[v1.1] New feature: SRANDOM with upper bound option

This adds SRANDOM, a secure random number generator similar to
SRANDOM on bash 5.1+. It uses the OS implementation of
arc4random(3) or, absent that, an integrated version that uses
Daniel J. Bernstein's ChaCha20 cipher, which I've ported to libast
from the OpenSSH distribution, which ported it from OpenBSD.[*1]

This cryptographically secure generator is seeded using
getentropy(2), getandom(2), /dev/urandom, or /dev/random.

A feature the bash version doesn't have is that an upper bound can
be set by assigning its value to SRANDOM; subsequent numbers will
then be uniformly distributed between 0 and the value of the upper
bound minus one, in a way that avoids "modulo bias" if the upper
bound is not a power of two.[*2]

src/lib/libast/comp/arc4random.c,
src/lib/libast/comp/chacha_private.h,
src/lib/libast/features/random:
- Add arc4random and ChaCha20, ported to libast.[*1]

src/lib/libast/Mamfile:
- Make it all build. (See README-mamake.md for info)
- Copy the result of features/random to the install root (arch/*/)
  as ast_random.h for ksh to include.

src/lib/libast/features/api:
- API version bump to 20240121 due to above change.

src/cmd/ksh93/include/variables.h
src/cmd/ksh93/data/variables.c,
- Add SRANDNOD ("SRANDOM") built-in variable node.

src/cmd/ksh93/sh/init.c:
- sh_reseed_rand(): Now that we have arc4random() we might as well
  use it to reseed $RANDOM, simplifying this function as well as
  increasing the quality of the reseeding. Of course this still
  does not make $RANDOM actually random. (re: af6a32d)
- Add discipline for SRANDOM: SRAND_init/SRAND_disc, set up to
  automatically call put_srand(), nget_srand() and get_srand()
  for assigning, arithmetic retrieval and text retrieval.
- A global static srand_upper_bound variable remembers the upper
  bound; a value of zero (the default for static vars) deactivates
  it. When it is non-zero, arc4random_uniform() is called instead
  of arc4random(), avoiding modulo bias.

[*1] https://github.com/openssh/openssh-portable/blob/master/openbsd-compat/arc4random.c
     https://github.com/openssh/openssh-portable/blob/master/openbsd-compat/arc4random.h
     https://github.com/openssh/openssh-portable/blob/master/openbsd-compat/arc4random_uniform.c
     https://github.com/openssh/openssh-portable/blob/master/openbsd-compat/chacha_private.h
[*2] https://research.kudelskisecurity.com/2020/07/28/the-definitive-guide-to-modulo-bias-and-how-to-avoid-it/

ANNOUNCE

@@ -13,3 +13,11 @@ New features in shell options:
   (those with a syntax involving parentheses) from fields resulting from
   field splitting (e.g., unquoted variables as command arguments). This
   remains disabled by default for compatibility with POSIX and ksh88.
+
+New features in shell variables:
+
+- SRANDOM is a secure random number generator. It uses the OS implementation
+  of arc4random(3) or, absent that, an integrated OpenBSD-based version that
+  uses the ChaCha20 cipher. An upper bound can be set by assigning its value
+  to SRANDOM; subsequent numbers will be uniformly distributed between 0 and
+  the value of the upper bound minus one, in a way that avoids "modulo bias".

COPYRIGHT

@@ -141,3 +141,24 @@ bsd package general copyright notice
 #                               Bill Joy                               #
 #                                                                      #
 ########################################################################
+
+OpenBSD License (arc4random.c, arc4random.h):
+
+/*
+ * Copyright (c) 1996, David Mazieres <[email protected]>
+ * Copyright (c) 2008, Damien Miller <[email protected]>
+ * Copyright (c) 2013, Markus Friedl <[email protected]>
+ * Copyright (c) 2014, Theo de Raadt <[email protected]>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */

NEWS

@@ -4,6 +4,13 @@ Uppercase BUG_* IDs are shell bug IDs as used by the Modernish shell library.
 
