mirror of
https://github.com/freebsd/freebsd-src.git
synced 2024-11-28 19:52:44 +00:00
Use arc4random_uniform() to avoid "modulo bias"
Remove pw_getrand() unneded now: arc4random_uniform() is stronger then pw_getrand()'s MD5 tricks (inactive) and its active version, mixing arc4random() bytes in one, not make things better at all.
This commit is contained in:
parent
48d48eb980
commit
f70f5c2077
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=181785
@ -43,9 +43,6 @@ static const char rcsid[] =
|
||||
#include <unistd.h>
|
||||
#include <utmp.h>
|
||||
#include <login_cap.h>
|
||||
#if defined(USE_MD5RAND)
|
||||
#include <md5.h>
|
||||
#endif
|
||||
#include "pw.h"
|
||||
#include "bitmap.h"
|
||||
|
||||
@ -1045,74 +1042,24 @@ pw_pwcrypt(char *password)
|
||||
* Calculate a salt value
|
||||
*/
|
||||
for (i = 0; i < SALTSIZE; i++)
|
||||
salt[i] = chars[arc4random() % (sizeof(chars) - 1)];
|
||||
salt[i] = chars[arc4random_uniform(sizeof(chars) - 1)];
|
||||
salt[SALTSIZE] = '\0';
|
||||
|
||||
return strcpy(buf, crypt(password, salt));
|
||||
}
|
||||
|
||||
#if defined(USE_MD5RAND)
|
||||
u_char *
|
||||
pw_getrand(u_char *buf, int len) /* cryptographically secure rng */
|
||||
{
|
||||
int i;
|
||||
for (i=0;i<len;i+=16) {
|
||||
u_char ubuf[16];
|
||||
|
||||
MD5_CTX md5_ctx;
|
||||
struct timeval tv, tvo;
|
||||
struct rusage ru;
|
||||
int n=0;
|
||||
int t;
|
||||
|
||||
MD5Init (&md5_ctx);
|
||||
t=getpid();
|
||||
MD5Update (&md5_ctx, (u_char*)&t, sizeof t);
|
||||
t=getppid();
|
||||
MD5Update (&md5_ctx, (u_char*)&t, sizeof t);
|
||||
gettimeofday (&tvo, NULL);
|
||||
do {
|
||||
getrusage (RUSAGE_SELF, &ru);
|
||||
MD5Update (&md5_ctx, (u_char*)&ru, sizeof ru);
|
||||
gettimeofday (&tv, NULL);
|
||||
MD5Update (&md5_ctx, (u_char*)&tv, sizeof tv);
|
||||
} while (n++<20 || tv.tv_usec-tvo.tv_usec<100*1000);
|
||||
MD5Final (ubuf, &md5_ctx);
|
||||
memcpy(buf+i, ubuf, MIN(16, len-i));
|
||||
}
|
||||
return buf;
|
||||
}
|
||||
|
||||
#else /* Portable version */
|
||||
|
||||
static u_char *
|
||||
pw_getrand(u_char *buf, int len)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < len; i++) {
|
||||
unsigned long val = arc4random();
|
||||
/* Use all bits in the random value */
|
||||
buf[i]=(u_char)((val >> 24) ^ (val >> 16) ^ (val >> 8) ^ val);
|
||||
}
|
||||
return buf;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
static char *
|
||||
pw_password(struct userconf * cnf, struct cargs * args, char const * user)
|
||||
{
|
||||
int i, l;
|
||||
char pwbuf[32];
|
||||
u_char rndbuf[sizeof pwbuf];
|
||||
|
||||
switch (cnf->default_password) {
|
||||
case -1: /* Random password */
|
||||
l = (arc4random() % 8 + 8); /* 8 - 16 chars */
|
||||
pw_getrand(rndbuf, l);
|
||||
for (i = 0; i < l; i++)
|
||||
pwbuf[i] = chars[rndbuf[i] % (sizeof(chars)-1)];
|
||||
pwbuf[i] = chars[arc4random_uniform(sizeof(chars)-1)];
|
||||
pwbuf[i] = '\0';
|
||||
|
||||
/*
|
||||
|
Loading…
Reference in New Issue
Block a user