig/libc/stdlib/Makefile uClibc-0.9.28/libc/stdlib/Makefile +--- uClibc-0.9.28.orig/libc/stdlib/Makefile 2005-08-17 22:49:41.000000000 +0000 ++++ uClibc-0.9.28/libc/stdlib/Makefile 2005-09-12 04:04:55.000000000 +0000 +@@ -90,6 +90,10 @@ + ifeq ($(UCLIBC_HAS_FLOATS),y) + CSRC += drand48.c drand48_r.c erand48.c erand48_r.c + endif ++ifeq ($(UCLIBC_HAS_ARC4RANDOM),y) ++ CSRC += arc4random.c arc4randomII.c ++endif ++ + COBJS=$(patsubst %.c,%.o, $(CSRC)) + + OBJS=$(MOBJ) $(MOBJx) $(MOBJ1) $(MOBJ1x) $(MOBJ2) $(COBJS) +diff -Naur uClibc-0.9.28.orig/libc/stdlib/arc4random.c uClibc-0.9.28/libc/stdlib/arc4random.c +--- uClibc-0.9.28.orig/libc/stdlib/arc4random.c 1970-01-01 00:00:00.000000000 +0000 ++++ uClibc-0.9.28/libc/stdlib/arc4random.c 2005-09-12 04:04:55.000000000 +0000 +@@ -0,0 +1,217 @@ ++/* ++ * Arc4 random number generator for OpenBSD. ++ * Copyright 1996 David Mazieres <[EMAIL PROTECTED]>. ++ * ++ * Modification and redistribution in source and binary forms is ++ * permitted provided that due credit is given to the author and the ++ * OpenBSD project by leaving this copyright notice intact. ++ */ ++ ++/* ++ * This code is derived from section 17.1 of Applied Cryptography, ++ * second edition, which describes a stream cipher allegedly ++ * compatible with RSA Labs "RC4" cipher (the actual description of ++ * which is a trade secret). The same algorithm is used as a stream ++ * cipher called "arcfour" in Tatu Ylonen's ssh package. ++ * ++ * Here the stream cipher has been modified always to include the time ++ * when initializing the state. That makes it impossible to ++ * regenerate the same random sequence twice, so this can't be used ++ * for encryption, but will generate good random numbers. ++ * ++ * RC4 is a registered trademark of RSA Laboratories. ++ */ ++ ++/* ++ * Modified by Robert Connolly from OpenBSD lib/libc/crypt/arc4random.c v1.11. ++ * This is arc4random(3) using urandom. ++ */ ++ ++#include <fcntl.h> ++#include <stdlib.h> ++#include <unistd.h> ++#include <sys/types.h> ++#include <sys/param.h> ++#include <sys/time.h> ++#if defined(__ARC4RANDOM_USE_SYSCTL__) ++#include <sys/sysctl.h> ++#endif ++ ++#ifdef __GNUC__ ++#define inline __inline ++#else /* !__GNUC__ */ ++#define inline ++#endif /* !__GNUC__ */ ++ ++#ifdef __UCLIBC__ ++extern int __libc_open(__const char *file, int flags, ...); ++extern ssize_t __libc_read(int fd, void *buf, size_t count); ++extern int __libc_close(int fd); ++#else ++# define __libc_open(file, flags) __open(file, flags) ++# define __libc_read(fd, buf, count) __read(fd, buf, count) ++# define __libc_close(fd) __close(fd) ++#endif ++ ++struct arc4_stream { ++ u_int8_t i; ++ u_int8_t j; ++ u_int8_t s[256]; ++}; ++ ++static int rs_initialized; ++static struct arc4_stream rs; ++static pid_t arc4_stir_pid; ++ ++static inline u_int8_t arc4_getbyte(struct arc4_stream *); ++ ++static inline void ++arc4_init(struct arc4_stream *as) ++{ ++ int n; ++ ++ for (n = 0; n < 256; n++) ++ as->s[n] = n; ++ as->i = 0; ++ as->j = 0; ++} ++ ++static inline void ++arc4_addrandom(struct