 2024-01-21:
 
+- [v1.1] New feature added: SRANDOM is a secure random number generator.
+  It uses the native OS implementation of arc4random(3) or, absent that, an
+  integrated OpenBSD-based version that uses the ChaCha20 cipher. An upper
+  bound can be set by assigning its value to SRANDOM; subsequent numbers will
+  be uniformly distributed between 0 and the value of the upper bound minus
+  one, in a way that avoids "modulo bias". Assigning 0 restores default mode.
+
 - A bug was fixed that caused both the 'set' and 'get'/'getn' discipline
   functions of a variable to be triggered when performing an assignment in
   an arithmetic expression; only the 'set' discipline is now triggered when

src/cmd/ksh93/Mamfile

@@ -779,6 +779,7 @@ make install
 					prev include/fault.h
 					prev include/path.h
 					prev include/variables.h
+					prev ${PACKAGE_ast_INCLUDE}/ast_random.h
 					prev ${PACKAGE_ast_INCLUDE}/regex.h
 					prev ${PACKAGE_ast_INCLUDE}/tmx.h
 					prev ${PACKAGE_ast_INCLUDE}/ccode.h

src/cmd/ksh93/data/variables.c

@@ -102,6 +102,7 @@ const struct shtable2 shtab_variables[] =
 	".sh.ppid",	NV_PID|NV_NOFREE,		NULL,
 	".sh.tilde",	0,				NULL,
 	"SHLVL",	NV_INTEGER|NV_NOFREE|NV_EXPORT,	NULL,
+	"SRANDOM",	NV_NOFREE|NV_INTEGER|NV_UNSIGN,	NULL,
 	"",	0,					NULL
 };
 

src/cmd/ksh93/include/variables.h

@@ -111,5 +111,6 @@ extern void sh_save_rand_seed(struct rand *, int);
 #define SH_PPIDNOD	(sh.bltin_nodes+63)
 #define SH_TILDENOD	(sh.bltin_nodes+64)
 #define SHLVL		(sh.bltin_nodes+65)
+#define SRANDNOD	(sh.bltin_nodes+66)
 
 #endif /* SH_VALNOD */

src/cmd/ksh93/sh.1

@@ -1950,6 +1950,9 @@ a numeric seed value to
 Each time a new shell or subshell environment is entered (see
 .I Subshells\^
 above), the sequence is automatically reset to a different point.
+If true randomness is required,
+.B SRANDOM
+should be used instead.
 .TP
 .B
 .SM REPLY
@@ -1977,6 +1980,25 @@ If
 .B SHLVL
 is not in the environment when the shell is invoked, it is set
 to 1.
+.TP
+.B
+.SM SRANDOM
+Each time this variable is referenced, a securely random integer
+between 0 and 4294967295 (the 32-bit unsigned integer range) is generated.
+By default, each random number is obtained
+from the native OS implementation of
+.IR arc4random (3)
+or, absent that, an integrated OpenBSD-based version
+that uses the ChaCha20 cipher.
+The sequence of random numbers is not reproducible.
+The generator is automatically initialized using various sources of entropy.
+An upper bound can be set by assigning its value to
+.BR SRANDOM ;
+subsequent numbers will then be obtained using
+.IR arc4random_uniform (3),
+which means that they will be uniformly distributed between 0 and the
+value of the upper bound minus one, in a way that avoids "modulo bias".
+Assigning a value of 0 restores default operation.
 .PD
 .RE
 .PP
@@ -9037,6 +9059,7 @@ Unsetting
 .BR OPTIND ,
 .BR RANDOM ,
 .BR SECONDS ,
+.BR SRANDOM ,
 .BR TMOUT ,
 and
 .SM
@@ -9438,6 +9461,7 @@ The null device.
 .IR strftime (3),
 .IR wctrans (3),
 .IR rand (3),
+.IR arc4random (3),
 .IR a.out (5),
 .IR profile (5),
 .IR environ (7).

src/cmd/ksh93/sh/init.c

@@ -34,6 +34,7 @@
 #include        <tmx.h>
 #include        <regex.h>
 #include	<math.h>
+#include	<ast_random.h>
 #include        "variables.h"
 #include        "path.h"
 #include        "fault.h"
@@ -202,6 +203,7 @@ typedef struct _init_
 	Namfun_t	OPTINDEX_init;
 	Namfun_t	SECONDS_init;
 	struct rand	RAND_init;
+	Namfun_t	SRAND_init;
 	Namfun_t	LINENO_init;
 	Namfun_t	L_ARG_init;
 	Namfun_t	SH_VERSION_init;
@@ -716,15 +718,42 @@ static char* get_rand(Namval_t* np, Namfun_t *fp)
 
 void sh_reseed_rand(struct rand *rp)
 {
-	struct tms		tp;
-	unsigned int		time;
-	static unsigned int	seq;
-	timeofday(&tp);
-	time = (unsigned int)remainder(dtime(&tp) * 10000.0, (double)UINT_MAX);
-	srand(rp->rand_seed = (unsigned int)sh.current_pid ^ time ^ ++seq);
+	srand(rp->rand_seed = arc4random());
 	rp->rand_last = -1;
 }
 
