modules/crypto/pbkdf2v2: use arc4random_buf() to generate salt

author Aaron Jones <redacted>

Sat, 7 Oct 2017 14:43:57 +0000 (14:43 +0000)

committer Aaron Jones <redacted>

Sat, 7 Oct 2017 22:05:41 +0000 (22:05 +0000)
author Aaron Jones <redacted>
Sat, 7 Oct 2017 14:43:57 +0000 (14:43 +0000)
committer Aaron Jones <redacted>
Sat, 7 Oct 2017 22:05:41 +0000 (22:05 +0000)
diff --git a/modules/crypto/pbkdf2v2.c b/modules/crypto/pbkdf2v2.c

index 3e7a2f76e6574c22c6fb252ba540aee815b1b32e..ce6818e02f8c9e293b1f27b855b403c77c7155c2 100644 (file)
--- a/modules/crypto/pbkdf2v2.c
+++ b/modules/crypto/pbkdf2v2.c
@@ -52,11 +52,16 @@ static unsigned int pbkdf2v2_rounds = PBKDF2_C_DEF;
  
  static const char *pbkdf2v2_make_salt(void)
  {
-       char            salt[PBKDF2_SALTLEN + 1];
+       unsigned char   rawsalt[PBKDF2_SALTLEN];
+       char            salt[sizeof rawsalt + 1];
         static char     result[PASSLEN];
  
-       for (int i = 0; i < PBKDF2_SALTLEN; i++)
-               salt[i] = salt_chars[arc4random() % sizeof salt_chars];
+       /* Fill salt array with random bytes */
+       (void) arc4random_buf(rawsalt, sizeof rawsalt);
+
+       /* Use random byte as index into printable character array, turning it into a printable string */
+       for (size_t i = 0; i < sizeof rawsalt; i++)
+               salt[i] = salt_chars[rawsalt[i] % sizeof salt_chars];
  
         /* NULL-terminate the string */
         salt[PBKDF2_SALTLEN] = 0x00;
author	Aaron Jones <redacted>
	Sat, 7 Oct 2017 14:43:57 +0000 (14:43 +0000)
committer	Aaron Jones <redacted>
	Sat, 7 Oct 2017 22:05:41 +0000 (22:05 +0000)