Add SM2

src/lib/libc/crypt/Makefile.inc

@@ -1,14 +1,8 @@
-#	$OpenBSD: Makefile.inc,v 1.13 1999/11/17 05:22:36 millert Exp $
+#	$OpenBSD: Makefile.inc,v 1.27 2016/03/30 06:38:41 jmc Exp $
 
-.PATH: ${LIBCSRCDIR}/arch/${MACHINE_ARCH}/crypt ${LIBCSRCDIR}/crypt
+.PATH: ${LIBCSRCDIR}/arch/${MACHINE_CPU}/crypt ${LIBCSRCDIR}/crypt
 
-SRCS+=	cast.c crypt.c morecrypt.c md5crypt.c arc4random.c blowfish.c
-SRCS+=  bcrypt.c skipjack.c
+SRCS+=	crypt.c cryptutil.c arc4random.c arc4random_uniform.c \
+	blowfish.c bcrypt.c
 
-MAN+=	crypt.3 blowfish.3 arc4random.3
-MLINKS+=crypt.3 encrypt.3 crypt.3 setkey.3 crypt.3 des_cipher.3
-MLINKS+=crypt.3 des_setkey.3 blowfish.3 blf_key.3 blowfish.3 blf_enc.3
-MLINKS+=blowfish.3 blf_dec.3 blowfish.3 blf_ecb_encrypt.3
-MLINKS+=blowfish.3 blf_ecb_decrypt.3 blowfish.3 blf_cbc_encrypt.3
-MLINKS+=blowfish.3 blf_cbc_decrypt.3
-MLINKS+=arc4random.3 arc4random_stir.3 arc4random.3 arc4random_addrandom.3
+MAN+=	crypt.3 crypt_checkpass.3 blowfish.3 arc4random.3

src/lib/libc/crypt/arc4random.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: arc4random.3,v 1.17 2000/12/21 14:07:41 aaron Exp $
+.\" $OpenBSD: arc4random.3,v 1.35 2014/11/25 16:45:24 millert Exp $
 .\"
 .\" Copyright 1997 Niels Provos <[email protected]>
 .\" All rights reserved.
@@ -30,81 +30,85 @@
 .\"
 .\" Manual page, using -mandoc macros
 .\"
-.Dd April 15, 1997
+.Dd $Mdocdate: November 25 2014 $
 .Dt ARC4RANDOM 3
 .Os
 .Sh NAME
 .Nm arc4random ,
-.Nm arc4random_stir ,
-.Nm arc4random_addrandom
-.Nd arc4 random number generator
+.Nm arc4random_buf ,
+.Nm arc4random_uniform
+.Nd random number generator
 .Sh SYNOPSIS
-.Fd #include <stdlib.h>
-.Ft u_int32_t
+.In stdlib.h
+.Ft uint32_t
 .Fn arc4random "void"
 .Ft void
-.Fn arc4random_stir "void"
-.Ft void
-.Fn arc4random_addrandom "u_char *dat" "int datlen"
+.Fn arc4random_buf "void *buf" "size_t nbytes"
+.Ft uint32_t
+.Fn arc4random_uniform "uint32_t upper_bound"
 .Sh DESCRIPTION
-The
-.Fn arc4random
-function provides a high quality 32-bit pseudo-random
-number very quickly.
-.Fn arc4random
-seeds itself on a regular basis from the kernel strong random number
-subsystem described in
-.Xr random 4 .
-On each call, an ARC4 generator is used to generate a new result.
-The
-.Fn arc4random
-function uses the ARC4 cipher key stream generator,
-which uses 8*8 8 bit S-Boxes.
-The S-Boxes can be in about (2**1700) states.
-.Pp
-.Fn arc4random
-fits into a middle ground not covered by other subsystems such as
-the strong, slow, and resource expensive random
-devices described in
-.Xr random 4
-versus the fast but poor quality interfaces described in
+This family of functions provides higher quality data than those
+described in
 .Xr rand 3 ,
 .Xr random 3 ,
 and
-.Xr drand48 3 .
+.Xr rand48 3 .
 .Pp
-The
-.Fn arc4random_stir
-function reads data from
-.Pa /dev/arandom
-and uses it to permute the S-Boxes via
-.Fn arc4random_addrandom .
+Use of these functions is encouraged for almost all random number
+consumption because the other interfaces are deficient in either
+quality, portability, standardization, or availability.
+These functions can be called in almost all coding environments,
+including
+.Xr pthreads 3
+and
+.Xr chroot 2 .
 .Pp
-There is no need to call
-.Fn arc4random_stir
-before using
-.Fn arc4random ,
-since
+High quality 32-bit pseudo-random numbers are generated very quickly.
+On each call, a cryptographic pseudo-random number generator is used
+to generate a new result.
+One data pool is used for all consumers in a process, so that consumption
+under program flow can act as additional stirring.
+The subsystem is re-seeded from the kernel random number subsystem using
+.Xr getentropy 2
+on a regular basis, and also upon
+.Xr fork 2 .
+.Pp
+The
 .Fn arc4random
-automatically initializes itself.
+function returns a single 32-bit value.
+.Pp
+.Fn arc4random_buf
+fills the region
+.Fa buf
+of length
+.Fa nbytes
+with random data.
+.Pp
+.Fn arc4random_uniform
+will return a single 32-bit value, uniformly distributed but less than
+.Fa upper_bound .
+This is recommended over constructions like
+.Dq Li arc4random() % upper_bound
+as it avoids "modulo bias" when the upper bound is not a power of two.
+In the worst case, this function may consume multiple iterations
+to ensure uniformity; see the source code to understand the problem
+and solution.
+.Sh RETURN VALUES
+These functions are always successful, and no return value is
+reserved to indicate an error.
 .Sh SEE ALSO
 .Xr rand 3 ,
 .Xr rand48 3 ,
 .Xr random 3
 .Sh HISTORY
-An algorithm called
-.Pa RC4
-was designed by RSA Data Security, Inc.
-It was considered a trade secret, but not trademarked.
-Because it was a trade secret, it obviously could not be patented.
-A clone of this was posted anonymously to USENET and confirmed to
-be equivalent by several sources who had access to the original cipher.
-Because of the trade secret situation, RSA Data Security, Inc. can do
-nothing about the release of the ARC4 algorithm.
-Since
-.Pa RC4
-used to be a trade secret, the cipher is now referred to as
-.Pa ARC4 .
-.Pp
 These functions first appeared in
 .Ox 2.1 .
+.Pp
+The original version of this random number generator used the
+RC4 (also known as ARC4) algorithm.
+In
+.Ox 5.5
+it was replaced with the ChaCha20 cipher, and it may be replaced
+again in the future as cryptographic techniques advance.
+A good mnemonic is
+.Dq A Replacement Call for Random .