+/*
+ * The following three functions are for SRANDOM
+ */
+static uint32_t srand_upper_bound;
+
+static void put_srand(Namval_t* np,const char *val,int flags,Namfun_t *fp)
+{
+	if(!val)  /* unset */
+	{
+		fp = nv_stack(np, NULL);
+		if(fp && !fp->nofree)
+			free(fp);
+		_nv_unset(np,NV_RDONLY);
+		return;
+	}
+	if(flags&NV_INTEGER)
+		srand_upper_bound = *(Sfdouble_t*)val;
+	else
+		srand_upper_bound = sh_arith(val);
+}
+
+static Sfdouble_t nget_srand(Namval_t* np, Namfun_t *fp)
+{
+	return (Sfdouble_t)(srand_upper_bound ? arc4random_uniform(srand_upper_bound) : arc4random());
+}
+
+static char* get_srand(Namval_t* np, Namfun_t *fp)
+{
+	intmax_t n = (intmax_t)(srand_upper_bound ? arc4random_uniform(srand_upper_bound) : arc4random());
+	return fmtbase(n, 10, 0);
+}
+
 /*
  * These three routines are for LINENO
  */
@@ -1025,6 +1054,7 @@ static const Namdisc_t HISTFILE_disc	= {  sizeof(Namfun_t), put_history };
 static const Namdisc_t OPTINDEX_disc	= {  sizeof(Namfun_t), put_optindex, 0, nget_optindex, 0, 0, clone_optindex };
 static const Namdisc_t SECONDS_disc	= {  sizeof(Namfun_t), put_seconds, get_seconds, nget_seconds };
 static const Namdisc_t RAND_disc	= {  sizeof(struct rand), put_rand, get_rand, nget_rand };
+static const Namdisc_t SRAND_disc	= {  sizeof(Namfun_t), put_srand, get_srand, nget_srand };
 static const Namdisc_t LINENO_disc	= {  sizeof(Namfun_t), put_lineno, get_lineno, nget_lineno };
 static const Namdisc_t L_ARG_disc	= {  sizeof(Namfun_t), put_lastarg, get_lastarg };
 
@@ -1837,6 +1867,8 @@ static Init_t *nv_init(void)
 	ip->SECONDS_init.nofree = 1;
 	ip->RAND_init.hdr.disc = &RAND_disc;
 	ip->RAND_init.hdr.nofree = 1;
+	ip->SRAND_init.disc = &SRAND_disc;
+	ip->SRAND_init.nofree = 1;
 	ip->SH_MATCH_init.hdr.disc = &SH_MATCH_disc;
 	ip->SH_MATCH_init.hdr.nofree = 1;
 	ip->SH_MATH_init.disc = &SH_MATH_disc;
@@ -1880,6 +1912,7 @@ static Init_t *nv_init(void)
 	nv_putval(SECONDS, (char*)&d, NV_DOUBLE);
 	nv_stack(RANDNOD, &ip->RAND_init.hdr);
 	nv_putval(RANDNOD, (char*)&d, NV_DOUBLE);
+	nv_stack(SRANDNOD, &ip->SRAND_init);
 	sh_invalidate_rand_seed();
 	nv_stack(LINENO, &ip->LINENO_init);
 	SH_MATCHNOD->nvfun =  &ip->SH_MATCH_init.hdr;

src/cmd/ksh93/tests/variables.sh

@@ -1123,7 +1123,7 @@ $SHELL -c '
 	PS2=$PS1 PS3=$PS1 PS4=$PS1 OPTARG=$PS1 IFS=$PS1 FPATH=$PS1 FIGNORE=$PS1
 	for var
 	do	case $var in
-		RANDOM | HISTCMD | _ | SECONDS | LINENO | JOBMAX | .sh.stats | .sh.match)
+		RANDOM | SRANDOM | HISTCMD | _ | SECONDS | LINENO | JOBMAX | .sh.stats | .sh.match)
 			# these are expected to fail below as their values change; just test against crashing
 			typeset -u "$var"
 			typeset -l "$var"
@@ -1615,5 +1615,32 @@ got=$(set +x; { "$SHELL" -c '
 	"(expected status 0, $(printf %q "$exp");" \
 	"got status $e$( ((e>128)) && print -n /SIG && kill -l "$e"), $(printf %q "$got"))"
 
