rand()/srand() are not cryptographically secure PRNGs. Some systems
have the much better suited arc4random() family of functions; there's no
reason to not use it if it is available. Make m_rand() just a wrapper
around arc4random_buf() in that case. (There's no need to ever seed it
manually.)
As a bonus, silences some warnings on OpenBSD.
diff --git a/configure.ac b/configure.ac
index ce4b46d..5f6b556 100644
--- a/configure.ac
+++ b/configure.ac
@@ -363,7 +363,7 @@ AC_CHECK_HEADER([sys/ptem.h], AC_DEFINE(WINSIZE_IN_PTEM,1,
dnl ---------------
dnl CHECK FUNCTIONS
dnl ---------------
-AC_CHECK_FUNCS([wcwidth mbtowc writev lstat nl_langinfo getutxent])
+AC_CHECK_FUNCS([wcwidth mbtowc writev lstat nl_langinfo getutxent arc4random])
dnl Check for multibyte character set support
AS_IF([test "x$ac_cv_header_wchar_h" = "xyes" -a \
diff --git a/sbr/m_rand.c b/sbr/m_rand.c
index 4d24888..8544cfb 100644
--- a/sbr/m_rand.c
+++ b/sbr/m_rand.c
@@ -6,16 +6,21 @@
* complete copyright information.
*/
-#include <stdlib.h> /* for abs(), srand(), rand() */
+#include <stdlib.h> /* for abs(), srand(), rand(), arc4random() */
#include <stdio.h> /* for fopen(), fread(), fclose() */
#include <unistd.h> /* for getpid() */
#include <time.h> /* for time() */
+#include <config.h>
+
+#if !HAVE_ARC4RANDOM
static int seeded = 0;
+#endif
int
m_rand (unsigned char *buf, size_t n) {
+#if !HAVE_ARC4RANDOM
if (! seeded) {
FILE *devurandom;
unsigned int seed;
@@ -46,6 +51,9 @@ m_rand (unsigned char *buf, size_t n) {
*buf++ = *rndp++;
}
}
+#else
+ arc4random_buf(buf, n);
+#endif
return 0;
}
_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers