use arc4random_uniform() for random number requests that are not a

power of two.

use arc4random_bytes() when requesting more than a word of PRNG
output.

ok deraadt@

13 files changed, 32 insertions, 31 deletions

diff --git a/sys/arch/hppa/hppa/pmap.c b/sys/arch/hppa/hppa/pmap.c
index fd45a09faa4..5d6a2b4e227 100644
--- a/sys/arch/hppa/hppa/pmap.c
+++ b/sys/arch/hppa/hppa/pmap.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pmap.c,v 1.131 2007/09/22 09:57:40 martin Exp $	*/
+/*	$OpenBSD: pmap.c,v 1.132 2008/04/18 06:42:21 djm Exp $	*/
 
 /*
  * Copyright (c) 1998-2004 Michael Shalayeff
@@ -639,7 +639,7 @@ pmap_create()
 	pmap->pm_obj.uo_npages = 0;
 	pmap->pm_obj.uo_refs = 1;
 
-	for (space = 1 + (arc4random() % hppa_sid_max);
+	for (space = 1 + arc4random_uniform(hppa_sid_max);
 	    pmap_sdir_get(space); space = (space + 1) % hppa_sid_max);
 
 	if ((pmap->pm_pdir_pg = pmap_pagealloc(NULL, 0)) == NULL)
diff --git a/sys/arch/sparc64/sparc64/machdep.c b/sys/arch/sparc64/sparc64/machdep.c
index d1eac95388d..eb5dcc28da8 100644
--- a/sys/arch/sparc64/sparc64/machdep.c
+++ b/sys/arch/sparc64/sparc64/machdep.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: machdep.c,v 1.107 2008/04/09 16:58:10 deraadt Exp $	*/
+/*	$OpenBSD: machdep.c,v 1.108 2008/04/18 06:42:21 djm Exp $	*/
 /*	$NetBSD: machdep.c,v 1.108 2001/07/24 19:30:14 eeh Exp $ */
 
 /*-
@@ -333,8 +333,8 @@ setregs(p, pack, stack, retval)
 	 * Setup the process StackGhost cookie which will be XORed into
 	 * the return pointer as register windows are over/underflowed.
 	 */
-	p->p_addr->u_pcb.pcb_wcookie = ((u_int64_t)arc4random() << 32) |
-	    arc4random();
+	arc4random_bytes(&p->p_addr->u_pcb.pcb_wcookie,
+	    sizeof(p->p_addr->u_pcb.pcb_wcookie));
 
 	/* The cookie needs to guarantee invalid alignment after the XOR. */
 	switch (p->p_addr->u_pcb.pcb_wcookie % 3) {
diff --git a/sys/arch/zaurus/dev/zaurus_flash.c b/sys/arch/zaurus/dev/zaurus_flash.c
index a6b4ec29cd4..cef7861152c 100644
--- a/sys/arch/zaurus/dev/zaurus_flash.c
+++ b/sys/arch/zaurus/dev/zaurus_flash.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: zaurus_flash.c,v 1.6 2007/10/06 02:18:38 krw Exp $	*/
+/*	$OpenBSD: zaurus_flash.c,v 1.7 2008/04/18 06:42:21 djm Exp $	*/
 
 /*
  * Copyright (c) 2005 Uwe Stuehler <uwe@openbsd.org>
@@ -644,7 +644,7 @@ zflash_safe_start(struct zflash_softc *sc, dev_t dev)
 	DPRINTF(("pblks %u lblks %u\n", sp->sp_pblks, sp->sp_lblks));
 
 	/* Next physical block to use; randomize for wear-leveling. */
-	sp->sp_pnext = arc4random() % sp->sp_pblks;
+	sp->sp_pnext = arc4random_uniform(sp->sp_pblks);
 
 	/* Allocate physical block usage map. */
 	phyuse = (u_int16_t *)malloc(sp->sp_pblks * sizeof(u_int16_t),
diff --git a/sys/ddb/db_hangman.c b/sys/ddb/db_hangman.c
index 72c50048c57..54b33777336 100644
--- a/sys/ddb/db_hangman.c
+++ b/sys/ddb/db_hangman.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: db_hangman.c,v 1.27 2006/07/07 12:42:13 mickey Exp $	*/
+/*	$OpenBSD: db_hangman.c,v 1.28 2008/04/18 06:42:20 djm Exp $	*/
 
 /*
  * Copyright (c) 1996 Theo de Raadt, Michael Shalayeff
@@ -72,7 +72,7 @@ db_random(size_t mod)
 {
 	if (cold)
 		return (random() % mod);
-	return (arc4random() % mod);
+	return (arc4random_uniform(mod));
 }
 
 struct db_hang_forall_arg {
diff --git a/sys/netatalk/at_control.c b/sys/netatalk/at_control.c
index 04c4a1f1d3d..4dea1123ddd 100644
--- a/sys/netatalk/at_control.c
+++ b/sys/netatalk/at_control.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: at_control.c,v 1.11 2007/10/01 16:39:30 krw Exp $	*/
+/*	$OpenBSD: at_control.c,v 1.12 2008/04/18 06:42:20 djm Exp $	*/
 
