4 files changed, 52 insertions, 165 deletions
diff --git a/ChangeLog b/ChangeLog
index 34b6d17f9..78578cf19 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,10 @@
 - (djm) [openbsd-compat/arc4random.c openbsd-compat/chacha_private.h] Pull
   in OpenBSD implementation of arc4random, shortly to replace the existing
   bsd-arc4random.c
+ - (djm) [openbsd-compat/Makefile.in openbsd-compat/arc4random.c]
+   [openbsd-compat/bsd-arc4random.c] Replace old RC4-based arc4random
+   implementation with recent OpenBSD's ChaCha-based PRNG. ok dtucker@,
+   tested tim@
 20130922
 - (dtucker) [platform.c platform.h sshd.c] bz#2156: restore Linux oom_adj
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index 365cf006d..a5f4a266c 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.51 2013/05/10 06:28:56 dtucker Exp $
+# $Id: Makefile.in,v 1.52 2013/10/08 23:44:49 djm Exp $
 sysconfdir=@sysconfdir@
 piddir=@piddir@
@@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@
 OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o
-COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
+COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
 PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c
index 356e23181..eac073cc0 100644
--- a/openbsd-compat/arc4random.c
+++ b/openbsd-compat/arc4random.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/crypto/arc4random.c */
 /*      $OpenBSD: arc4random.c,v 1.25 2013/10/01 18:34:57 markus Exp $  */
 /*
@@ -22,16 +24,19 @@
 * ChaCha based random number generator for OpenBSD.
 */
-#include <fcntl.h>
+#include "includes.h"
-#include <limits.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 #include <sys/types.h>
-#include <sys/param.h>
-#include <sys/time.h>
+#ifndef HAVE_ARC4RANDOM
-#include <sys/sysctl.h>
-#include "thread_private.h"
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include "log.h"
 #define KEYSTREAM_ONLY
 #include "chacha_private.h"
@@ -42,6 +47,10 @@
 #define inline
 #endif                          /* !__GNUC__ */
+/* OpenSSH isn't multithreaded */
+#define _ARC4_LOCK()
+#define _ARC4_UNLOCK()
 #define KEYSZ   32
 #define IVSZ    8
 #define BLOCKSZ 64
@@ -67,15 +76,11 @@ _rs_init(u_char *buf, size_t n)
 static void
 _rs_stir(void)
 {
-        int     mib[2];
-        size_t  len;
        u_char rnd[KEYSZ + IVSZ];
-        mib[0] = CTL_KERN;
+        if (RAND_bytes(rnd, sizeof(rnd)) <= 0)
-        mib[1] = KERN_ARND;
+                fatal("Couldn't obtain random bytes (error %ld)",
+                    ERR_get_error());
-        len = sizeof(rnd);
-        sysctl(mib, 2, rnd, &len, NULL, 0);
        if (!rs_initialized) {
                rs_initialized = 1;
@@ -194,6 +199,11 @@ arc4random(void)
        return val;
 }
+/*
+ * If we are providing arc4random, then we can provide a more efficient 
+ * arc4random_buf().
+ */
+# ifndef HAVE_ARC4RANDOM_BUF
 void
 arc4random_buf(void *buf, size_t n)
 {
@@ -201,7 +211,29 @@ arc4random_buf(void *buf, size_t n)
        _rs_random_buf(buf, n);
        _ARC4_UNLOCK();
 }
+# endif /* !HAVE_ARC4RANDOM_BUF */
+#endif /* !HAVE_ARC4RANDOM */
+/* arc4random_buf() that uses platform arc4random() */
+#if !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM)
+void
+arc4random_buf(void *_buf, size_t n)
+{
+        size_t i;
+        u_int32_t r = 0;
+        char *buf = (char *)_buf;
+        for (i = 0; i < n; i++) {
+                if (i % 4 == 0)
+                        r = arc4random();
+                buf[i] = r & 0xff;
+                r >>= 8;
+        }
+        i = r = 0;
+}
+#endif /* !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM) */
+#ifndef HAVE_ARC4RANDOM_UNIFORM
 /*
 * Calculate a uniformly distributed random number less than upper_bound
 * avoiding "modulo bias".
