Merge remote-tracking branch 'origin/patches-2.0'

2025-09-12 13:58:58 -04:00 · 2013-06-10 10:47:28 -04:00 · 2013-06-10 10:47:28 -04:00 · 0b05aa6591
commit 0b05aa6591
parent c307a250d4 6e49696147
2 changed files with 8 additions and 3 deletions
--- a/arc4random.c
+++ b/arc4random.c
@ -287,6 +287,7 @@ arc4_seed_proc_sys_kernel_random_uuid(void)
 	}
 	memset(entropy, 0, sizeof(entropy));
 	memset(buf, 0, sizeof(buf));
+	arc4_seeded_ok = 1;
 	return 0;
 }
 #endif
@ -388,6 +389,7 @@ arc4_stir(void)
 	 */
 	for (i = 0; i < 12*256; i++)
 		(void)arc4_getbyte();
+
 	arc4_count = BYTES_BEFORE_RESEED;

 	return 0;
--- a/include/event2/util.h
+++ b/include/event2/util.h
@ -677,9 +677,12 @@ const char *evutil_gai_strerror(int err);

 /** Generate n bytes of secure pseudorandom data, and store them in buf.
 *
- * By default, Libevent uses an ARC4-based random number generator, seeded
- * using the platform's entropy source (/dev/urandom on Unix-like systems;
- * CryptGenRandom on Windows).
+ * Current versions of Libevent use an ARC4-based random number generator,
+ * seeded using the platform's entropy source (/dev/urandom on Unix-like
+ * systems; CryptGenRandom on Windows).  This is not actually as secure as it
+ * should be: ARC4 is a pretty lousy cipher, and the current implementation
+ * provides only rudimentary prediction- and backtracking-resistance.  Don't
+ * use this for serious cryptographic applications.
 */
 void evutil_secure_rng_get_bytes(void *buf, size_t n);