 /*
  * Copyright (c) 1990,1991 Regents of The University of Michigan.
@@ -379,7 +379,7 @@ at_ifinit( ifp, aa, sat )
 	    if ( sat->sat_addr.s_net == ATADDR_ANYNET ) {
 		if ( nnets != 1 ) {
 		    net = ntohs( nr.nr_firstnet ) +
-		    	arc4random() % ( nnets - 1 );
+		    	arc4random_uniform( nnets - 1 );
 		} else {
 		    net = ntohs( nr.nr_firstnet );
 		}
diff --git a/sys/netinet/igmp_var.h b/sys/netinet/igmp_var.h
index c0aaa286ce9..ea066093ec4 100644
--- a/sys/netinet/igmp_var.h
+++ b/sys/netinet/igmp_var.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: igmp_var.h,v 1.8 2007/12/14 18:33:40 deraadt Exp $	*/
+/*	$OpenBSD: igmp_var.h,v 1.9 2008/04/18 06:42:20 djm Exp $	*/
 /*	$NetBSD: igmp_var.h,v 1.9 1996/02/13 23:41:31 christos Exp $	*/
 
 /*
@@ -85,7 +85,7 @@ extern struct igmpstat igmpstat;
  * DELAY * countdown frequency).  We assume that the routine random()
  * is defined somewhere (and that it returns a positive number).
  */
-#define	IGMP_RANDOM_DELAY(X)	(arc4random() % (X) + 1)
+#define	IGMP_RANDOM_DELAY(X)	(arc4random_uniform(X) + 1)
 
 void	igmp_init(void);
 void	igmp_input(struct mbuf *, ...);
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index e496b8c5931..88acbfa09ed 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: in_pcb.c,v 1.92 2007/12/30 21:13:27 claudio Exp $	*/
+/*	$OpenBSD: in_pcb.c,v 1.93 2008/04/18 06:42:20 djm Exp $	*/
 /*	$NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $	*/
 
 /*
@@ -335,7 +335,7 @@ in_pcbbind(v, nam)
 			 */
 			count = first - last;
 			if (count)
-				*lastport = first - (arc4random() % count);
+				*lastport = first - arc4random_uniform(count);
 
 			do {
 				if (count-- < 0)	/* completely used? */
@@ -353,7 +353,7 @@ in_pcbbind(v, nam)
 			 */
 			count = last - first;
 			if (count)
-				*lastport = first + (arc4random() % count);
+				*lastport = first + arc4random_uniform(count);
 
 			do {
 				if (count-- < 0)	/* completely used? */
diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c
index 993fc376bf1..307aa0ab529 100644
--- a/sys/netinet/ip_ipsp.c
+++ b/sys/netinet/ip_ipsp.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_ipsp.c,v 1.170 2007/10/29 16:19:23 chl Exp $	*/
+/*	$OpenBSD: ip_ipsp.c,v 1.171 2008/04/18 06:42:20 djm Exp $	*/
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
  * Angelos D. Keromytis (kermit@csd.uch.gr),
@@ -232,7 +232,7 @@ reserve_spi(u_int32_t sspi, u_int32_t tspi, union sockaddr_union *src,
 		if (sspi == tspi)  /* Specific SPI asked. */
 			spi = tspi;
 		else    /* Range specified */
-			spi = sspi + (arc4random() % (tspi - sspi));
+			spi = sspi + arc4random_uniform(tspi - sspi);
 
 		/* Don't allocate reserved SPIs.  */
 		if (spi >= SPI_RESERVED_MIN && spi <= SPI_RESERVED_MAX)
diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c
index 448f3b2dd06..3fbe4b47abf 100644
--- a/sys/netinet6/in6_pcb.c
+++ b/sys/netinet6/in6_pcb.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: in6_pcb.c,v 1.43 2005/06/24 07:57:24 markus Exp $	*/
+/*	$OpenBSD: in6_pcb.c,v 1.44 2008/04/18 06:42:20 djm Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -347,7 +347,7 @@ in6_pcbsetport(laddr, inp, p)
 		 */
 		count = first - last;
 		if (count)
-			*lastport = first - (arc4random() % count);
+			*lastport = first - arc4random_uniform(count);
 
 		do {
 			if (count-- < 0)	/* completely used? */
@@ -365,7 +365,7 @@ in6_pcbsetport(laddr, inp, p)
 		 */
 		count = last - first;
 		if (count)
-			*lastport = first + (arc4random() % count);
+			*lastport = first + arc4random_uniform(count);
 