@@ -237,6 +269,7 @@ arc4random_uniform(u_int32_t upper_bound)
        return r % upper_bound;
 }
+#endif /* !HAVE_ARC4RANDOM_UNIFORM */
 #if 0
 /*-------- Test code for i386 --------*/
diff --git a/openbsd-compat/bsd-arc4random.c b/openbsd-compat/bsd-arc4random.c
deleted file mode 100644
index d7c586253..000000000
--- a/openbsd-compat/bsd-arc4random.c
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
- * Copyright (c) 1999,2000,2004 Damien Miller <djm@mindrot.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-#include "includes.h"
-#include <sys/types.h>
-#include <string.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include "log.h"
-#ifndef HAVE_ARC4RANDOM
-#include <openssl/rand.h>
-#include <openssl/rc4.h>
-#include <openssl/err.h>
-/* Size of key to use */
-#define SEED_SIZE 20
-/* Number of bytes to reseed after */
-#define REKEY_BYTES     (1 << 24)
-static int rc4_ready = 0;
-static RC4_KEY rc4;
-unsigned int
-arc4random(void)
-{
-        unsigned int r = 0;
-        static int first_time = 1;
-        if (rc4_ready <= 0) {
-                if (first_time)
-                        seed_rng();
-                first_time = 0;
-                arc4random_stir();
-        }
-        RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r);
-        rc4_ready -= sizeof(r);
-        
-        return(r);
-}
-void
-arc4random_stir(void)
-{
-        unsigned char rand_buf[SEED_SIZE];
-        int i;
-        memset(&rc4, 0, sizeof(rc4));
-        if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0)
-                fatal("Couldn't obtain random bytes (error %ld)",
-                    ERR_get_error());
-        RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
-        /*
-         * Discard early keystream, as per recommendations in:
-         * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
-         */
-        for(i = 0; i <= 256; i += sizeof(rand_buf))
-                RC4(&rc4, sizeof(rand_buf), rand_buf, rand_buf);
-        memset(rand_buf, 0, sizeof(rand_buf));
-        rc4_ready = REKEY_BYTES;
-}
-#endif /* !HAVE_ARC4RANDOM */
-#ifndef HAVE_ARC4RANDOM_BUF
-void
-arc4random_buf(void *_buf, size_t n)
-{
-        size_t i;
-        u_int32_t r = 0;
-        char *buf = (char *)_buf;
-        for (i = 0; i < n; i++) {
-                if (i % 4 == 0)
-                        r = arc4random();
-                buf[i] = r & 0xff;
-                r >>= 8;
-        }
-        i = r = 0;
-}
-#endif /* !HAVE_ARC4RANDOM_BUF */
-#ifndef HAVE_ARC4RANDOM_UNIFORM
-/*
- * Calculate a uniformly distributed random number less than upper_bound
- * avoiding "modulo bias".
- *
- * Uniformity is achieved by generating new random numbers until the one
- * returned is outside the range [0, 2**32 % upper_bound).  This
- * guarantees the selected random number will be inside
- * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound)
- * after reduction modulo upper_bound.
- */
-u_int32_t
-arc4random_uniform(u_int32_t upper_bound)
-{
-        u_int32_t r, min;
-        if (upper_bound < 2)
-                return 0;
-#if (ULONG_MAX > 0xffffffffUL)
-        min = 0x100000000UL % upper_bound;
-#else
-        /* Calculate (2**32 % upper_bound) avoiding 64-bit math */
-        if (upper_bound > 0x80000000)
-                min = 1 + ~upper_bound;         /* 2**32 - upper_bound */
-        else {
-                /* (2**32 - (x * 2)) % x == 2**32 % x when x <= 2**31 */
-                min = ((0xffffffff - (upper_bound * 2)) + 1) % upper_bound;
-        }
-#endif
-        /*
-         * This could theoretically loop forever but each retry has
-         * p > 0.5 (worst case, usually far better) of selecting a
-         * number inside the range we need, so it should rarely need
-         * to re-roll.
