So the OpenSSL codebase does "get the time, add it as a random seed"

in a bunch of places inside the TLS engine, to try to keep entropy high.
I wonder if their moto is "If you can't solve a problem, at least try
to do it badly".
ok miod

7 files changed, 1 insertions, 15 deletions

diff --git a/lib/libcrypto/bn/bn_rand.c b/lib/libcrypto/bn/bn_rand.c
index b376c28ff3f..5cbb1f33c1e 100644
--- a/lib/libcrypto/bn/bn_rand.c
+++ b/lib/libcrypto/bn/bn_rand.c
@@ -119,7 +119,6 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 	{
 	unsigned char *buf=NULL;
 	int ret=0,bit,bytes,mask;
-	time_t tim;
 
 	if (bits == 0)
 		{
@@ -139,8 +138,6 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 		}
 
 	/* make a random number and set the top and bottom bits */
-	time(&tim);
-	RAND_add(&tim,sizeof(tim),0.0);
 
 	if (pseudorand)
 		{
diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c
index 15c4bca58c5..4c6aac7536c 100644
--- a/lib/libssl/d1_clnt.c
+++ b/lib/libssl/d1_clnt.c
@@ -147,7 +147,6 @@ int
 dtls1_connect(SSL *s)
 {
 	BUF_MEM *buf = NULL;
-	unsigned long Time = (unsigned long)time(NULL);
 	void (*cb)(const SSL *ssl, int type, int val) = NULL;
 	int ret = -1;
 	int new_state, state, skip = 0;
@@ -156,7 +155,6 @@ dtls1_connect(SSL *s)
 	char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
 #endif
 
-	RAND_add(&Time, sizeof(Time), 0);
 	ERR_clear_error();
 	errno = 0;
 
diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c
index 95dffe94841..164fcfbf1ff 100644
--- a/lib/libssl/d1_srvr.c
+++ b/lib/libssl/d1_srvr.c
@@ -145,7 +145,6 @@ int
 dtls1_accept(SSL *s)
 {
 	BUF_MEM *buf;
-	unsigned long Time = (unsigned long)time(NULL);
 	void (*cb)(const SSL *ssl, int type, int val) = NULL;
 	unsigned long alg_k;
 	int ret = -1;
@@ -156,7 +155,6 @@ dtls1_accept(SSL *s)
 	char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
 #endif
 
-	RAND_add(&Time, sizeof(Time), 0);
 	ERR_clear_error();
 	errno = 0;
 
diff --git a/lib/libssl/s23_clnt.c b/lib/libssl/s23_clnt.c
index 0fd388a05a5..8ed79c3d557 100644
--- a/lib/libssl/s23_clnt.c
+++ b/lib/libssl/s23_clnt.c
@@ -145,12 +145,10 @@ int
 ssl23_connect(SSL *s)
 {
 	BUF_MEM *buf = NULL;
-	unsigned long Time = (unsigned long)time(NULL);
 	void (*cb)(const SSL *ssl, int type, int val) = NULL;
 	int ret = -1;
 	int new_state, state;
 
-	RAND_add(&Time, sizeof(Time), 0);
 	ERR_clear_error();
 	errno = 0;
 
diff --git a/lib/libssl/s23_srvr.c b/lib/libssl/s23_srvr.c
index 35db7b49924..2aad21e93ca 100644
--- a/lib/libssl/s23_srvr.c
+++ b/lib/libssl/s23_srvr.c
@@ -147,12 +147,10 @@ int
 ssl23_accept(SSL *s)
 {
 	BUF_MEM *buf;
-	unsigned long Time = (unsigned long)time(NULL);
 	void (*cb)(const SSL *ssl, int type, int val) = NULL;
 	int ret = -1;
 	int new_state, state;
 
-	RAND_add(&Time, sizeof(Time), 0);
 	ERR_clear_error();
 	errno = 0;
 
diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c
index b9ca6b6f9b0..4ad8d3943ef 100644
--- a/lib/libssl/s3_clnt.c
+++ b/lib/libssl/s3_clnt.c
@@ -186,12 +186,10 @@ int
 ssl3_connect(SSL *s)
 {
 	BUF_MEM *buf = NULL;
-	unsigned long Time = (unsigned long)time(NULL);
 	void (*cb)(const SSL *ssl, int type, int val) = NULL;
 	int ret = -1;
 	int new_state, state, skip = 0;
 
-	RAND_add(&Time, sizeof(Time), 0);
 	ERR_clear_error();
 	errno = 0;
 
diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index eeadb160d17..14066031caa 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c
@@ -210,12 +210,11 @@ int
 ssl3_accept(SSL *s)
 {
 	BUF_MEM *buf;
-	unsigned long alg_k, Time = (unsigned long)time(NULL);
+	unsigned long alg_k;
 	void (*cb)(const SSL *ssl, int type, int val) = NULL;
 	int ret = -1;
 	int new_state, state, skip = 0;
 
-	RAND_add(&Time, sizeof(Time), 0);
 	ERR_clear_error();
 	errno = 0;