Switch from using rand() or random() to a stronger, more appropriate PRNG

(random() or arc4random()) Reviewed by: bde
svn path=/head/; revision=73563
2024-10-18 02:19:39 +00:00 · 2001-03-05 02:15:38 +00:00 · 2001-03-05 02:15:38 +00:00 · 27540537e8 · 2020-12-20 02:59:44 +00:00
commit 27540537e8
parent 25ef32a97a
3 changed files with 4 additions and 37 deletions
--- a/bin/ed/cbc.c
+++ b/bin/ed/cbc.c
@ -56,12 +56,6 @@ static char * const rcsid =
 #include "ed.h"


-/*
- * Define a divisor for rand() that yields a uniform distribution in the
- * range 0-255.
- */
-#define	RAND_DIV (((unsigned) RAND_MAX + 1) >> 8)
-
 /*
 * BSD and System V systems offer special library calls that do
 * block move_liness and fills, so if possible we take advantage of them
@ -125,9 +119,8 @@ init_des_cipher()
 	MEMZERO(ivec, 8);

 	/* initialize the padding vector */
-	srand((unsigned) time((time_t *) 0));
 	for (i = 0; i < 8; i++)
-		CHAR(pvec, i) = (char) (rand()/RAND_DIV);
+		CHAR(pvec, i) = (char) (arc4random() % 256);
 #endif
 }

--- a/usr.bin/newkey/generic.c
+++ b/usr.bin/newkey/generic.c
@ -57,18 +57,9 @@ getseed(seed, seedsize, pass)
 	unsigned char *pass;
 {
 	int i;
-	int rseed;
-	struct timeval tv;
-
-	(void)gettimeofday(&tv, (struct timezone *)NULL);
-	rseed = tv.tv_sec + tv.tv_usec;
-	for (i = 0; i < 8; i++) {
-		rseed ^= (rseed << 8) | pass[i];
-	}
-	srand(rseed);

 	for (i = 0; i < seedsize; i++) {
-		seed[i] = (rand() & 0xff) ^ pass[i % 8];
+		seed[i] = (arc4random() & 0xff) ^ pass[i % 8];
 	}
 }

--- a/usr.sbin/pw/pw_user.c
+++ b/usr.sbin/pw/pw_user.c
@ -55,7 +55,6 @@ static const char rcsid[] =
 #define LOGNAMESIZE (MAXLOGNAME-1)
 #endif

-static          int randinit;
 static		char locked_str[] = "*LOCKED*";

 static int      print_user(struct passwd * pwd, int pretty, int v7);
@ -1013,16 +1012,8 @@ pw_pwcrypt(char *password)
 	/*
 	 * Calculate a salt value
 	 */
-	if (!randinit) {
-		randinit = 1;
-#ifdef __FreeBSD__
-		srandomdev();
-#else
-		srandom((unsigned long) (time(NULL) ^ getpid()));
-#endif
-	}
 	for (i = 0; i < 8; i++)
-		salt[i] = chars[random() % 63];
+		salt[i] = chars[arc4random() % 63];
 	salt[i] = '\0';

 	return strcpy(buf, crypt(password, salt));
@ -1086,15 +1077,7 @@ pw_password(struct userconf * cnf, struct cargs * args, char const * user)

 	switch (cnf->default_password) {
 	case -1:		/* Random password */
-		if (!randinit) {
-			randinit = 1;
-#ifdef __FreeBSD__
-			srandomdev();
-#else
-			srandom((unsigned long) (time(NULL) ^ getpid()));
-#endif
-		}
-		l = (random() % 8 + 8);	/* 8 - 16 chars */
+		l = (arc4random() % 8 + 8);	/* 8 - 16 chars */
 		pw_getrand(rndbuf, l);
 		for (i = 0; i < l; i++)
 			pwbuf[i] = chars[rndbuf[i] % (sizeof(chars)-1)];