From a24109c93cf0620d2a5d80b4080edc56be4038ce Mon Sep 17 00:00:00 2001
From: Kris Kennaway <kris@FreeBSD.org>
Date: Mon, 5 Mar 2001 02:15:38 +0000
Subject: Switch from using rand() or random() to a stronger, more appropriate
 PRNG (random() or arc4random())

Reviewed by:	bde
---
 pw/pw_user.c | 21 ++-------------------
 1 file changed, 2 insertions(+), 19 deletions(-)

diff --git a/pw/pw_user.c b/pw/pw_user.c
index 26615b7..2dee04b 100644
--- a/pw/pw_user.c
+++ b/pw/pw_user.c
@@ -55,7 +55,6 @@ static const char rcsid[] =
 #define LOGNAMESIZE (MAXLOGNAME-1)
 #endif
 
-static          int randinit;
 static		char locked_str[] = "*LOCKED*";
 
 static int      print_user(struct passwd * pwd, int pretty, int v7);
@@ -1013,16 +1012,8 @@ pw_pwcrypt(char *password)
 	/*
 	 * Calculate a salt value
 	 */
-	if (!randinit) {
-		randinit = 1;
-#ifdef __FreeBSD__
-		srandomdev();
-#else
-		srandom((unsigned long) (time(NULL) ^ getpid()));
-#endif
-	}
 	for (i = 0; i < 8; i++)
-		salt[i] = chars[random() % 63];
+		salt[i] = chars[arc4random() % 63];
 	salt[i] = '\0';
 
 	return strcpy(buf, crypt(password, salt));
@@ -1086,15 +1077,7 @@ pw_password(struct userconf * cnf, struct cargs * args, char const * user)
 
 	switch (cnf->default_password) {
 	case -1:		/* Random password */
-		if (!randinit) {
-			randinit = 1;
-#ifdef __FreeBSD__
-			srandomdev();
-#else
-			srandom((unsigned long) (time(NULL) ^ getpid()));
-#endif
-		}
-		l = (random() % 8 + 8);	/* 8 - 16 chars */
+		l = (arc4random() % 8 + 8);	/* 8 - 16 chars */
 		pw_getrand(rndbuf, l);
 		for (i = 0; i < l; i++)
 			pwbuf[i] = chars[rndbuf[i] % (sizeof(chars)-1)];
-- 
cgit v1.2.3-56-ge451