Date: Sun, 20 Jan 2002 21:53:34 +0300 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: markm@freebsd.org, des@freebsd.org, current@freebsd.org Subject: Step1, pam_unix srandomdev fix for review Message-ID: <20020120185334.GA23348@nagual.pp.ru>
next in thread | raw e-mail | index | archive | help
Bug: srandomdev() can't be used in libraries because it touch internal RNG state which may be used by user program which not want true randomness but pseudo one. Fix: srandomdev() removed, random() replaced by arc4random() which initialize itself from true randomness automatically. --- pam_unix.c.old Sat Jan 19 21:29:49 2002 +++ pam_unix.c Sun Jan 20 21:42:47 2002 @@ -502,15 +502,14 @@ syslog(LOG_ERR, "cannot set password cipher"); login_close(lc); /* Salt suitable for anything */ - srandomdev(); gettimeofday(&tv, 0); - to64(&salt[0], random(), 3); + to64(&salt[0], arc4random(), 3); to64(&salt[3], tv.tv_usec, 3); to64(&salt[6], tv.tv_sec, 2); - to64(&salt[8], random(), 5); - to64(&salt[13], random(), 5); - to64(&salt[17], random(), 5); - to64(&salt[22], random(), 5); + to64(&salt[8], arc4random(), 5); + to64(&salt[13], arc4random(), 5); + to64(&salt[17], arc4random(), 5); + to64(&salt[22], arc4random(), 5); salt[27] = '\0'; pwd->pw_passwd = crypt(pass, salt); @@ -596,15 +595,14 @@ syslog(LOG_ERR, "cannot set password cipher"); login_close(lc); /* Salt suitable for anything */ - srandomdev(); gettimeofday(&tv, 0); - to64(&salt[0], random(), 3); + to64(&salt[0], arc4random(), 3); to64(&salt[3], tv.tv_usec, 3); to64(&salt[6], tv.tv_sec, 2); - to64(&salt[8], random(), 5); - to64(&salt[13], random(), 5); - to64(&salt[17], random(), 5); - to64(&salt[22], random(), 5); + to64(&salt[8], arc4random(), 5); + to64(&salt[13], arc4random(), 5); + to64(&salt[17], arc4random(), 5); + to64(&salt[22], arc4random(), 5); salt[27] = '\0'; if (suser_override) -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020120185334.GA23348>