-         */
-        for (;;) {
-                r = arc4random();
-                if (r >= min)
-                        break;
-        }
-        return r % upper_bound;
-}
-#endif /* !HAVE_ARC4RANDOM_UNIFORM */

diff --git a/ChangeLog b/ChangeLog index 34b6d17f9..78578cf19 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -2,6 +2,10 @@
2	- (djm) [openbsd-compat/arc4random.c openbsd-compat/chacha_private.h] Pull	2	- (djm) [openbsd-compat/arc4random.c openbsd-compat/chacha_private.h] Pull
3	in OpenBSD implementation of arc4random, shortly to replace the existing	3	in OpenBSD implementation of arc4random, shortly to replace the existing
4	bsd-arc4random.c	4	bsd-arc4random.c
		5	- (djm) [openbsd-compat/Makefile.in openbsd-compat/arc4random.c]
		6	[openbsd-compat/bsd-arc4random.c] Replace old RC4-based arc4random
		7	implementation with recent OpenBSD's ChaCha-based PRNG. ok dtucker@,
		8	tested tim@
5		9
6	20130922	10	20130922
7	- (dtucker) [platform.c platform.h sshd.c] bz#2156: restore Linux oom_adj	11	- (dtucker) [platform.c platform.h sshd.c] bz#2156: restore Linux oom_adj


diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 365cf006d..a5f4a266c 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
1	# $Id: Makefile.in,v 1.51 2013/05/10 06:28:56 dtucker Exp $	1	# $Id: Makefile.in,v 1.52 2013/10/08 23:44:49 djm Exp $
2		2
3	sysconfdir=@sysconfdir@	3	sysconfdir=@sysconfdir@
4	piddir=@piddir@	4	piddir=@piddir@
@@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@
18		18
19	OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o	19	OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o
20		20
21	COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o	21	COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
22		22
23	PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o	23	PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
24		24


diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c index 356e23181..eac073cc0 100644 --- a/openbsd-compat/arc4random.c +++ b/openbsd-compat/arc4random.c
@@ -1,3 +1,5 @@
		1	/* OPENBSD ORIGINAL: lib/libc/crypto/arc4random.c */
		2
1	/* $OpenBSD: arc4random.c,v 1.25 2013/10/01 18:34:57 markus Exp $ */	3	/* $OpenBSD: arc4random.c,v 1.25 2013/10/01 18:34:57 markus Exp $ */
2		4
3	/*	5	/*
@@ -22,16 +24,19 @@
22	* ChaCha based random number generator for OpenBSD.	24	* ChaCha based random number generator for OpenBSD.