arc4_stream *as, u_char *dat, int datlen) ++{ ++ int n; ++ u_int8_t si; ++ ++ as->i--; ++ for (n = 0; n < 256; n++) { ++ as->i = (as->i + 1); ++ si = as->s[as->i]; ++ as->j = (as->j + si + dat[n % datlen]); ++ as->s[as->i] = as->s[as->j]; ++ as->s[as->j] = si; ++ } ++ as->j = as->i; ++} ++ ++static void ++arc4_stir(struct arc4_stream *as) ++{ ++ int n, fd; ++ struct { ++ struct timeval tv; ++ u_int rnd[(128 - sizeof(struct timeval)) / sizeof(u_int)]; ++ } rdat; ++ ++ gettimeofday(&rdat.tv, NULL); ++ ++ /* /dev/urandom is a multithread interface, sysctl is not. */ ++ /* Try to use /dev/urandom before sysctl. */ ++ fd = __libc_open("/dev/urandom", O_RDONLY); ++ if (fd != -1) { ++ __libc_read(fd, rdat.rnd, sizeof(rdat.rnd)); ++ __libc_close(fd); ++ } ++ ++#if defined(__ARC4RANDOM_USE_SYSCTL__) ++ else { ++ /* /dev/urandom failed? Maybe we're in a chroot. */ ++ int mib[]={CTL_KERN, KERN_RANDOM, RANDOM_URANDOM}; ++ u_int i; ++ size_t len; ++ ++ for (i = 0; i < sizeof(rdat.rnd) / sizeof(u_int); i ++) { ++ len = sizeof(u_int); ++ if (sysctl(mib, 3, &rdat.rnd[i], &len, NULL, 0) == -1) ++ break; ++ } ++ if (i < sizeof(rdat.rnd) / 4) { ++ /* Sysctl urandom failed? Maybe we're running a vanilla kernel. */ ++ mib[2] = RANDOM_UUID; ++ for (i = 0; i < sizeof(rdat.rnd) / sizeof(u_int); i ++) { ++ len = sizeof(u_int); ++ if (sysctl(mib, 3, &rdat.rnd[i], &len, NULL, 0) == -1) ++ break; ++ } ++ } ++ } ++#endif ++ ++ arc4_stir_pid = getpid(); ++ /* ++ * Time to give up. If no entropy could be found then we will just ++ * use gettimeofday. ++ */ ++ arc4_addrandom(as, (void *)&rdat, sizeof(rdat)); ++ ++ /* ++ * Discard early keystream, as per recommendations in: ++ * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps ++ * We discard 256 words. A long word is 4 bytes. ++ */ ++ for (n = 0; n < 256 * 4; n ++) ++ arc4_getbyte(as); ++} ++ ++static inline u_int8_t ++arc4_getbyte(struct arc4_stream *as) ++{ ++ u_int8_t si, sj; ++ ++ as->i = (as->i + 1); ++ si = as->s[as->i]; ++ as->j = (as->j + si); ++ sj = as->s[as->j]; ++ as->s[as->i] = sj; ++ as->s[as->j] = si; ++ return (as->s[(si + sj) & 0xff]); ++} ++ ++static inline u_int32_t ++arc4_getword(struct arc4_stream *as) ++{ ++ u_int32_t val; ++ val = arc4_getbyte(as) << 24; ++ val |= arc4_getbyte(as) << 16; ++ val |= arc4_getbyte(as) << 8; ++ val |= arc4_getbyte(as); ++ return val; ++} ++ ++void ++arc4random_stir(void) ++{ ++ if (!rs_initialized) { ++ arc4_init(&rs); ++ rs_initialized = 1; ++ } ++ arc4_stir(&rs); ++} ++ ++void ++arc4random_addrandom(u_char *dat, int datlen) ++{ ++ if (!rs_initialized) ++ arc4random_stir(); ++ arc4_addrandom(&rs, dat, datlen); ++} ++ ++u_int32_t ++arc4random(void) ++{ ++ if (!rs_initialized || arc4_stir_pid != getpid()) ++ arc4random_stir(); ++ return arc4_getword(&rs); ++} ++ ++#if 0 ++/*-------- Test code --------*/ ++#include <stdlib.h> ++#include <stdio.h> ++ ++int main(void) { ++ int random_number; ++ random_number = arc4random() % 65536; ++ printf("A random number between 0 and 65536 is %d\n", random_number); ++ return 0; ++} ++#endif +diff -Naur uClibc-0.9.28.orig/libc/stdlib/arc4randomII.c uClibc-0.9.28/libc/stdlib/arc4randomII.c +--- uClibc-0.9.28.orig/libc/stdlib/arc4randomII.c 1970-01-01 00:00:00.000000000 +0000 ++++ uClibc-0.9.28/libc/stdlib/arc4randomII.c 2005-09-12 04:04:55.000000000 +0000 +@@ -0,0 +1,208 @@ ++/* ++ * Arc4 random number generator for OpenBSD. ++ * Copyright 1996 David Mazieres <[EMAIL PROTECTED]>. ++ * ++ * Modification and redistribution in source and binary forms is ++ * permitted provided that due credit is given to the author and the ++ * OpenBSD project by leaving this copyright notice intact. ++ */ ++ ++/* ++ * This code is derived from section 17.1 of Applied Cryptography, ++ * second edition, which describes a stream cipher allegedly ++ * compatible with RSA Labs "RC4" cipher (the actual description of ++ * which is a trade secret). The same algorithm is used as a stream ++ * cipher called "arcfour" in Tatu Ylonen's ssh package. ++ * ++ * Here the stream cipher has been modified always to include the time ++ * when initializing the state. That makes it impossible to ++ * regenerate the same random sequence twice, so this can't be used ++ * for encryption, but will generate good random numbers. ++ * ++ * RC4 is a registered trademark of RSA Laboratories. ++ */ ++ ++/* ++ * Modified by Robert Connolly from OpenBSD lib/libc/crypt/arc4random.c v1.11. ++ * This is arc4randomII(3) using erandom. ++ */ ++ ++#include <fcntl.h> ++#include <stdlib.h> ++#include <unistd.h> ++#include <sys/types.h> ++#include <sys/param.h> ++#include <sys/time.h> ++#if defined(__ARC4RANDOM_USE_SYSCTL__) ++#include <sys/sysctl.h> ++#endif ++ ++#ifdef __GNUC__ ++#define inline __inline ++#else /* !__GNUC__ */ ++#define inline ++#endif /* !__GNUC__ */ ++ ++#ifdef __UCLIBC__ ++extern int __libc_open(__const char *file, int flags, ...); ++extern ssize_t __libc_read(int fd, void *buf, size_t count); ++extern int __libc_close(int fd); ++#else ++# define __libc_open(file, flags) __open(file, flags) ++# define __libc_read(fd, buf, count) __read(fd, buf, count) ++# define __libc_close(fd) __close(fd) ++#endif ++ ++struct arc4_streamII { ++ u_int8_t i; ++ u_int8_t j; ++ u_int8_t s[256]; ++}; ++ ++static int rs_initializedII; ++static struct arc4_streamII rs; ++static pid_t arc4_stir_pidII; ++ ++static inline u_int8_t arc4_getbyteII(struct arc4_streamII *); ++ ++static inline void ++arc4_initII(struct arc4_streamII *as) ++{ ++ int n; ++ ++ for (n = 0; n < 256; n++) ++ as->s[n] = n; ++ as->i = 0; ++ as->j = 0; ++} ++ ++static inline void ++arc4_addrandomII(struct arc4_streamII *as, u_char *dat, int datlen) ++{ ++ int n; ++ u_int8_t si; ++ ++ as->i--; ++ for (n = 0; n < 256; n++) { ++ as->i = (as->i + 1); ++ si = as->s[as->i]; ++ as->j = (as->j + si + dat[n % datlen]); ++ as->s[as->i] = as->s[as->j]; ++ as->s[as->j] = si; ++ } ++ as->j = as->i; ++} ++ ++static void ++arc4_stirII(struct arc4_streamII *as) ++{ ++ int n, fd; ++ struct { ++ struct timeval tv; ++ u_int rnd[(128 - sizeof(struct timeval)) / sizeof(u_int)]; ++ } rdat; ++ ++ gettimeofday(&rdat.tv, NULL); ++ ++ /* /dev/urandom is a multithread interface, sysctl is not. */ ++ /* Try to use /dev/urandom before sysctl. */ ++ fd = __libc_open("/dev/erandom", O_RDONLY); ++ if (fd != -1) { ++ __libc_read(fd, rdat.rnd, sizeof(rdat.rnd)); ++ __libc_close(fd); ++ } ++ ++#if defined(__ARC4RANDOM_USE_SYSCTL__) ++ else { ++ /* /dev/urandom failed? Maybe we're in a chroot. */ ++ int mib[]={CTL_KERN, KERN_RANDOM, RANDOM_ERANDOM}; ++ u_int i; ++ size_t len; ++ ++ for (i = 0; i < sizeof(rdat.rnd) / sizeof(u_int); i++) { ++ len = sizeof(u_int); ++ if (sysctl(mib, 3, &rdat.rnd[i], &len, NULL, 0) == -1) ++ break; ++ } ++ } ++#endif ++ ++ arc4_stir_pidII = getpid(); ++ /* ++ * Time to give up. If no entropy could be found then we will just ++ * use gettimeofday. ++ */ ++ arc4_addrandomII(as, (void *)&rdat, sizeof(rdat)); ++ ++ /* ++ * Discard early keystream, as per recommendations in: ++ * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps ++ * We discard 256 words. A long word is 4 bytes. ++ */ ++ for (n = 0; n < 256 * 4; n ++) ++ arc4_getbyteII(as); ++} ++ ++static inline u_int8_t ++arc4_getbyteII(struct arc4_streamII *as) ++{ ++ u_int8_t si, sj; ++ ++ as->i = (as->i + 1); ++ si = as->s[as->i]; ++ as->j = (as->j + si); ++ sj = as->s[as->j]; ++ as->s[as->i] = sj; ++ as->s[as->j] = si; ++ return (as->s[(si + sj) & 0xff]); ++} ++ ++static inline u_int32_t ++arc4_getwordII(struct arc4_streamII *as) ++{ ++ u_int32_t val; ++ val = arc4_getbyteII(as) << 24; ++ val |= arc4_getbyteII(as) << 16; ++ val |= arc4_getbyteII(as) << 8; ++ val |= arc4_getbyteII(as); ++ return val; ++} ++ ++void ++arc4random_stirII(void) ++{ ++ if (!rs_initializedII) { ++ arc4_initII(&rs); ++ rs_initializedII = 1; ++ } ++ arc4_stirII(&rs); ++} ++ ++void ++arc4random_addrandomII(u_char *dat, int datlen) ++{ ++ if (!rs_initializedII) ++ arc4random_stirII(); ++ arc4_addrandomII(&rs, dat, datlen); ++} ++ ++u_int32_t ++arc4randomII(void) ++{ ++ if (!rs_initializedII || arc4_stir_pidII != getpid()) ++ arc4random_stirII(); ++ return arc4_getwordII(&rs); ++} ++ ++#if 0 ++/*-------- Test code --------*/ ++#include <stdlib.h> ++#include <stdio.h> ++ ++int main(void) { ++ int random_number; ++ random_number = arc4randomII() % 65536; ++ printf("A random number between 0 and 65536 is %d\n", random_number); ++ return 0; ++} ++#endif +diff -Naur uClibc-0.9.28.orig/libc/stdlib/man/arc4random.3 uClibc-0.9.28/libc/stdlib/man/arc4random.3 +--- uClibc-0.9.28.orig/libc/stdlib/man/arc4random.3 1970-01-01 00:00:00.000000000 +0000 ++++ uClibc-0.9.28/libc/stdlib/man/arc4random.3 2005-09-12 04:04:55.000000000 +0000 +@@ -0,0 +1,74 @@ ++.TH ARC4RANDOM 3 "February 11, 2005" ++.SH NAME ++arc4random - arc4 random number generator ++.SH SYNOPSIS ++.nf ++.B #include <stdlib.h> ++.sp ++.I u_int32_t ++.B arc4random(void); ++.sp ++.I u_int32_t ++.B arc4randomII(void); ++.fi ++.SH DESCRIPTION ++The \fBarc4random()\fP function generates a pseudo-random number using the ++ARC4 cipher key stream generator. ARCFOUR uses 8*8 8 bit S-Boxes, and can ++be in about (2**1700) states. ++ ++The \fBarc4random()\fP function is seeded automatically from /dev/urandom, ++or from sysctl \fBurandom\fP if /dev/urandom is not accessible (chroot), or from ++sysctl random.uuid if sysctl \fBurandom\fP is not accessible. \fBgettimeofday(2)\fP ++is always included when initializing the state of \fBarc4random()\fP, this makes ++it impossible to generate the same random sequence twice. \fBarc4random()\fP ++is intended to be safe to use with encryption software to provide entropy. ++ ++The \fBarc4randomII()\fP function is identical to \fBarc4random()\fP except ++that \fBarc4randomII()\fP is seeded automatically from /dev/erandom, and ++sysctl erandom. \fBarc4randomII()\fP is NOT intended for cryptography, but is ++ideal for \fBmktemp(3)\fP, and other functions with a short lifespan. ++\fBarc4randomII()\fP and erandom do not consume any kernel entropy. ++ ++Sysctl urandom, and erandom require a modified kernel. See: ++http://www.linuxfromscratch.org/hlfs/ ++ ++.SH EXAMPLES ++.TP ++Return a random number between 0 and 100. ++.sp ++arc4random() % 100; ++.TP ++Return any random number. ++.sp ++arc4random(); ++.TP ++.nf ++Sample program; this will display a number between 0 and 65536. ++ ++#include <stdlib.h> ++#include <stdio.h> ++ ++int main(void) { ++ int random_number; ++ random_number = arc4random() % 65536; ++ printf("%d\n", random_number); ++ return 0; ++} ++.fi ++.SH "SEE ALSO" ++.BR random (3), ++.BR gettimeofday (2), ++.BR mktemp (3) ++ ++.SH HISTORY ++An algorithm called RC4 was designed by RSA Data Security, Inc. It was ++considered a trade secret, but not trademarked. Because it was a trade ++secret, it obviously could not be patented. A clone of this was posted ++anonymously to USENET and confirmed to be equivalent by several sources ++who had access to the original cipher. Because of the trade secret situation, ++RSA Data Security, Inc. can do nothing about the release of the ++ARC4 algorithm. Since RC4 used to be a trade secret, the cipher is now ++referred to as ARC4 (Another RC4). ++ ++These functions first appeared in OpenBSD 2.1. ++ +diff -Naur uClibc-0.9.28.orig/libc/sysdeps/linux/common/ssp.c uClibc-0.9.28/libc/sysdeps/linux/common/ssp.c +--- uClibc-0.9.28.orig/libc/sysdeps/linux/common/ssp.c 2005-08-17 22:49:42.000000000 +0000 ++++ uClibc-0.9.28/libc/sysdeps/linux/common/ssp.c 2005-09-12 04:06:31.000000000 +0000 +@@ -16,16 +16,15 @@ + * + */ + +-#ifdef HAVE_CONFIG_H +-# include <config.h> +-#endif +- + #ifdef __SSP__ + # error ssp.c has to be built w/ -fno-stack-protector + #endif + + #include <stdio.h> + #include <string.h> ++#if defined(__SSP_USE_ARC4RANDOM__) ++#include <stdlib.h> /* For arc4random() */ ++#endif + #include <fcntl.h> + #include <unistd.h> + #include <signal.h> +@@ -33,9 +32,6 @@ + #include <sys/un.h> + #include <sys/syslog.h> + #include <sys/time.h> +-#ifdef __SSP_USE_ERANDOM__ +-# include <sys/sysctl.h> +-#endif + + #ifdef __PROPOLICE_BLOCK_SEGV__ + # define SSP_SIGTYPE SIGSEGV +@@ -65,7 +61,9 @@ + void __guard_setup(void) __attribute__ ((constructor)); + void __guard_setup(void) + { +- size_t size; ++ int i=0; ++ size_t size; ++ struct timeval tv; + + if (__guard != 0UL) + return; +@@ -73,48 +71,26 @@ + /* Start with the "terminator canary". */ + __guard = 0xFF0A0D00UL; + +-#ifndef __SSP_QUICK_CANARY__ +-# ifdef __SSP_USE_ERANDOM__ +- { +- int mib[3]; +- /* Random is another depth in Linux, hence an array of 3. */ +- mib[0] = CTL_KERN; +- mib[1] = KERN_RANDOM; +- mib[2] = RANDOM_ERANDOM; ++ /* Then with the time. */ ++ gettimeofday(&tv, NULL); ++ __guard ^= tv.tv_usec ^ tv.tv_sec; + ++#if defined(__SSP_USE_ARC4RANDOM__) ++ for (i = 0; i < sizeof(__guard) / 4; i ++) { + size = sizeof(unsigned long); +- if (__sysctl(mib, 3, &__guard, &size, NULL, 0) != (-1)) +- if (__guard != 0UL) +- return; ++ if ((__guard = (int)(arc4randomII())) == (-1)) ++ break; + } +-# endif /* ifdef __SSP_USE_ERANDOM__ */ +- /* +- * Attempt to open kernel pseudo random device if one exists before +- * opening urandom to avoid system entropy depletion. +- */ +- { +- int fd; +- +-# ifdef __SSP_USE_ERANDOM__ +- if ((fd = __libc_open("/dev/erandom", O_RDONLY)) == (-1)) +-# endif +- fd = __libc_open("/dev/urandom", O_RDONLY); ++#else ++ int fd=0; ++ if (i < sizeof(__guard) / 4) { ++ fd = __libc_open("/dev/urandom", O_RDONLY); + if (fd != (-1)) { + size = __libc_read(fd, (char *) &__guard, sizeof(__guard)); +- __libc_close(fd); +- if (size == sizeof(__guard)) +- return; +- } +- } +-#endif /* ifndef __SSP_QUICK_CANARY__ */ +- +- /* Everything failed? Or we are using a weakened model of the +- * terminator canary */ +- { +- struct timeval tv; +- gettimeofday(&tv, NULL); +- __guard ^= tv.tv_usec ^ tv.tv_sec; +- } ++ __libc_close(fd); ++ if (size == sizeof(__guard)) ++ return; ++#endif + } + + void __stack_smash_handler(char func[], int damaged __attribute__ ((unused))); Added: trunk/uClibc/uClibc-0.9.28-config-1.patch =================================================================== --- trunk/uClibc/uClibc-0.9.28-config-1.patch 2005-10-08 14:43:57 UTC (rev 1172) +++ trunk/uClibc/uClibc-0.9.28-config-1.patch 2005-10-08 14:45:52 UTC (rev 1173) @@ -0,0 +1,207 @@ +Submitted By: Robert Connolly <robert at linuxfromscratch dot org> (ashes) +Date: 2005-10-02 +Initial Package Version: 0.9.28 +Upstream Status: Not submitted +Origin: None +Description: This adds a default config file to uClibc so the build can be +more automated. + +Also see: +http://www.linuxfromscratch.org/hlfs/ +http://www.linuxfromscratch.org/hints/downloads/files/entropy.txt + +diff -Naur uClibc-0.9.28.orig/.config uClibc-0.9.28/.config +--- uClibc-0.9.28.orig/.config 1970-01-01 00:00:00.000000000 +0000 ++++ uClibc-0.9.28/.config 2005-09-14 20:50:25.000000000 +0000 +@@ -0,0 +1,191 @@ ++# ++# Automatically generated make config: don't edit ++# ++# TARGET_alpha is not set ++# TARGET_arm is not set ++# TARGET_bfin is not set ++# TARGET_cris is not set ++# TARGET_e1 is not set ++# TARGET_frv is not set ++# TARGET_h8300 is not set ++TARGET_i386=y ++# TARGET_i960 is not set ++# TARGET_m68k is not set ++# TARGET_microblaze