+# ======
+got=${ typeset -p SRANDOM; }
+exp='typeset -u -i SRANDOM='
+[[ $got == "$exp"* ]] || err_exit "SRANDOM is the wrong type" \
+	"(expected match of $(printf %q "$exp")*, got $(printf %q "$got"))"
+
+case ${SRANDOM+s},${SRANDOM-} in
+, )	err_exit "SRANDOM not set" ;;
+s, | s,*[!0123456789]* )
+	err_exit "SRANDOM has an invalid value"  ;;
+s,* )	case $SRANDOM,$SRANDOM,$SRANDOM,$SRANDOM in
+	"$SRANDOM,$SRANDOM,$SRANDOM,$SRANDOM" )
+		err_exit "SRANDOM not working" ;;
+	esac ;;
+esac
+
+typeset -ui i=0 got=0 bound=100
+SRANDOM=bound
+for ((i=0; i<bound; i++))
+do	if	let "got = SRANDOM, got >= bound"
+	then	err_exit "SRANDOM upper bound not working ($got >= $bound)"
+		break
+	fi
+done
+unset i got bound
+SRANDOM=0
+
 # ======
 exit $((Errors<125?Errors:125))

src/lib/libast/Mamfile

@@ -2464,6 +2464,19 @@ make install
 				done comp/open.c
 				exec - ${CC} ${mam_cc_FLAGS} ${CCFLAGS} -I. -Icomp -Iinclude -Istd -c comp/open.c
 			done open.o generated
+			make arc4random.o
+				make comp/arc4random.c
+					prev comp/chacha_private.h
+					prev FEATURE/mmap
+					prev include/error.h
+					make FEATURE/random implicit
+						prev features/random
+						exec - iffe ${IFFEFLAGS} -v -X ast -X std -c "${CC} ${mam_cc_FLAGS} ${CCFLAGS} ${LDFLAGS}" run features/random
+					done FEATURE/random generated
+					prev include/ast.h
+				done comp/arc4random.c
+				exec - ${CC} ${mam_cc_FLAGS} ${CCFLAGS} -I. -Icomp -Iinclude -Istd -c comp/arc4random.c
+			done arc4random.o generated
 			make getdents.o
 				make dir/getdents.c
 					prev dir/dirlib.h
@@ -4310,7 +4323,7 @@ make install
 			exec - ${AR} rc libast.a state.o opendir.o readdir.o rewinddir.o seekdir.o telldir.o getcwd.o fastfind.o hashalloc.o hashdump.o hashfree.o hashlast.o hashlook.o hashscan.o hashsize.o hashview.o hashwalk.o memhash.o memsum.o strhash.o strkey.o strsum.o stracmp.o strnacmp.o ccmap.o ccmapid.o ccnative.o chresc.o chrtoi.o
 			exec - ${AR} rc libast.a streval.o strexpr.o strmatch.o strcopy.o modei.o modex.o strmode.o strlcat.o strlcpy.o strlook.o strncopy.o strsearch.o strpsearch.o stresc.o stropt.o strtape.o strpcmp.o strnpcmp.o strvcmp.o strnvcmp.o tok.o tokline.o tokscan.o pathaccess.o pathcat.o pathcanon.o pathcheck.o pathpath.o pathexists.o pathfind.o pathicase.o pathkey.o pathprobe.o pathrepl.o pathnative.o pathposix.o pathtemp.o pathtmp.o pathstat.o pathgetlink.o pathsetlink.o pathbin.o pathshell.o pathcd.o pathprog.o ftwalk.o ftwflags.o fts.o astintercept.o conformance.o getenv.o setenviron.o optget.o optjoin.o optesc.o optctx.o strsort.o struniq.o magic.o mime.o mimetype.o signal.o sigflag.o systrace.o error.o errorf.o errormsg.o errorx.o localeconv.o setlocale.o translate.o catopen.o iconv.o lc.o lctab.o mc.o base64.o recfmt.o recstr.o reclen.o fmtrec.o fmtbase.o fmtbuf.o fmtclock.o fmtdev.o fmtelapsed.o fmterror.o fmtesc.o fmtfmt.o fmtfs.o fmtident.o fmtint.o fmtip4.o fmtip6.o fmtls.o fmtmatch.o fmtmode.o fmtnum.o fmtperm.o fmtre.o fmttime.o