 		do {
 			if (count-- < 0)	/* completely used? */
diff --git a/sys/netinet6/ip6_id.c b/sys/netinet6/ip6_id.c
index cb3738869d9..db562454533 100644
--- a/sys/netinet6/ip6_id.c
+++ b/sys/netinet6/ip6_id.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip6_id.c,v 1.5 2007/11/26 09:28:33 martynas Exp $	*/
+/*	$OpenBSD: ip6_id.c,v 1.6 2008/04/18 06:42:20 djm Exp $	*/
 /*	$NetBSD: ip6_id.c,v 1.7 2003/09/13 21:32:59 itojun Exp $	*/
 /*	$KAME: ip6_id.c,v 1.8 2003/09/06 13:41:06 itojun Exp $	*/
 
@@ -176,7 +176,7 @@ initid(struct randomtab *p)
 	u_int32_t j, i;
 	int noprime = 1;
 
-	p->ru_x = arc4random() % p->ru_m;
+	p->ru_x = arc4random_uniform(p->ru_m);
 
 	/* (bits - 1) bits of random seed */
 	p->ru_seed = arc4random() & (~0U >> (32 - p->ru_bits + 1));
@@ -189,7 +189,7 @@ initid(struct randomtab *p)
 	while (p->ru_b % 3 == 0)
 		p->ru_b += 2;
 
-	j = arc4random() % p->ru_n;
+	j = arc4random_uniform(p->ru_n);
 
 	/*
 	 * Do a fast gcd(j, RU_N - 1), so we can find a j with
diff --git a/sys/netinet6/mld6_var.h b/sys/netinet6/mld6_var.h
index 7024215467a..853cc900f8a 100644
--- a/sys/netinet6/mld6_var.h
+++ b/sys/netinet6/mld6_var.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: mld6_var.h,v 1.5 2003/06/11 02:54:02 itojun Exp $	*/
+/*	$OpenBSD: mld6_var.h,v 1.6 2008/04/18 06:42:20 djm Exp $	*/
 /*	$KAME: mld6_var.h,v 1.4 2000/03/25 07:23:54 sumikawa Exp $	*/
 
 /*
@@ -35,7 +35,7 @@
 
 #ifdef _KERNEL
 
-#define MLD_RANDOM_DELAY(X)	(arc4random() % (X) + 1)
+#define MLD_RANDOM_DELAY(X)	(arc4random_uniform(X) + 1)
 
 /*
  * States for MLD stop-listening processing
diff --git a/sys/netinet6/nd6_nbr.c b/sys/netinet6/nd6_nbr.c
index e9f5082d2b2..d2e8967df92 100644
--- a/sys/netinet6/nd6_nbr.c
+++ b/sys/netinet6/nd6_nbr.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: nd6_nbr.c,v 1.48 2008/03/04 11:19:35 markus Exp $	*/
+/*	$OpenBSD: nd6_nbr.c,v 1.49 2008/04/18 06:42:20 djm Exp $	*/
 /*	$KAME: nd6_nbr.c,v 1.61 2001/02/10 16:06:14 jinmei Exp $	*/
 
 /*
@@ -1138,9 +1138,10 @@ nd6_dad_start(ifa, tick)
 		int ntick;
 
 		if (*tick == 0)
-			ntick = arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz);
+			ntick = arc4random_uniform(MAX_RTR_SOLICITATION_DELAY *
+			    hz);
 		else
-			ntick = *tick + arc4random() % (hz / 2);
+			ntick = *tick + arc4random_uniform(hz / 2);
 		*tick = ntick;
 		nd6_dad_starttimer(dp, ntick);
 	}
diff --git a/sys/nfs/nfs_subs.c b/sys/nfs/nfs_subs.c
index 273b1bdc3c2..d420b98b291 100644
--- a/sys/nfs/nfs_subs.c
+++ b/sys/nfs/nfs_subs.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: nfs_subs.c,v 1.71 2008/04/16 20:02:46 damien Exp $	*/
+/*	$OpenBSD: nfs_subs.c,v 1.72 2008/04/18 06:42:20 djm Exp $	*/
 /*	$NetBSD: nfs_subs.c,v 1.27.4.3 1996/07/08 20:34:24 jtc Exp $	*/
 
 /*
@@ -603,7 +603,7 @@ nfsm_rpchead(struct nfsreq *req, struct ucred *cr, int auth_type,
 
 	/* Get a new (non-zero) xid */
 	do {
-		while ((xid = arc4random() % 256) == 0)
+		while ((xid = arc4random() & 0xff) == 0)
 			;
 		nfs_xid += xid;
 	} while (nfs_xid == 0);