23	*/	25	*/
24		26
25	#include <fcntl.h>	27	#include "includes.h"
26	#include <limits.h>	28
27	#include <stdlib.h>	29	#include <stdlib.h>
28	#include <string.h>	30	#include <string.h>
29	#include <unistd.h>	31	#include <unistd.h>
30	#include <sys/types.h>	32	#include <sys/types.h>
31	#include <sys/param.h>	33
32	#include <sys/time.h>	34	#ifndef HAVE_ARC4RANDOM
33	#include <sys/sysctl.h>	35
34	#include "thread_private.h"	36	#include <openssl/rand.h>
		37	#include <openssl/err.h>
		38
		39	#include "log.h"
35		40
36	#define KEYSTREAM_ONLY	41	#define KEYSTREAM_ONLY
37	#include "chacha_private.h"	42	#include "chacha_private.h"
@@ -42,6 +47,10 @@
42	#define inline	47	#define inline
43	#endif /* !__GNUC__ */	48	#endif /* !__GNUC__ */
44		49
		50	/* OpenSSH isn't multithreaded */
		51	#define _ARC4_LOCK()
		52	#define _ARC4_UNLOCK()
		53
45	#define KEYSZ 32	54	#define KEYSZ 32
46	#define IVSZ 8	55	#define IVSZ 8
47	#define BLOCKSZ 64	56	#define BLOCKSZ 64
@@ -67,15 +76,11 @@ _rs_init(u_char *buf, size_t n)
67	static void	76	static void
68	_rs_stir(void)	77	_rs_stir(void)
69	{	78	{
70	int mib[2];
71	size_t len;
72	u_char rnd[KEYSZ + IVSZ];	79	u_char rnd[KEYSZ + IVSZ];
73		80
74	mib[0] = CTL_KERN;	81	if (RAND_bytes(rnd, sizeof(rnd)) <= 0)
75	mib[1] = KERN_ARND;	82	fatal("Couldn't obtain random bytes (error %ld)",
76		83	ERR_get_error());
77	len = sizeof(rnd);
78	sysctl(mib, 2, rnd, &len, NULL, 0);
79		84
80	if (!rs_initialized) {	85	if (!rs_initialized) {
81	rs_initialized = 1;	86	rs_initialized = 1;
@@ -194,6 +199,11 @@ arc4random(void)
194	return val;	199	return val;
195	}	200	}
196		201
		202	/*
		203	* If we are providing arc4random, then we can provide a more efficient
		204	* arc4random_buf().
		205	*/
		206	# ifndef HAVE_ARC4RANDOM_BUF
197	void	207	void
198	arc4random_buf(void *buf, size_t n)	208	arc4random_buf(void *buf, size_t n)
199	{	209	{
@@ -201,7 +211,29 @@ arc4random_buf(void *buf, size_t n)
201	_rs_random_buf(buf, n);	211	_rs_random_buf(buf, n);
202	_ARC4_UNLOCK();	212	_ARC4_UNLOCK();
203	}	213	}
		214	# endif /* !HAVE_ARC4RANDOM_BUF */
		215	#endif /* !HAVE_ARC4RANDOM */
		216
		217	/* arc4random_buf() that uses platform arc4random() */
		218	#if !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM)
		219	void
		220	arc4random_buf(void *_buf, size_t n)
		221	{
		222	size_t i;
		223	u_int32_t r = 0;
		224	char buf = (char )_buf;
		225
		226	for (i = 0; i < n; i++) {
		227	if (i % 4 == 0)
		228	r = arc4random();
		229	buf[i] = r & 0xff;
		230	r >>= 8;
		231	}
		232	i = r = 0;
		233	}
		234	#endif /* !defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_ARC4RANDOM) */
204		235
		236	#ifndef HAVE_ARC4RANDOM_UNIFORM
205	/*	237	/*
206	* Calculate a uniformly distributed random number less than upper_bound	238	* Calculate a uniformly distributed random number less than upper_bound
207	* avoiding "modulo bias".	239	* avoiding "modulo bias".
@@ -237,6 +269,7 @@ arc4random_uniform(u_int32_t upper_bound)
237		269
238	return r % upper_bound;	270	return r % upper_bound;
239	}	271	}
		272	#endif /* !HAVE_ARC4RANDOM_UNIFORM */
240		273
241	#if 0	274	#if 0
242	/-------- Test code for i386 --------/	275	/-------- Test code for i386 --------/


diff --git a/openbsd-compat/bsd-arc4random.c b/openbsd-compat/bsd-arc4random.c deleted file mode 100644 index d7c586253..000000000 --- a/openbsd-compat/bsd-arc4random.c +++ /dev/null
@@ -1,150 +0,0 @@
1	/*
2	* Copyright (c) 1999,2000,2004 Damien Miller <djm@mindrot.org>
3	*
4	* Permission to use, copy, modify, and distribute this software for any
5	* purpose with or without fee is hereby granted, provided that the above
6	* copyright notice and this permission notice appear in all copies.
