From 826f436391fdd5afe3627db15c4401ef332fc320 Mon Sep 17 00:00:00 2001 From: djm <> Date: Wed, 26 Nov 2003 21:40:08 +0000 Subject: [PATCH] Discard first 256 bytes of keystream, as per recommendation in "Weaknesses in the Key Scheduling Algorithm of RC4", Fluhrer, Mantin and Shamir. ok itojun@ --- src/lib/libc/crypt/arc4random.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/lib/libc/crypt/arc4random.c b/src/lib/libc/crypt/arc4random.c index 5e3b2925..5b376488 100644 --- a/src/lib/libc/crypt/arc4random.c +++ b/src/lib/libc/crypt/arc4random.c @@ -1,4 +1,4 @@ -/* $OpenBSD: arc4random.c,v 1.9 2003/08/16 19:07:40 tedu Exp $ */ +/* $OpenBSD: arc4random.c,v 1.10 2003/11/26 21:40:08 djm Exp $ */ /* * Arc4 random number generator for OpenBSD. @@ -48,6 +48,8 @@ static int rs_initialized; static struct arc4_stream rs; static pid_t arc4_stir_pid; +static inline u_int8_t arc4_getbyte(struct arc4_stream *); + static inline void arc4_init(struct arc4_stream *as) { @@ -98,6 +100,13 @@ arc4_stir(struct arc4_stream *as) arc4_stir_pid = getpid(); arc4_addrandom(as, (void *) &rdat, sizeof(rdat)); + + /* + * Discard early keystream, as per recommendations in: + * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps + */ + for (i = 0; i < 256; i++) + (void) arc4_getbyte(as); } static inline u_int8_t