Catch up with all the lint warnings since exit on warning was disabled.
Disable 'missing header declaration' and 'nested extern' warnings for now.

lib: remove CONSTCOND comment

Since 2021-01-31, lint doesn't need it anymore for the common pattern of
'do ... while (0)'.

lint is not smart enough to figure out that ilog2() is constant.

branches: 1.31.16;
KNF

Missing MAP_PRIVATE on mmap

Remove #ifdef MAP_INHERIT_ZERO.

This is essential for fork-safety, so don't merely #warn about it.
Attaining fork-safety without it requires restructuring things -- in
particular, there's no clear way to make it per-thread and fork-safe
without some global list of states to zero on fork.

Use ChaCha20 here as advertised, not ChaCha8.

Oops.

Fortunately, there is no public cryptanalysis even of ChaCha8: the
best published attack is on ChaCha7 with time complexity 2^248.

Fix non _REENTRANT build.

Rewrite arc4random(3) with ChaCha20-based PRNG and per-thread state.

Explain the security model in the man page.

No more RC4!

XXX pullup to netbsd-6, netbsd-5

branches: 1.25.2;
Document that our use of pthread_mutex_unlock(3) is async-signal-safe
and as such can be used in a phtread_atfork(3) child handler.

fix missing backslash in previous

Wrap complex macros in do { ... } while (0). Also replace the magic
number 1600000 with a macro.

Re-stir after forking, fixes PR lib/25367.
Re-stir after consuming 1600000 bytes, fixes PR lib/45952.

branches: 1.21.2;
remove always inline because new gcc bitches.

branches: 1.20.2;
I'm fairly sure the libc rules require that arc4random_addrandom,
arc4random_buf, arc4random_stir and arc4random_uniform be weak.

arc4 is a random number sequence, there is no point using its own
output values to determine a number of output values to skip.
Skipping values on any possibly random event might be worth while, as
might using the keying algorithm to stir in a possibly random value.

Since 'rs' is statically initialised (not bss) its s[] might as well be
compile-time initialised as well.
arc4_init) is the same as arc4_stir().
Initialise rs.i to 0xff (not 0) so that the first key byte is processed
with rs.i == 0 without the splurios rs.i-- in arc4_addrandom().
Remove the assignment rs.j = rs.i at the end of arc4_addrandom(), it isn't
necessary and I can see no justificationm for it.
Replace RSIZE with __arraycount(as->s), however it is manifestly 256 (more
correctly the number of values in rs.i and rs.j).

cache rs.i and rs.j in arc4random_buf() since the compiler can't be
told that buf[] dosn't alias them.
Reduces the number of instructions inside the loop.
All the other functions are ok.

Change the logic used for thread locking to make the code more readable.
The effect on the object code is to replace a function call with a
branch that will predict correctly in the non-threaded case.
Minor optimise of some other paths.

Use an inline function to check for initialisation, and an non-inlined
one to do the actual initialise.
Fixes lib/46751 by removing all the replicated tests in each function.

Make this compile with the compiler I'm using.
Move variable defs to top of function.
Don't use const static mib[] - run time initialisation won't matter,
and not using static data may actually help in a .so.

misc cleanups:
- const for mibs
- #define for magic constants
- casts

Fix bug in previous: don't reinitialize on every call! Fix arc4random_buf so it actually ever initializes -- a security problem with revisions 1.9 and 1.10.

Make arc4random far less greedy for entropy. Make arc4random actually
implement arc4 when used by threaded programs.

branches: 1.10.4; 1.10.6;
add arc4random_{buf,uniform}, from OpenBSD.

branches: 1.9.40;
Remove leading __ from __(const|inline|signed|volatile) -- it is obsolete.

Add missing __RCSID()

A little libc namespace housekeeping exercise:
* Make vfprintf_unlocked() an internal function, c.f. __svfscanf_unlocked().
* Add internal names for arc4random(), endnetpath(), fhstatvfs(),
fstatvfs(), mkstemp(), shquote(), statvfs(), taddr2uaddr(), uaddr2taddr(),
uuid_create_nil(), uuid_is_nil(), and wcwidth().
* Include namespace.h where supposed to.

Declare rs_initialized static.

branches: 1.5.2;
Fix signed/unsigned comparison warnings.

use sysctl(kern.urandom) if /dev/urandom is not present (like chroot jail)

branches: 1.3.2;
discard first 256 words when we stir.

