Change rand(), random(), drand48(), lrand48(), mrand48(), and srand48()

to returning strong random by default, source from arc4random(3). Parameters to the seeding functions are ignored, and the subsystems remain in strong random mode. If you wish the standardized deterministic mode, call srand_deterministic(), srandom_determistic(), srand48_deterministic(), seed48_deterministic() or lcong48_deterministic() instead. The re-entrant functions rand_r(), erand48(), nrand48(), jrand48() are unaffected by this change and remain in deterministic mode (for now). Verified as a good roadmap forward by auditing 8800 pieces of software. Roughly 60 pieces of software will need adaptation to request the deterministic mode. Violates POSIX and C89, which violate best practice in this century. ok guenther tedu millert
author: deraadt <> 2014-12-08 21:45:20 +0000
committer: deraadt <> 2014-12-08 21:45:20 +0000
commit: 1e2b0be5bee045db1b0abb1f87801004db563bb8 (patch)
tree: bf17a76201de02c2ce50358a383001a6b6c5cc64 /src/lib/libc/stdlib/rand48.3
parent: 4b0b4fc5d98edef87738071b3784e13573327bab (diff)
download: openbsd-1e2b0be5bee045db1b0abb1f87801004db563bb8.tar.gz
openbsd-1e2b0be5bee045db1b0abb1f87801004db563bb8.tar.bz2
openbsd-1e2b0be5bee045db1b0abb1f87801004db563bb8.zip
1 files changed, 83 insertions, 27 deletions
diff --git a/src/lib/libc/stdlib/rand48.3 b/src/lib/libc/stdlib/rand48.3
index a4473185de..dce8c0dd18 100644
--- a/src/lib/libc/stdlib/rand48.3
+++ b/src/lib/libc/stdlib/rand48.3
@@ -9,9 +9,9 @@
 .\" of any kind. I shall in no event be liable for anything that happens
 .\" to anyone/anything when using this software.
 .\"
-.\"     $OpenBSD: rand48.3,v 1.16 2014/11/25 17:26:34 millert Exp $
+.\"     $OpenBSD: rand48.3,v 1.17 2014/12/08 21:45:20 deraadt Exp $
 .\"
-.Dd $Mdocdate: November 25 2014 $
+.Dd $Mdocdate: December 8 2014 $
 .Dt RAND48 3
 .Os
 .Sh NAME
@@ -22,8 +22,11 @@
 .Nm mrand48 ,
 .Nm jrand48 ,
 .Nm srand48 ,
+.Nm srand48_deterministic ,
 .Nm seed48 ,
+.Nm seed48_deterministic ,
 .Nm lcong48
+.Nm lcong48_deterministic
 .Nd pseudo-random number generators and initialization routines
 .Sh SYNOPSIS
 .In stdlib.h
@@ -41,31 +44,56 @@
 .Fn jrand48 "unsigned short xseed[3]"
 .Ft void
 .Fn srand48 "long seed"
+.Ft void
+.Fn srand48_deterministic "long seed"
 .Ft "unsigned short *"
 .Fn seed48 "unsigned short xseed[3]"
+.Ft "unsigned short *"
+.Fn seed48_deterministic "unsigned short xseed[3]"
 .Ft void
 .Fn lcong48 "unsigned short p[7]"
+.Ft void
+.Fn lcong48_deterministic "unsigned short p[7]"
 .Sh DESCRIPTION
 .Bf -symbolic
-This interface is not cryptographically secure, so consider using
+Standards insist that this interface return deterministic results.
-.Xr arc4random 3
+Unsafe usage is very common, so
-instead.
+.Ox
+changed the subsystem to return non-deterministic results by default.
 .Ef
 .Pp
-The
+To satisfy portable code,
-.Fn rand48
+.Fn srand48 ,
-family of functions generates pseudo-random numbers using a linear
+.Fn seed48 ,
-congruential algorithm working on integers 48 bits in size.
+or
-The particular formula employed is
+.Fn lcong48
-r(n+1) = (a * r(n) + c) mod m
+should be called to initialize the subsystem.
-where the default values are
+In
-for the multiplicand a = 0xfdeece66d = 25214903917 and
+.Ox
-the addend c = 0xb = 11.
+the
-The modulus is always fixed at m = 2 ** 48.
+seeding parameters are ignored, and strong random number results will be
-r(n) is called the seed of the random number generator.
+provided from
+.Xr arc4random 3.
+In other systems, the
+parameters prime a simplistic deterministic algorithm.
 .Pp
-For all the six generator routines described next, the first
+If the standardized behavior is required then
-computational step is to perform a single iteration of the algorithm.
