- (djm) [openbsd-compat/bsd-arc4random.c] Discard early keystream, like OpenBSD

   ok dtucker@

2 files changed, 15 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index 8255b3e5..1c3168a2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20040719
+ - (djm) [openbsd-compat/bsd-arc4random.c] Discard early keystream, like OpenBSD
+   ok dtucker@
+
 20040717
  - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c
    ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c
@@ -1527,4 +1531,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3477 2004/07/17 07:05:14 dtucker Exp $
+$Id: ChangeLog,v 1.3478 2004/07/18 23:30:38 djm Exp $
diff --git a/openbsd-compat/bsd-arc4random.c b/openbsd-compat/bsd-arc4random.c
index 22003ff0..5284e1af 100644
--- a/openbsd-compat/bsd-arc4random.c
+++ b/openbsd-compat/bsd-arc4random.c
@@ -17,7 +17,7 @@
 #include "includes.h"
 #include "log.h"
 
-RCSID("$Id: bsd-arc4random.c,v 1.8 2004/02/17 05:49:55 djm Exp $");
+RCSID("$Id: bsd-arc4random.c,v 1.9 2004/07/18 23:30:40 djm Exp $");
 
 #ifndef HAVE_ARC4RANDOM
 
@@ -56,13 +56,21 @@ unsigned int arc4random(void)
 void arc4random_stir(void)
 {
 	unsigned char rand_buf[SEED_SIZE];
+	int i;
 
 	memset(&rc4, 0, sizeof(rc4));
 	if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0)
 		fatal("Couldn't obtain random bytes (error %ld)",
 		    ERR_get_error());
 	RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
-	RC4(&rc4, sizeof(rand_buf), rand_buf, rand_buf);
+
+	/*
+	 * Discard early keystream, as per recommendations in:
+	 * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
+	 */
+	for(i = 0; i <= 256; i += sizeof(rand_buf))
+		RC4(&rc4, sizeof(rand_buf), rand_buf, rand_buf);
+
 	memset(rand_buf, 0, sizeof(rand_buf));
 
 	rc4_ready = REKEY_BYTES;