/dev/arandom does not exist in netbsd. use /dev/urandom.

add arc4random(3). from openbsd

lib: remove CONSTCOND comment

Since 2021-01-31, lint doesn't need it anymore for the common pattern of
'do ... while (0)'.

lint is not smart enough to figure out that ilog2() is constant.

branches: 1.31.16;
KNF

Missing MAP_PRIVATE on mmap

Remove #ifdef MAP_INHERIT_ZERO.

This is essential for fork-safety, so don't merely #warn about it.
Attaining fork-safety without it requires restructuring things -- in
particular, there's no clear way to make it per-thread and fork-safe
without some global list of states to zero on fork.

Use ChaCha20 here as advertised, not ChaCha8.

Oops.

Fortunately, there is no public cryptanalysis even of ChaCha8: the
best published attack is on ChaCha7 with time complexity 2^248.

Fix non _REENTRANT build.

Rewrite arc4random(3) with ChaCha20-based PRNG and per-thread state.

Explain the security model in the man page.

No more RC4!

XXX pullup to netbsd-6, netbsd-5

branches: 1.25.2;
Document that our use of pthread_mutex_unlock(3) is async-signal-safe
and as such can be used in a phtread_atfork(3) child handler.

fix missing backslash in previous

Wrap complex macros in do { ... } while (0). Also replace the magic
number 1600000 with a macro.

Re-stir after forking, fixes PR lib/25367.
Re-stir after consuming 1600000 bytes, fixes PR lib/45952.

branches: 1.21.2;
remove always inline because new gcc bitches.

branches: 1.20.2;
I'm fairly sure the libc rules require that arc4random_addrandom,
arc4random_buf, arc4random_stir and arc4random_uniform be weak.

arc4 is a random number sequence, there is no point using its own
output values to determine a number of output values to skip.
Skipping values on any possibly random event might be worth while, as
might using the keying algorithm to stir in a possibly random value.

Since 'rs' is statically initialised (not bss) its s[] might as well be
compile-time initialised as well.
arc4_init) is the same as arc4_stir().
Initialise rs.i to 0xff (not 0) so that the first key byte is processed
with rs.i == 0 without the splurios rs.i-- in arc4_addrandom().
Remove the assignment rs.j = rs.i at the end of arc4_addrandom(), it isn't
necessary and I can see no justificationm for it.
Replace RSIZE with __arraycount(as->s), however it is manifestly 256 (more
correctly the number of values in rs.i and rs.j).

cache rs.i and rs.j in arc4random_buf() since the compiler can't be
told that buf[] dosn't alias them.
Reduces the number of instructions inside the loop.
All the other functions are ok.

Change the logic used for thread locking to make the code more readable.
The effect on the object code is to replace a function call with a
branch that will predict correctly in the non-threaded case.
Minor optimise of some other paths.

Use an inline function to check for initialisation, and an non-inlined
one to do the actual initialise.
Fixes lib/46751 by removing all the replicated tests in each function.

Make this compile with the compiler I'm using.
Move variable defs to top of function.
Don't use const static mib[] - run time initialisation won't matter,
and not using static data may actually help in a .so.

misc cleanups:
- const for mibs
- #define for magic constants
- casts

Fix bug in previous: don't reinitialize on every call! Fix arc4random_buf so it actually ever initializes -- a security problem with revisions 1.9 and 1.10.

Make arc4random far less greedy for entropy. Make arc4random actually
implement arc4 when used by threaded programs.

branches: 1.10.4; 1.10.6;
add arc4random_{buf,uniform}, from OpenBSD.

branches: 1.9.40;
Remove leading __ from __(const|inline|signed|volatile) -- it is obsolete.

Add missing __RCSID()

A little libc namespace housekeeping exercise:
* Make vfprintf_unlocked() an internal function, c.f. __svfscanf_unlocked().
* Add internal names for arc4random(), endnetpath(), fhstatvfs(),
fstatvfs(), mkstemp(), shquote(), statvfs(), taddr2uaddr(), uaddr2taddr(),
uuid_create_nil(), uuid_is_nil(), and wcwidth().
* Include namespace.h where supposed to.