is not set ++# TARGET_mips is not set ++# TARGET_nios is not set ++# TARGET_nios2 is not set ++# TARGET_powerpc is not set ++# TARGET_sh is not set ++# TARGET_sh64 is not set ++# TARGET_sparc is not set ++# TARGET_v850 is not set ++# TARGET_x86_64 is not set ++ ++# ++# Target Architecture Features and Options ++# ++HAVE_ELF=y ++ARCH_SUPPORTS_LITTLE_ENDIAN=y ++TARGET_ARCH="i386" ++CONFIG_GENERIC_386=y ++# CONFIG_386 is not set ++# CONFIG_486 is not set ++# CONFIG_586 is not set ++# CONFIG_586MMX is not set ++# CONFIG_686 is not set ++# CONFIG_PENTIUMII is not set ++# CONFIG_PENTIUMIII is not set ++# CONFIG_PENTIUM4 is not set ++# CONFIG_K6 is not set ++# CONFIG_K7 is not set ++# CONFIG_ELAN is not set ++# CONFIG_CRUSOE is not set ++# CONFIG_WINCHIPC6 is not set ++# CONFIG_WINCHIP2 is not set ++# CONFIG_CYRIXIII is not set ++# CONFIG_NEHEMIAH is not set ++ARCH_LITTLE_ENDIAN=y ++# ARCH_BIG_ENDIAN is not set ++# ARCH_HAS_NO_MMU is not set ++ARCH_HAS_MMU=y ++UCLIBC_HAS_FLOATS=y ++HAS_FPU=y ++DO_C99_MATH=y ++KERNEL_SOURCE="/usr/src/linux" ++C_SYMBOL_PREFIX="" ++HAVE_DOT_CONFIG=y ++ ++# ++# General Library Settings ++# ++# HAVE_NO_PIC is not set ++DOPIC=y ++# HAVE_NO_SHARED is not set ++HAVE_SHARED=y ++# ARCH_HAS_NO_LDSO is not set ++BUILD_UCLIBC_LDSO=y ++FORCE_SHAREABLE_TEXT_SEGMENTS=y ++LDSO_LDD_SUPPORT=y ++LDSO_CACHE_SUPPORT=y ++# LDSO_PRELOAD_FILE_SUPPORT is not set ++LDSO_BASE_FILENAME="ld.so" ++LDSO_RUNPATH=y ++# DL_FINI_CRT_COMPAT is not set ++UCLIBC_CTOR_DTOR=y ++# HAS_NO_THREADS is not set ++UCLIBC_HAS_THREADS=y ++# PTHREADS_DEBUG_SUPPORT is not set ++UCLIBC_HAS_LFS=y ++# UCLIBC_STATIC_LDCONFIG is not set ++# MALLOC is not set ++# MALLOC_SIMPLE is not set ++MALLOC_STANDARD=y ++# MALLOC_GLIBC_COMPAT is not set ++UCLIBC_DYNAMIC_ATEXIT=y ++HAS_SHADOW=y ++UNIX98PTY_ONLY=y ++ASSUME_DEVPTS=y ++UCLIBC_HAS_TM_EXTENSIONS=y ++UCLIBC_HAS_TZ_CACHING=y ++UCLIBC_HAS_TZ_FILE=y ++UCLIBC_HAS_TZ_FILE_READ_MANY=y ++UCLIBC_TZ_FILE_PATH="/etc/TZ" ++ ++# ++# Networking Support ++# ++# UCLIBC_HAS_IPV6 is not set ++UCLIBC_HAS_RPC=y ++# UCLIBC_HAS_FULL_RPC is not set ++ ++# ++# String and Stdio Support ++# ++UCLIBC_HAS_STRING_GENERIC_OPT=y ++UCLIBC_HAS_STRING_ARCH_OPT=y ++UCLIBC_HAS_CTYPE_TABLES=y ++UCLIBC_HAS_CTYPE_SIGNED=y ++UCLIBC_HAS_CTYPE_UNSAFE=y ++# UCLIBC_HAS_CTYPE_CHECKED is not set ++# UCLIBC_HAS_CTYPE_ENFORCED is not set ++UCLIBC_HAS_WCHAR=y ++UCLIBC_HAS_LOCALE=y ++UCLIBC_PREGENERATED_LOCALE_DATA=y ++# UCLIBC_DOWNLOAD_PREGENERATED_LOCALE_DATA is not set ++# UCLIBC_HAS_XLOCALE is not set ++# UCLIBC_HAS_HEXADECIMAL_FLOATS is not set ++# UCLIBC_HAS_GLIBC_DIGIT_GROUPING is not set ++UCLIBC_HAS_GLIBC_CUSTOM_PRINTF=y ++UCLIBC_PRINTF_SCANF_POSITIONAL_ARGS=9 ++# UCLIBC_HAS_SCANF_GLIBC_A_FLAG is not set ++# UCLIBC_HAS_STDIO_BUFSIZ_NONE is not set ++# UCLIBC_HAS_STDIO_BUFSIZ_256 is not set ++# UCLIBC_HAS_STDIO_BUFSIZ_512 is not set ++# UCLIBC_HAS_STDIO_BUFSIZ_1024 is not set ++# UCLIBC_HAS_STDIO_BUFSIZ_2048 is not set ++UCLIBC_HAS_STDIO_BUFSIZ_4096=y ++# UCLIBC_HAS_STDIO_BUFSIZ_8192 is not set ++UCLIBC_HAS_STDIO_BUILTIN_BUFFER_NONE=y ++# UCLIBC_HAS_STDIO_BUILTIN_BUFFER_4 is not set ++# UCLIBC_HAS_STDIO_BUILTIN_BUFFER_8 is not set ++# UCLIBC_HAS_STDIO_SHUTDOWN_ON_ABORT is not set ++UCLIBC_HAS_STDIO_GETC_MACRO=y ++UCLIBC_HAS_STDIO_PUTC_MACRO=y ++UCLIBC_HAS_STDIO_AUTO_RW_TRANSITION=y ++# UCLIBC_HAS_FOPEN_LARGEFILE_MODE is not set ++# UCLIBC_HAS_FOPEN_EXCLUSIVE_MODE is not set ++# UCLIBC_HAS_GLIBC_CUSTOM_STREAMS is not set ++# UCLIBC_HAS_PRINTF_M_SPEC is not set ++UCLIBC_HAS_ERRNO_MESSAGES=y ++# UCLIBC_HAS_SYS_ERRLIST is not set ++UCLIBC_HAS_SIGNUM_MESSAGES=y ++# UCLIBC_HAS_SYS_SIGLIST is not set ++UCLIBC_HAS_GNU_GETOPT=y ++ ++# ++# Big and Tall ++# ++UCLIBC_HAS_REGEX=y ++# UCLIBC_HAS_WORDEXP is not set ++# UCLIBC_HAS_FTW is not set ++UCLIBC_HAS_GLOB=y ++ ++# ++# Library Installation Options ++# ++SHARED_LIB_LOADER_PREFIX="$(DEVEL_PREFIX)/lib" ++RUNTIME_PREFIX="/usr/$(TARGET_ARCH)-linux-uclibc/" ++DEVEL_PREFIX="/usr/$(TARGET_ARCH)-linux-uclibc/usr/" ++ ++# ++# uClibc security related options ++# ++UCLIBC_SECURITY=y ++UCLIBC_BUILD_PIE=y ++UCLIBC_HAS_ARC4RANDOM=y ++MKTEMP_USE_ARC4RANDOM=y ++ARC4RANDOM_USE_SYSCTL=y ++UCLIBC_HAS_SSP=y ++# SSP_QUICK_CANARY is not set ++# SSP_USE_ERANDOM is not set ++SSP_USE_ARC4RANDOM=y ++PROPOLICE_BLOCK_ABRT=y ++# PROPOLICE_BLOCK_SEGV is not set ++# PROPOLICE_BLOCK_KILL is not set ++UCLIBC_BUILD_SSP=y ++UCLIBC_BUILD_RELRO=y ++UCLIBC_BUILD_NOW=y ++UCLIBC_BUILD_NOEXECSTACK=y ++ ++# ++# uClibc development/debugging options ++# ++CROSS_COMPILER_PREFIX="" ++# DODEBUG is not set ++# DODEBUG_PT is not set ++# DOASSERTS is not set ++# SUPPORT_LD_DEBUG is not set ++# SUPPORT_LD_DEBUG_EARLY is not set ++WARNINGS="-Wall" ++# UCLIBC_MJN3_ONLY is not set Added: trunk/uClibc/uClibc-0.9.28-libc_stack_end-1.patch =================================================================== --- trunk/uClibc/uClibc-0.9.28-libc_stack_end-1.patch 2005-10-08 14:43:57 UTC (rev 1172) +++ trunk/uClibc/uClibc-0.9.28-libc_stack_end-1.patch 2005-10-08 14:45:52 UTC (rev 1173) @@ -0,0 +1,24 @@ +Submitted By: Robert Connolly <robert at linuxfromscratch dot org> (ashes) +Date: 2005-10-02 +Initial Package Version: 0.9.28 +Upstream Status: Not submitted +Origin: http://busybox.net/lists/uclibc/2005-September/012492.html +Description: This fixes "undefined reference to `__libc_stack_end'" when +installing from a non-uClibc host. + +Also see: +http://www.linuxfromscratch.org/hlfs/ +http://www.linuxfromscratch.org/hints/downloads/files/entropy.txt + +diff -Naur uClibc-0.9.28.orig/libc/misc/internals/__uClibc_main.c uClibc-0.9.28/libc/misc/internals/__uClibc_main.c +--- uClibc-0.9.28.orig/libc/misc/internals/__uClibc_main.c 2005-08-17 22:49:48.000000000 +0000 ++++ uClibc-0.9.28/libc/misc/internals/__uClibc_main.c 2005-10-02 05:16:26.000000000 +0000 +@@ -28,6 +28,8 @@ + extern void __guard_setup(void); + #endif + ++void * __dummy_libc_stack_end = NULL; ++weak_alias(__dummy_libc_stack_end, __libc_stack_end); + + /* + * Prototypes. -- http://linuxfromscratch.org/mailman/listinfo/patches FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
