summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2013-09-02 22:00:35 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2013-09-02 22:00:35 +0000
commitf05818a87147c8f103347d58b0f800c12015a33e (patch)
treeee23f23af57df85644b1b72890abb269a3d42b0c
parent2224537b02ff2b8c0e8e2c162297e400018497f2 (diff)
All the instances of arc4random_stir() are bogus, since arc4random()
does this itself, inside itself, and has for a very long time.. Actually, this was probably reducing the entropy available. ok djm
-rw-r--r--usr.bin/ssh/ssh-keygen.c7
-rw-r--r--usr.bin/ssh/sshconnect1.c5
-rw-r--r--usr.bin/ssh/sshd.c9
3 files changed, 3 insertions, 18 deletions
diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c
index 8074ef5be39..e48522b1c0e 100644
--- a/usr.bin/ssh/ssh-keygen.c
+++ b/usr.bin/ssh/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.233 2013/08/28 12:34:27 mikeb Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.234 2013/09/02 22:00:34 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -895,7 +895,6 @@ do_gen_all_hostkeys(struct passwd *pw)
}
printf("%s ", key_types[i].key_type_display);
fflush(stdout);
- arc4random_stir();
type = key_type_from_name(key_types[i].key_type);
strlcpy(identity_file, key_types[i].path, sizeof(identity_file));
bits = 0;
@@ -917,7 +916,6 @@ do_gen_all_hostkeys(struct passwd *pw)
continue;
}
key_free(private);
- arc4random_stir();
strlcat(identity_file, ".pub", sizeof(identity_file));
fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
if (fd == -1) {
@@ -2524,8 +2522,6 @@ main(int argc, char **argv)
return (0);
}
- arc4random_stir();
-
if (key_type_name == NULL)
key_type_name = "rsa";
@@ -2619,7 +2615,6 @@ passphrase_again:
/* Clear the private key and the random number generator. */
key_free(private);
- arc4random_stir();
if (!quiet)
printf("Your identification has been saved in %s.\n", identity_file);
diff --git a/usr.bin/ssh/sshconnect1.c b/usr.bin/ssh/sshconnect1.c
index 4f8bbcabe3c..714ed54838a 100644
--- a/usr.bin/ssh/sshconnect1.c
+++ b/usr.bin/ssh/sshconnect1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect1.c,v 1.71 2013/05/17 00:13:14 djm Exp $ */
+/* $OpenBSD: sshconnect1.c,v 1.72 2013/09/02 22:00:34 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -539,9 +539,6 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
derive_ssh1_session_id(host_key->rsa->n, server_key->rsa->n, cookie, session_id);
- /* Generate a session key. */
- arc4random_stir();
-
/*
* Generate an encryption key for the session. The key is a 256 bit
* random number, interpreted as a 32-byte key, with the least
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index c1155614046..fabeb7d9493 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.405 2013/08/22 19:02:21 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.406 2013/09/02 22:00:34 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -377,7 +377,6 @@ generate_ephemeral_server_key(void)
verbose("RSA key generation complete.");
arc4random_buf(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
- arc4random_stir();
}
/*ARGSUSED*/
@@ -591,7 +590,6 @@ privsep_preauth_child(void)
/* Enable challenge-response authentication for privilege separation */
privsep_challenge_enable();
- arc4random_stir();
arc4random_buf(rnd, sizeof(rnd));
RAND_seed(rnd, sizeof(rnd));
bzero(rnd, sizeof(rnd));
@@ -728,7 +726,6 @@ privsep_postauth(Authctxt *authctxt)
/* Demote the private keys to public keys. */
demote_sensitive_data();
- arc4random_stir();
arc4random_buf(rnd, sizeof(rnd));
RAND_seed(rnd, sizeof(rnd));
bzero(rnd, sizeof(rnd));
@@ -1307,7 +1304,6 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
* Ensure that our random state differs
* from that of the child
*/
- arc4random_stir();
arc4random_buf(rnd, sizeof(rnd));
RAND_seed(rnd, sizeof(rnd));
bzero(rnd, sizeof(rnd));
@@ -1767,9 +1763,6 @@ main(int ac, char **av)
/* Reinitialize the log (because of the fork above). */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
- /* Initialize the random number generator. */
- arc4random_stir();
-
/* Chdir to the root directory so that the current disk can be
unmounted if desired. */
if (chdir("/") == -1)