Declare rs_initialized static.

branches: 1.5.2;
Fix signed/unsigned comparison warnings.

use sysctl(kern.urandom) if /dev/urandom is not present (like chroot jail)

branches: 1.3.2;
discard first 256 words when we stir.

/dev/arandom does not exist in netbsd. use /dev/urandom.

add arc4random(3). from openbsd

lint is not smart enough to figure out that ilog2() is constant.

KNF

Missing MAP_PRIVATE on mmap

Remove #ifdef MAP_INHERIT_ZERO.

This is essential for fork-safety, so don't merely #warn about it.
Attaining fork-safety without it requires restructuring things -- in
particular, there's no clear way to make it per-thread and fork-safe
without some global list of states to zero on fork.

Use ChaCha20 here as advertised, not ChaCha8.

Oops.

Fortunately, there is no public cryptanalysis even of ChaCha8: the
best published attack is on ChaCha7 with time complexity 2^248.

Fix non _REENTRANT build.

Rewrite arc4random(3) with ChaCha20-based PRNG and per-thread state.

Explain the security model in the man page.

No more RC4!

XXX pullup to netbsd-6, netbsd-5

branches: 1.25.2;
Document that our use of pthread_mutex_unlock(3) is async-signal-safe
and as such can be used in a phtread_atfork(3) child handler.

fix missing backslash in previous

Wrap complex macros in do { ... } while (0). Also replace the magic
number 1600000 with a macro.

Re-stir after forking, fixes PR lib/25367.
Re-stir after consuming 1600000 bytes, fixes PR lib/45952.

branches: 1.21.2;
remove always inline because new gcc bitches.

branches: 1.20.2;
I'm fairly sure the libc rules require that arc4random_addrandom,
arc4random_buf, arc4random_stir and arc4random_uniform be weak.

arc4 is a random number sequence, there is no point using its own
output values to determine a number of output values to skip.
Skipping values on any possibly random event might be worth while, as
might using the keying algorithm to stir in a possibly random value.

Since 'rs' is statically initialised (not bss) its s[] might as well be
compile-time initialised as well.
arc4_init) is the same as arc4_stir().
Initialise rs.i to 0xff (not 0) so that the first key byte is processed
with rs.i == 0 without the splurios rs.i-- in arc4_addrandom().
Remove the assignment rs.j = rs.i at the end of arc4_addrandom(), it isn't
necessary and I can see no justificationm for it.
Replace RSIZE with __arraycount(as->s), however it is manifestly 256 (more
correctly the number of values in rs.i and rs.j).

cache rs.i and rs.j in arc4random_buf() since the compiler can't be
told that buf[] dosn't alias them.
Reduces the number of instructions inside the loop.
All the other functions are ok.

Change the logic used for thread locking to make the code more readable.
The effect on the object code is to replace a function call with a
branch that will predict correctly in the non-threaded case.
Minor optimise of some other paths.

Use an inline function to check for initialisation, and an non-inlined
one to do the actual initialise.
Fixes lib/46751 by removing all the replicated tests in each function.

Make this compile with the compiler I'm using.
Move variable defs to top of function.
Don't use const static mib[] - run time initialisation won't matter,
and not using static data may actually help in a .so.

misc cleanups:
- const for mibs
- #define for magic constants
- casts

Fix bug in previous: don't reinitialize on every call! Fix arc4random_buf so it actually ever initializes -- a security problem with revisions 1.9 and 1.10.

Make arc4random far less greedy for entropy. Make arc4random actually
implement arc4 when used by threaded programs.

branches: 1.10.4; 1.10.6;
add arc4random_{buf,uniform}, from OpenBSD.

branches: 1.9.40;
Remove leading __ from __(const|inline|signed|volatile) -- it is obsolete.

Add missing __RCSID()

A little libc namespace housekeeping exercise:
* Make vfprintf_unlocked() an internal function, c.f. __svfscanf_unlocked().
* Add internal names for arc4random(), endnetpath(), fhstatvfs(),
fstatvfs(), mkstemp(), shquote(), statvfs(), taddr2uaddr(), uaddr2taddr(),
uuid_create_nil(), uuid_is_nil(), and wcwidth().
* Include namespace.h where supposed to.

Declare rs_initialized static.

branches: 1.5.2;
Fix signed/unsigned comparison warnings.

use sysctl(kern.urandom) if /dev/urandom is not present (like chroot jail)

branches: 1.3.2;
discard first 256 words when we stir.