7	*
8	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15	*/
16
17	#include "includes.h"
18
19	#include <sys/types.h>
20
21	#include <string.h>
22	#include <stdlib.h>
23	#include <stdarg.h>
24
25	#include "log.h"
26
27	#ifndef HAVE_ARC4RANDOM
28
29	#include <openssl/rand.h>
30	#include <openssl/rc4.h>
31	#include <openssl/err.h>
32
33	/* Size of key to use */
34	#define SEED_SIZE 20
35
36	/* Number of bytes to reseed after */
37	#define REKEY_BYTES (1 << 24)
38
39	static int rc4_ready = 0;
40	static RC4_KEY rc4;
41
42	unsigned int
43	arc4random(void)
44	{
45	unsigned int r = 0;
46	static int first_time = 1;
47
48	if (rc4_ready <= 0) {
49	if (first_time)
50	seed_rng();
51	first_time = 0;
52	arc4random_stir();
53	}
54
55	RC4(&rc4, sizeof(r), (unsigned char )&r, (unsigned char )&r);
56
57	rc4_ready -= sizeof(r);
58
59	return(r);
60	}
61
62	void
63	arc4random_stir(void)
64	{
65	unsigned char rand_buf[SEED_SIZE];
66	int i;
67
68	memset(&rc4, 0, sizeof(rc4));
69	if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0)
70	fatal("Couldn't obtain random bytes (error %ld)",
71	ERR_get_error());
72	RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
73
74	/*
75	* Discard early keystream, as per recommendations in:
76	* http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
77	*/
78	for(i = 0; i <= 256; i += sizeof(rand_buf))
79	RC4(&rc4, sizeof(rand_buf), rand_buf, rand_buf);
80
81	memset(rand_buf, 0, sizeof(rand_buf));
82
83	rc4_ready = REKEY_BYTES;
84	}
85	#endif /* !HAVE_ARC4RANDOM */
86
87	#ifndef HAVE_ARC4RANDOM_BUF
88	void
89	arc4random_buf(void *_buf, size_t n)
90	{
91	size_t i;
92	u_int32_t r = 0;
93	char buf = (char )_buf;
94
95	for (i = 0; i < n; i++) {
96	if (i % 4 == 0)
97	r = arc4random();
98	buf[i] = r & 0xff;
99	r >>= 8;
100	}
101	i = r = 0;
102	}
103	#endif /* !HAVE_ARC4RANDOM_BUF */
104
105	#ifndef HAVE_ARC4RANDOM_UNIFORM
106	/*
107	* Calculate a uniformly distributed random number less than upper_bound
108	* avoiding "modulo bias".
109	*
110	* Uniformity is achieved by generating new random numbers until the one
111	* returned is outside the range [0, 2**32 % upper_bound). This
112	* guarantees the selected random number will be inside
113	* [232 % upper_bound, 232) which maps back to [0, upper_bound)
114	* after reduction modulo upper_bound.
115	*/
116	u_int32_t
117	arc4random_uniform(u_int32_t upper_bound)
118	{
119	u_int32_t r, min;
120
121	if (upper_bound < 2)
122	return 0;
123
124	#if (ULONG_MAX > 0xffffffffUL)
125	min = 0x100000000UL % upper_bound;
126	#else
127	/* Calculate (2*32 % upper_bound) avoiding 64-bit math /
128	if (upper_bound > 0x80000000)
129	min = 1 + ~upper_bound; /* 2*32 - upper_bound /
130	else {
131	/* (2*32 - (x 2)) % x == 232 % x when x <= 231 */
132	min = ((0xffffffff - (upper_bound * 2)) + 1) % upper_bound;
133	}
134	#endif
135
136	/*
137	* This could theoretically loop forever but each retry has
138	* p > 0.5 (worst case, usually far better) of selecting a
139	* number inside the range we need, so it should rarely need
140	* to re-roll.
141	*/
142	for (;;) {
143	r = arc4random();
144	if (r >= min)
145	break;
146	}
147
148	return r % upper_bound;
149	}
150	#endif /* !HAVE_ARC4RANDOM_UNIFORM */