Switch from using rand() or random() to a stronger, more appropriate PRNG

(random() or arc4random())

Reviewed by:	bde

3 files changed, 4 insertions, 37 deletions

diff --git a/bin/ed/cbc.c b/bin/ed/cbc.c
index f77ce0d..8ac0cd2 100644
--- a/bin/ed/cbc.c
+++ b/bin/ed/cbc.c
@@ -57,12 +57,6 @@ static char * const rcsid =
 
 
 /*
- * Define a divisor for rand() that yields a uniform distribution in the
- * range 0-255.
- */
-#define	RAND_DIV (((unsigned) RAND_MAX + 1) >> 8)
-
-/*
  * BSD and System V systems offer special library calls that do
  * block move_liness and fills, so if possible we take advantage of them
  */
@@ -125,9 +119,8 @@ init_des_cipher()
 	MEMZERO(ivec, 8);
 
 	/* initialize the padding vector */
-	srand((unsigned) time((time_t *) 0));
 	for (i = 0; i < 8; i++)
-		CHAR(pvec, i) = (char) (rand()/RAND_DIV);
+		CHAR(pvec, i) = (char) (arc4random() % 256);
 #endif
 }
 
diff --git a/usr.bin/newkey/generic.c b/usr.bin/newkey/generic.c
index 4067867..39e40f0 100644
--- a/usr.bin/newkey/generic.c
+++ b/usr.bin/newkey/generic.c
@@ -57,18 +57,9 @@ getseed(seed, seedsize, pass)
 	unsigned char *pass;
 {
 	int i;
-	int rseed;
-	struct timeval tv;
-
-	(void)gettimeofday(&tv, (struct timezone *)NULL);
-	rseed = tv.tv_sec + tv.tv_usec;
-	for (i = 0; i < 8; i++) {
-		rseed ^= (rseed << 8) | pass[i];
-	}
-	srand(rseed);
 
 	for (i = 0; i < seedsize; i++) {
-		seed[i] = (rand() & 0xff) ^ pass[i % 8];
+		seed[i] = (arc4random() & 0xff) ^ pass[i % 8];
 	}
 }
 
diff --git a/usr.sbin/pw/pw_user.c b/usr.sbin/pw/pw_user.c
index 26615b7..2dee04b 100644
--- a/usr.sbin/pw/pw_user.c
+++ b/usr.sbin/pw/pw_user.c
@@ -55,7 +55,6 @@ static const char rcsid[] =
 #define LOGNAMESIZE (MAXLOGNAME-1)
 #endif
 
-static          int randinit;
 static		char locked_str[] = "*LOCKED*";
 
 static int      print_user(struct passwd * pwd, int pretty, int v7);
@@ -1013,16 +1012,8 @@ pw_pwcrypt(char *password)
 	/*
 	 * Calculate a salt value
 	 */
-	if (!randinit) {
-		randinit = 1;
-#ifdef __FreeBSD__
-		srandomdev();
-#else
-		srandom((unsigned long) (time(NULL) ^ getpid()));
-#endif
-	}
 	for (i = 0; i < 8; i++)
-		salt[i] = chars[random() % 63];
+		salt[i] = chars[arc4random() % 63];
 	salt[i] = '\0';
 
 	return strcpy(buf, crypt(password, salt));
@@ -1086,15 +1077,7 @@ pw_password(struct userconf * cnf, struct cargs * args, char const * user)
 
 	switch (cnf->default_password) {
 	case -1:		/* Random password */
-		if (!randinit) {
-			randinit = 1;
-#ifdef __FreeBSD__
-			srandomdev();
-#else
-			srandom((unsigned long) (time(NULL) ^ getpid()));
-#endif
-		}
-		l = (random() % 8 + 8);	/* 8 - 16 chars */
+		l = (arc4random() % 8 + 8);	/* 8 - 16 chars */
 		pw_getrand(rndbuf, l);
 		for (i = 0; i < l; i++)
 			pwbuf[i] = chars[rndbuf[i] % (sizeof(chars)-1)];