+.Fn srand48_deterministic ,
+.Fn seed48_deterministic ,
+and
+.Fn lcong48_deterministic
+can be substituted for
+.Fn srand48 ,
+.Fn seed48 ,
+and
+.Fn lcong48 .
+That will cause subsequent
+calls to
+.Fn drand48 ,
+.Fn lrand48 ,
+and
+.Fn jrand48
+to return results using the deterministic algorithm.
 .Pp
 .Fn drand48
 and
@@ -91,6 +119,21 @@ return values of type long in the range
 [-2**31, 2**31-1].
 The high-order (32) bits of r(n+1) are loaded into the returned value.
 .Pp
+In the deterministic mode, the
+.Fn rand48
+family of functions generates numbers using a linear congruential
+algorithm working on integers 48 bits in size.
+The particular formula employed is
+r(n+1) = (a * r(n) + c) mod m
+where the default values are
+for the multiplicand a = 0xfdeece66d = 25214903917 and
+the addend c = 0xb = 11.
+The modulus is always fixed at m = 2 ** 48.
+r(n) is called the seed of the random number generator.
+.Pp
+For all the six generator routines described next, the first
+computational step is to perform a single iteration of the algorithm.
+.Pp
 .Fn drand48 ,
 .Fn lrand48 ,
 and
@@ -110,7 +153,7 @@ holds the least significant bits.
 .Pp
 All functions share the same multiplicand and addend.
 .Pp
-.Fn srand48
+.Fn srand48_deterministic
 is used to initialize the internal buffer r(n) of
 .Fn drand48 ,
 .Fn lrand48 ,
@@ -121,7 +164,7 @@ of r(n), with the lower 16 bits of r(n) arbitrarily being set to 0x330e.
 Additionally, the constant multiplicand and addend of the algorithm are
 reset to the default values given above.
 .Pp
-.Fn seed48
+.Fn seed48_deterministic
 also initializes the internal buffer r(n) of
 .Fn drand48 ,
 .Fn lrand48 ,
@@ -131,14 +174,14 @@ but here all 48 bits of the seed can be specified in an array of 3 shorts,
 where the zeroth member specifies the lowest bits.
 Again, the constant multiplicand and addend of the algorithm are
 reset to the default values given above.
-.Fn seed48
+.Fn seed48_deterministic
 returns a pointer to an array of 3 shorts which contains the old seed.
 This array is statically allocated, so its contents are lost after
 each new call to
-.Fn seed48 .
+.Fn seed48_deterministic .
 .Pp
 Finally,
-.Fn lcong48
+.Fn lcong48_deterministic
 allows full control over the multiplicand and addend used in
 .Fn drand48 ,
 .Fn erand48 ,
@@ -169,14 +212,27 @@ The
 .Fn drand48 ,
 .Fn erand48 ,
 .Fn jrand48 ,
-.Fn lcong48 ,
 .Fn lrand48 ,
 .Fn mrand48 ,
-.Fn nrand48 ,
-.Fn seed48 ,
 and
-.Fn srand48
+.Fn nrand48 ,
 functions conform to
 .St -p1003.1-2008 .
+.Pp
+The
+.Fn seed48 ,
+.Fn srand48 ,
+and
+.Fn lcong48
+function do not conform to
+.St -ansiC ,
+intentionally.
+.Pp
+The
+.Fn seed48_deterministic ,
+.Fn srand48_deterministic ,
+and
+.Fn lcong48_deterministic
+functions are OpenBSD extensions.
 .Sh AUTHORS
 .An Martin Birgmeier
author	deraadt <>	2014-12-08 21:45:20 +0000
committer	deraadt <>	2014-12-08 21:45:20 +0000
commit	1e2b0be5bee045db1b0abb1f87801004db563bb8 (patch)
tree	bf17a76201de02c2ce50358a383001a6b6c5cc64 /src/lib/libc/stdlib/rand48.3
parent	4b0b4fc5d98edef87738071b3784e13573327bab (diff)
download	openbsd-1e2b0be5bee045db1b0abb1f87801004db563bb8.tar.gz openbsd-1e2b0be5bee045db1b0abb1f87801004db563bb8.tar.bz2 openbsd-1e2b0be5bee045db1b0abb1f87801004db563bb8.zip

diff --git a/src/lib/libc/stdlib/rand48.3 b/src/lib/libc/stdlib/rand48.3 index a4473185de..dce8c0dd18 100644 --- a/src/lib/libc/stdlib/rand48.3 +++ b/src/lib/libc/stdlib/rand48.3
@@ -9,9 +9,9 @@
9	.\" of any kind. I shall in no event be liable for anything that happens	9	.\" of any kind. I shall in no event be liable for anything that happens
10	.\" to anyone/anything when using this software.	10	.\" to anyone/anything when using this software.
