From 8090f47ae2d60f7965fd9d5081cf77b0de83969a Mon Sep 17 00:00:00 2001
From: Dana Jacobsen <dana@acm.org>
Date: Wed, 6 Sep 2017 07:49:37 -0700
Subject: [PATCH] Fallback entropy using timers

---
 TODO      |  2 --
 XS.xs     | 16 ++++------------
 entropy.c | 49 +++++++++++++++++++++++++++++++++++--------------
 3 files changed, 39 insertions(+), 28 deletions(-)

diff --git a/TODO b/TODO
index 4d4c69b4..a0bc03bc 100644
--- a/TODO
+++ b/TODO
@@ -132,5 +132,3 @@
 - compare wheel_t with primes separated and possibly cached.
 
 - Ensure 'secure' is secure.
-
-- csrand contexts so fallback get entroy bytes can work properly.
diff --git a/XS.xs b/XS.xs
index e6136581..199bde4e 100644
--- a/XS.xs
+++ b/XS.xs
@@ -92,11 +92,6 @@
 #  define FIX_MULTICALL_REFCOUNT
 #endif
 
-#if (PERL_REVISION <= 5 && PERL_VERSION < 8)
-#  include <time.h>
-#  define Perl_seed(pTHX) ((U32)time(NULL))
-#endif
-
 #ifndef CvISXSUB
 #  define CvISXSUB(cv) CvXSUB(cv)
 #endif
@@ -397,13 +392,10 @@ void csrand(IN SV* seed = 0)
 
 UV srand(IN UV seedval = 0)
   CODE:
-   if (_XS_get_secure())
-     croak("secure option set, manual seeding disabled");
-   if (items == 0) {
-      unsigned char buf[8];
-      get_entropy_bytes(sizeof(UV), buf);
-      memcpy( &seedval, buf, sizeof(UV));
-    }
+    if (_XS_get_secure())
+      croak("secure option set, manual seeding disabled");
+    if (items == 0)
+      get_entropy_bytes(sizeof(UV), (unsigned char*) &seedval);
     csprng_srand(seedval);
     RETVAL = seedval;
   OUTPUT:
diff --git a/entropy.c b/entropy.c
index c425ed59..c7052c0f 100644
--- a/entropy.c
+++ b/entropy.c
@@ -1,6 +1,38 @@
 #include <stdio.h>
 #include "entropy.h"
 
+/* A fallback timer entropy method that will probably never be used. */
+#if defined(_WIN32_WCE)
+static UV timer_entropy(UV bytes, unsigned char* buf) { return 0; }
+#else
+#include <time.h>
+static uint32_t mix32(uint32_t r0) {   /* Similar to PCG 32 */
+  uint32_t word = ((r0 >> ((r0 >> 28u) + 4u)) ^ r0) * 277803737u;
+  return (word >> 22u) ^ word;
+}
+static uint32_t timer_mix8(uint32_t acc) {
+  clock_t t1;
+  uint32_t bit, a;
+  for (bit = a = 0; bit < 8; bit++) {
+    t1 = clock(); while (t1 == clock()) a ^= 1;
+    acc = (acc << 1) | a;
+  }
+  return mix32(acc);
+}
+static UV timer_entropy(UV bytes, unsigned char* buf) {
+  UV byte;
+  uint32_t acc = 0;
+
+  for (byte = 0; byte < 4; byte++)
+    acc = timer_mix8(acc);
+  for (byte = 0; byte < bytes; byte++) {
+    acc = timer_mix8( timer_mix8( acc ) );
+    buf[byte] = (acc >> 24) & 0xFF;
+  }
+  return bytes;
+}
+#endif
+
 UV get_entropy_bytes(UV bytes, unsigned char* buf)
 {
   UV len = 0;
@@ -47,20 +79,9 @@ UV get_entropy_bytes(UV bytes, unsigned char* buf)
 
 #endif
 
-  if (len == bytes)  return len;
+  /* Do a fallback method if something didn't work right. */
+  if (len != bytes)
+    len = timer_entropy(bytes, buf);
 
-  /* Something didn't work.  Do a fallback method. */
-
-  /* TODO: Something better here.
-   *   1. Get a decent seed, maybe some Perl_seed values
-   *   2. Get a private CSPRNG context, seed with above
-   *   3. Full buf from csprng
-   *   4. destroy csprng context
-   */
-  while (len < bytes) {
-    uint32_t i, s = Perl_seed();   /* TODO Perl 5.6 */
-    for (i = 0; i < 4 && len < bytes; i++)
-      buf[len++] = (s >> (8*i)) & 0xFF;
-  }
   return len;
 }