 			exec - ${AR} rc libast.a fmtuid.o fmtgid.o fmtsignal.o fmtscale.o fmttmx.o fmttv.o fmtversion.o strelapsed.o strperm.o struid.o strgid.o strtoip4.o strtoip6.o stk.o swapget.o swapmem.o swapop.o swapput.o sigdata.o sigcrit.o sigunblock.o procopen.o procclose.o procrun.o procfree.o tmdate.o tmequiv.o tmfix.o tmfmt.o tmform.o tmgoff.o tminit.o tmleap.o tmlex.o tmlocale.o tmmake.o tmpoff.o tmscan.o tmsleep.o tmtime.o tmtype.o tmweek.o tmword.o tmzone.o tmxdate.o tmxduration.o tmxfmt.o tmxgettime.o tmxleap.o tmxmake.o tmxscan.o tmxsettime.o tmxsleep.o tmxtime.o tmxtouch.o tvcmp.o tvgettime.o tvsettime.o tvsleep.o tvtouch.o cmdarg.o vecargs.o vecfile.o vecfree.o vecload.o vecstring.o univdata.o touch.o mnt.o debug.o memccpy.o memchr.o memcmp.o memcpy.o memdup.o memmove.o memset.o mkdir.o mkfifo.o mknod.o rmdir.o remove.o rename.o link.o unlink.o strdup.o strtod.o strtold.o strtol.o strtoll.o strtoul.o strtoull.o strton.o strtonll.o strntod.o strntold.o strnton.o
-			exec - ${AR} rc libast.a strntonll.o strntol.o strntoll.o strntoul.o strntoull.o strcasecmp.o strncasecmp.o strerror.o mktemp.o tmpnam.o fsync.o execlp.o execve.o execvp.o execvpe.o spawnveg.o killpg.o getlogin.o putenv.o setenv.o unsetenv.o lstat.o statvfs.o eaccess.o gross.o omitted.o readlink.o symlink.o getpgrp.o setpgid.o setsid.o fcntl.o open.o getdents.o getwd.o dup2.o errno.o getgroups.o mount.o system.o iblocks.o modedata.o tmdata.o memfatal.o sfkeyprintf.o sfdcdio.o sfdcdos.o sfdcfilter.o sfdcseekable.o sfdcslow.o sfdcsubstr.o sfdctee.o sfdcunion.o sfdcmore.o sfdcprefix.o wc.o wc2utf8.o dirname.o fmtmsglib.o fnmatch.o ftw.o getdate.o getsubopt.o glob.o nftw.o re_comp.o resolvepath.o realpath.o regcmp.o regexp.o strftime.o strptime.o swab.o tempnam.o wordexp.o mktime.o regalloc.o regclass.o regcoll.o regcomp.o regcache.o regdecomp.o regerror.o regexec.o regfatal.o reginit.o
+			exec - ${AR} rc libast.a strntonll.o strntol.o strntoll.o strntoul.o strntoull.o strcasecmp.o strncasecmp.o strerror.o mktemp.o tmpnam.o fsync.o execlp.o execve.o execvp.o execvpe.o spawnveg.o killpg.o getlogin.o putenv.o setenv.o unsetenv.o lstat.o statvfs.o eaccess.o gross.o omitted.o readlink.o symlink.o getpgrp.o setpgid.o setsid.o fcntl.o open.o arc4random.o getdents.o getwd.o dup2.o errno.o getgroups.o mount.o system.o iblocks.o modedata.o tmdata.o memfatal.o sfkeyprintf.o sfdcdio.o sfdcdos.o sfdcfilter.o sfdcseekable.o sfdcslow.o sfdcsubstr.o sfdctee.o sfdcunion.o sfdcmore.o sfdcprefix.o wc.o wc2utf8.o dirname.o fmtmsglib.o fnmatch.o ftw.o getdate.o getsubopt.o glob.o nftw.o re_comp.o resolvepath.o realpath.o regcmp.o regexp.o strftime.o strptime.o swab.o tempnam.o wordexp.o mktime.o regalloc.o regclass.o regcoll.o regcomp.o regcache.o regdecomp.o regerror.o regexec.o regfatal.o reginit.o