11	.\"	11	.\"
12	.\" $OpenBSD: rand48.3,v 1.16 2014/11/25 17:26:34 millert Exp $	12	.\" $OpenBSD: rand48.3,v 1.17 2014/12/08 21:45:20 deraadt Exp $
13	.\"	13	.\"
14	.Dd $Mdocdate: November 25 2014 $	14	.Dd $Mdocdate: December 8 2014 $
15	.Dt RAND48 3	15	.Dt RAND48 3
16	.Os	16	.Os
17	.Sh NAME	17	.Sh NAME
@@ -22,8 +22,11 @@
22	.Nm mrand48 ,	22	.Nm mrand48 ,
23	.Nm jrand48 ,	23	.Nm jrand48 ,
24	.Nm srand48 ,	24	.Nm srand48 ,
		25	.Nm srand48_deterministic ,
25	.Nm seed48 ,	26	.Nm seed48 ,
		27	.Nm seed48_deterministic ,
26	.Nm lcong48	28	.Nm lcong48
		29	.Nm lcong48_deterministic
27	.Nd pseudo-random number generators and initialization routines	30	.Nd pseudo-random number generators and initialization routines
28	.Sh SYNOPSIS	31	.Sh SYNOPSIS
29	.In stdlib.h	32	.In stdlib.h
@@ -41,31 +44,56 @@
41	.Fn jrand48 "unsigned short xseed[3]"	44	.Fn jrand48 "unsigned short xseed[3]"
42	.Ft void	45	.Ft void
43	.Fn srand48 "long seed"	46	.Fn srand48 "long seed"
		47	.Ft void
		48	.Fn srand48_deterministic "long seed"
44	.Ft "unsigned short *"	49	.Ft "unsigned short *"
45	.Fn seed48 "unsigned short xseed[3]"	50	.Fn seed48 "unsigned short xseed[3]"
		51	.Ft "unsigned short *"
		52	.Fn seed48_deterministic "unsigned short xseed[3]"
46	.Ft void	53	.Ft void
47	.Fn lcong48 "unsigned short p[7]"	54	.Fn lcong48 "unsigned short p[7]"
		55	.Ft void
		56	.Fn lcong48_deterministic "unsigned short p[7]"
48	.Sh DESCRIPTION	57	.Sh DESCRIPTION
49	.Bf -symbolic	58	.Bf -symbolic
50	This interface is not cryptographically secure, so consider using	59	Standards insist that this interface return deterministic results.
51	.Xr arc4random 3	60	Unsafe usage is very common, so
52	instead.	61	.Ox
		62	changed the subsystem to return non-deterministic results by default.
53	.Ef	63	.Ef
54	.Pp	64	.Pp
55	The	65	To satisfy portable code,
56	.Fn rand48	66	.Fn srand48 ,
57	family of functions generates pseudo-random numbers using a linear	67	.Fn seed48 ,
58	congruential algorithm working on integers 48 bits in size.	68	or
59	The particular formula employed is	69	.Fn lcong48
60	r(n+1) = (a * r(n) + c) mod m	70	should be called to initialize the subsystem.
61	where the default values are	71	In
62	for the multiplicand a = 0xfdeece66d = 25214903917 and	72	.Ox
63	the addend c = 0xb = 11.	73	the
64	The modulus is always fixed at m = 2 ** 48.	74	seeding parameters are ignored, and strong random number results will be
65	r(n) is called the seed of the random number generator.	75	provided from
		76	.Xr arc4random 3.
		77	In other systems, the
		78	parameters prime a simplistic deterministic algorithm.
66	.Pp	79	.Pp
67	For all the six generator routines described next, the first	80	If the standardized behavior is required then
68	computational step is to perform a single iteration of the algorithm.	81	.Fn srand48_deterministic ,
		82	.Fn seed48_deterministic ,
		83	and
		84	.Fn lcong48_deterministic
		85	can be substituted for
		86	.Fn srand48 ,
		87	.Fn seed48 ,
		88	and
		89	.Fn lcong48 .
		90	That will cause subsequent
		91	calls to
		92	.Fn drand48 ,
		93	.Fn lrand48 ,
		94	and
		95	.Fn jrand48
		96	to return results using the deterministic algorithm.
69	.Pp	97	.Pp
70	.Fn drand48	98	.Fn drand48
71	and	99	and
@@ -91,6 +119,21 @@ return values of type long in the range
91	[-231, 231-1].	119	[-231, 231-1].