/dev/arandom does not exist in netbsd. use /dev/urandom.

add arc4random(3). from openbsd

KNF

Missing MAP_PRIVATE on mmap

Remove #ifdef MAP_INHERIT_ZERO.

This is essential for fork-safety, so don't merely #warn about it.
Attaining fork-safety without it requires restructuring things -- in
particular, there's no clear way to make it per-thread and fork-safe
without some global list of states to zero on fork.

Use ChaCha20 here as advertised, not ChaCha8.

Oops.

Fortunately, there is no public cryptanalysis even of ChaCha8: the
best published attack is on ChaCha7 with time complexity 2^248.

Fix non _REENTRANT build.

Rewrite arc4random(3) with ChaCha20-based PRNG and per-thread state.

Explain the security model in the man page.

No more RC4!

XXX pullup to netbsd-6, netbsd-5

branches: 1.25.2;
Document that our use of pthread_mutex_unlock(3) is async-signal-safe
and as such can be used in a phtread_atfork(3) child handler.

fix missing backslash in previous

Wrap complex macros in do { ... } while (0). Also replace the magic
number 1600000 with a macro.

Re-stir after forking, fixes PR lib/25367.
Re-stir after consuming 1600000 bytes, fixes PR lib/45952.

branches: 1.21.2;
remove always inline because new gcc bitches.

branches: 1.20.2;
I'm fairly sure the libc rules require that arc4random_addrandom,
arc4random_buf, arc4random_stir and arc4random_uniform be weak.

arc4 is a random number sequence, there is no point using its own
output values to determine a number of output values to skip.
Skipping values on any possibly random event might be worth while, as
might using the keying algorithm to stir in a possibly random value.

Since 'rs' is statically initialised (not bss) its s[] might as well be
compile-time initialised as well.
arc4_init) is the same as arc4_stir().
Initialise rs.i to 0xff (not 0) so that the first key byte is processed
with rs.i == 0 without the splurios rs.i-- in arc4_addrandom().
Remove the assignment rs.j = rs.i at the end of arc4_addrandom(), it isn't
necessary and I can see no justificationm for it.
Replace RSIZE with __arraycount(as->s), however it is manifestly 256 (more
correctly the number of values in rs.i and rs.j).

cache rs.i and rs.j in arc4random_buf() since the compiler can't be
told that buf[] dosn't alias them.
Reduces the number of instructions inside the loop.
All the other functions are ok.

Change the logic used for thread locking to make the code more readable.
The effect on the object code is to replace a function call with a
branch that will predict correctly in the non-threaded case.
Minor optimise of some other paths.

Use an inline function to check for initialisation, and an non-inlined
one to do the actual initialise.
Fixes lib/46751 by removing all the replicated tests in each function.

Make this compile with the compiler I'm using.
Move variable defs to top of function.
Don't use const static mib[] - run time initialisation won't matter,
and not using static data may actually help in a .so.

misc cleanups:
- const for mibs
- #define for magic constants
- casts

Fix bug in previous: don't reinitialize on every call! Fix arc4random_buf so it actually ever initializes -- a security problem with revisions 1.9 and 1.10.

Make arc4random far less greedy for entropy. Make arc4random actually
implement arc4 when used by threaded programs.

branches: 1.10.4; 1.10.6;
add arc4random_{buf,uniform}, from OpenBSD.

branches: 1.9.40;
Remove leading __ from __(const|inline|signed|volatile) -- it is obsolete.

Add missing __RCSID()

A little libc namespace housekeeping exercise:
* Make vfprintf_unlocked() an internal function, c.f. __svfscanf_unlocked().
* Add internal names for arc4random(), endnetpath(), fhstatvfs(),
fstatvfs(), mkstemp(), shquote(), statvfs(), taddr2uaddr(), uaddr2taddr(),
uuid_create_nil(), uuid_is_nil(), and wcwidth().
* Include namespace.h where supposed to.

Declare rs_initialized static.

branches: 1.5.2;
Fix signed/unsigned comparison warnings.

use sysctl(kern.urandom) if /dev/urandom is not present (like chroot jail)

branches: 1.3.2;
discard first 256 words when we stir.

/dev/arandom does not exist in netbsd. use /dev/urandom.

add arc4random(3). from openbsd