 			exec - ${AR} rc libast.a regnexec.o regsubcomp.o regsubexec.o regsub.o regrecord.o regrexec.o regstat.o dtclose.o dtdisc.o dthash.o dtlist.o dtmethod.o dtopen.o dtstat.o dtstrhash.o dttree.o dtuser.o dtview.o dtwalk.o dtnew.o dtcomp.o sfclose.o sfclrlock.o sfdisc.o sfdlen.o sfexcept.o sfgetl.o sfgetu.o sfcvt.o sfecvt.o sffcvt.o sfextern.o sffilbuf.o sfflsbuf.o sfprints.o sfgetd.o sfgetr.o sfllen.o sfmode.o sfmove.o sfnew.o sfpkrd.o sfnotify.o sfnputc.o sfopen.o sfpeek.o sfpoll.o sfpool.o sfpopen.o sfprintf.o sfputd.o sfputl.o sfputr.o sfputu.o sfrd.o sfread.o sfreserve.o sfscanf.o sfseek.o sfset.o sfsetbuf.o sfsetfd.o sfsize.o sfsk.o sfstack.o sfstrtod.o sfsync.o sfswap.o sftable.o sftell.o sftmp.o sfungetc.o sfvprintf.o sfvscanf.o sfwr.o sfwrite.o sfpurge.o sfraise.o sfwalk.o sfgetm.o sfputm.o sfresize.o _sfclrerr.o _sfeof.o _sferror.o _sffileno.o _sfopen.o _sfstacked.o _sfvalue.o _sfgetc.o _sfgetl.o _sfgetl2.o _sfgetu.o _sfgetu2.o _sfdlen.o _sfllen.o _sfslen.o _sfulen.o _sfputc.o _sfputd.o _sfputl.o _sfputm.o
 			exec - ${AR} rc libast.a _sfputu.o clearerr.o fclose.o fdopen.o fflush.o fgetc.o fgetpos.o fgets.o fopen.o fprintf.o fpurge.o fputs.o fread.o freopen.o fscanf.o fseek.o fseeko.o fsetpos.o ftell.o ftello.o fwrite.o getw.o pclose.o popen.o printf.o putchar.o puts.o putw.o rewind.o scanf.o setbuf.o setbuffer.o setlinebuf.o setvbuf.o snprintf.o sprintf.o sscanf.o asprintf.o vasprintf.o tmpfile.o ungetc.o vfprintf.o vfscanf.o vprintf.o vscanf.o vsnprintf.o vsprintf.o vsscanf.o _doprnt.o _doscan.o _filbuf.o _flsbuf.o _stdopen.o _stdprintf.o _stdscanf.o _stdsprnt.o _stdvbuf.o _stdvsnprnt.o _stdvsprnt.o _stdvsscn.o fgetwc.o fwprintf.o putwchar.o vfwscanf.o wprintf.o fgetws.o fwscanf.o swprintf.o vswprintf.o wscanf.o fputwc.o getwc.o swscanf.o vswscanf.o fputws.o getwchar.o ungetwc.o vwprintf.o fwide.o putwc.o vfwprintf.o vwscanf.o stdio_c99.o fcloseall.o fmemopen.o getdelim.o getline.o frexp.o frexpl.o astcopy.o
 			exec - ${AR} rc libast.a astconf.o astdynamic.o astquery.o astwinsize.o conftab.o aststatic.o getopt.o getoptl.o aso.o asolock.o asometh.o asorelax.o aso-sem.o aso-fcntl.o vmbest.o vmclear.o vmclose.o vmdcheap.o vmdebug.o vmdisc.o vmlast.o vmopen.o vmpool.o vmprivate.o vmprofile.o vmregion.o vmsegment.o vmset.o vmstat.o vmstrdup.o vmtrace.o vmwalk.o vmmopen.o malloc.o vmgetmem.o
@@ -4900,6 +4913,10 @@ make install
 		prev ast_param.h
 		exec - ${STDCP} -f ast_param.h ${INSTALLROOT}/include/ast/ast_param.h
 	done ${INSTALLROOT}/include/ast/ast_param.h generated
+	make ${INSTALLROOT}/include/ast/ast_random.h
+		prev FEATURE/random
+		exec - ${STDCP} -f FEATURE/random ${INSTALLROOT}/include/ast/ast_random.h
+	done ${INSTALLROOT}/include/ast/ast_random.h generated
 	make ${INSTALLROOT}/include/ast/ast_sys.h
 		prev ast_sys.h
 		exec - ${STDCP} -f ast_sys.h ${INSTALLROOT}/include/ast/ast_sys.h