diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2013-09-02 22:00:35 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2013-09-02 22:00:35 +0000 |
| commit | f05818a87147c8f103347d58b0f800c12015a33e (patch) | |
| tree | ee23f23af57df85644b1b72890abb269a3d42b0c /usr.bin | |
| parent | 2224537b02ff2b8c0e8e2c162297e400018497f2 (diff) | |
All the instances of arc4random_stir() are bogus, since arc4random()
does this itself, inside itself, and has for a very long time.. Actually,
this was probably reducing the entropy available.
ok djm
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/ssh-keygen.c | 7 | ||||
| -rw-r--r-- | usr.bin/ssh/sshconnect1.c | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.c | 9 |
3 files changed, 3 insertions, 18 deletions
diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index 8074ef5be39..e48522b1c0e 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.233 2013/08/28 12:34:27 mikeb Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.234 2013/09/02 22:00:34 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -895,7 +895,6 @@ do_gen_all_hostkeys(struct passwd *pw) } printf("%s ", key_types[i].key_type_display); fflush(stdout); - arc4random_stir(); type = key_type_from_name(key_types[i].key_type); strlcpy(identity_file, key_types[i].path, sizeof(identity_file)); bits = 0; @@ -917,7 +916,6 @@ do_gen_all_hostkeys(struct passwd *pw) continue; } key_free(private); - arc4random_stir(); strlcat(identity_file, ".pub", sizeof(identity_file)); fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); if (fd == -1) { @@ -2524,8 +2522,6 @@ main(int argc, char **argv) return (0); } - arc4random_stir(); - if (key_type_name == NULL) key_type_name = "rsa"; @@ -2619,7 +2615,6 @@ passphrase_again: /* Clear the private key and the random number generator. */ key_free(private); - arc4random_stir(); if (!quiet) printf("Your identification has been saved in %s.\n", identity_file); diff --git a/usr.bin/ssh/sshconnect1.c b/usr.bin/ssh/sshconnect1.c index 4f8bbcabe3c..714ed54838a 100644 --- a/usr.bin/ssh/sshconnect1.c +++ b/usr.bin/ssh/sshconnect1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect1.c,v 1.71 2013/05/17 00:13:14 djm Exp $ */ +/* $OpenBSD: sshconnect1.c,v 1.72 2013/09/02 22:00:34 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -539,9 +539,6 @@ ssh_kex(char *host, struct sockaddr *hostaddr) derive_ssh1_session_id(host_key->rsa->n, server_key->rsa->n, cookie, session_id); - /* Generate a session key. */ - arc4random_stir(); - /* * Generate an encryption key for the session. The key is a 256 bit * random number, interpreted as a 32-byte key, with the least diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index c1155614046..fabeb7d9493 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.405 2013/08/22 19:02:21 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.406 2013/09/02 22:00:34 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -377,7 +377,6 @@ generate_ephemeral_server_key(void) verbose("RSA key generation complete."); arc4random_buf(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); - arc4random_stir(); } /*ARGSUSED*/ @@ -591,7 +590,6 @@ privsep_preauth_child(void) /* Enable challenge-response authentication for privilege separation */ privsep_challenge_enable(); - arc4random_stir(); arc4random_buf(rnd, sizeof(rnd)); RAND_seed(rnd, sizeof(rnd)); bzero(rnd, sizeof(rnd)); @@ -728,7 +726,6 @@ privsep_postauth(Authctxt *authctxt) /* Demote the private keys to public keys. */ demote_sensitive_data(); - arc4random_stir(); arc4random_buf(rnd, sizeof(rnd)); RAND_seed(rnd, sizeof(rnd)); bzero(rnd, sizeof(rnd)); @@ -1307,7 +1304,6 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) * Ensure that our random state differs * from that of the child */ - arc4random_stir(); arc4random_buf(rnd, sizeof(rnd)); RAND_seed(rnd, sizeof(rnd)); bzero(rnd, sizeof(rnd)); @@ -1767,9 +1763,6 @@ main(int ac, char **av) /* Reinitialize the log (because of the fork above). */ log_init(__progname, options.log_level, options.log_facility, log_stderr); - /* Initialize the random number generator. */ - arc4random_stir(); - /* Chdir to the root directory so that the current disk can be unmounted if desired. */ if (chdir("/") == -1) |