92	The high-order (32) bits of r(n+1) are loaded into the returned value.	120	The high-order (32) bits of r(n+1) are loaded into the returned value.
93	.Pp	121	.Pp
		122	In the deterministic mode, the
		123	.Fn rand48
		124	family of functions generates numbers using a linear congruential
		125	algorithm working on integers 48 bits in size.
		126	The particular formula employed is
		127	r(n+1) = (a * r(n) + c) mod m
		128	where the default values are
		129	for the multiplicand a = 0xfdeece66d = 25214903917 and
		130	the addend c = 0xb = 11.
		131	The modulus is always fixed at m = 2 ** 48.
		132	r(n) is called the seed of the random number generator.
		133	.Pp
		134	For all the six generator routines described next, the first
		135	computational step is to perform a single iteration of the algorithm.
		136	.Pp
94	.Fn drand48 ,	137	.Fn drand48 ,
95	.Fn lrand48 ,	138	.Fn lrand48 ,
96	and	139	and
@@ -110,7 +153,7 @@ holds the least significant bits.
110	.Pp	153	.Pp
111	All functions share the same multiplicand and addend.	154	All functions share the same multiplicand and addend.
112	.Pp	155	.Pp
113	.Fn srand48	156	.Fn srand48_deterministic
114	is used to initialize the internal buffer r(n) of	157	is used to initialize the internal buffer r(n) of
115	.Fn drand48 ,	158	.Fn drand48 ,
116	.Fn lrand48 ,	159	.Fn lrand48 ,
@@ -121,7 +164,7 @@ of r(n), with the lower 16 bits of r(n) arbitrarily being set to 0x330e.
121	Additionally, the constant multiplicand and addend of the algorithm are	164	Additionally, the constant multiplicand and addend of the algorithm are
122	reset to the default values given above.	165	reset to the default values given above.
123	.Pp	166	.Pp
124	.Fn seed48	167	.Fn seed48_deterministic
125	also initializes the internal buffer r(n) of	168	also initializes the internal buffer r(n) of
126	.Fn drand48 ,	169	.Fn drand48 ,
127	.Fn lrand48 ,	170	.Fn lrand48 ,
@@ -131,14 +174,14 @@ but here all 48 bits of the seed can be specified in an array of 3 shorts,
131	where the zeroth member specifies the lowest bits.	174	where the zeroth member specifies the lowest bits.
132	Again, the constant multiplicand and addend of the algorithm are	175	Again, the constant multiplicand and addend of the algorithm are
133	reset to the default values given above.	176	reset to the default values given above.
134	.Fn seed48	177	.Fn seed48_deterministic
135	returns a pointer to an array of 3 shorts which contains the old seed.	178	returns a pointer to an array of 3 shorts which contains the old seed.
136	This array is statically allocated, so its contents are lost after	179	This array is statically allocated, so its contents are lost after
137	each new call to	180	each new call to
138	.Fn seed48 .	181	.Fn seed48_deterministic .
139	.Pp	182	.Pp
140	Finally,	183	Finally,
141	.Fn lcong48	184	.Fn lcong48_deterministic
142	allows full control over the multiplicand and addend used in	185	allows full control over the multiplicand and addend used in
143	.Fn drand48 ,	186	.Fn drand48 ,
144	.Fn erand48 ,	187	.Fn erand48 ,
@@ -169,14 +212,27 @@ The
169	.Fn drand48 ,	212	.Fn drand48 ,
170	.Fn erand48 ,	213	.Fn erand48 ,
171	.Fn jrand48 ,	214	.Fn jrand48 ,
172	.Fn lcong48 ,
173	.Fn lrand48 ,	215	.Fn lrand48 ,
174	.Fn mrand48 ,	216	.Fn mrand48 ,
175	.Fn nrand48 ,
176	.Fn seed48 ,
177	and	217	and
178	.Fn srand48	218	.Fn nrand48 ,
179	functions conform to	219	functions conform to
180	.St -p1003.1-2008 .	220	.St -p1003.1-2008 .
		221	.Pp
		222	The
		223	.Fn seed48 ,
		224	.Fn srand48 ,
		225	and
		226	.Fn lcong48
		227	function do not conform to
		228	.St -ansiC ,
		229	intentionally.
		230	.Pp
		231	The
		232	.Fn seed48_deterministic ,
		233	.Fn srand48_deterministic ,
		234	and
		235	.Fn lcong48_deterministic
		236	functions are OpenBSD extensions.
181	.Sh AUTHORS	237	.Sh AUTHORS
182	.An Martin Birgmeier	238	.An Martin Birgmeier