Delete futile calls to RAND_seed. ok djm

diff --git a/usr.bin/ssh/ssh-keysign.c b/usr.bin/ssh/ssh-keysign.c
index 9bba741..96de058 100644 (file)
--- a/usr.bin/ssh/ssh-keysign.c
+++ b/usr.bin/ssh/ssh-keysign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keysign.c,v 1.40 2014/04/01 02:05:27 djm Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.41 2014/04/19 14:53:48 tedu Exp $ */
 /*
  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
  *
@@ -26,7 +26,6 @@
 #include <sys/types.h>
 
 #include <openssl/evp.h>
-#include <openssl/rand.h>
 #include <openssl/rsa.h>
 
 #include <fcntl.h>
@@ -152,7 +151,6 @@ main(int argc, char **argv)
        u_char *signature, *data;
        char *host, *fp;
        u_int slen, dlen;
-       u_int32_t rnd[256];
 
        /* Ensure that stdin and stdout are connected */
        if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2)
@@ -194,8 +192,6 @@ main(int argc, char **argv)
                fatal("could not open any host key");
 
        OpenSSL_add_all_algorithms();
-       arc4random_buf(rnd, sizeof(rnd));
-       RAND_seed(rnd, sizeof(rnd));
 
        found = 0;
        for (i = 0; i < NUM_KEYTYPES; i++) {

diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index cf013ee..0e1c1d3 100644 (file)
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.424 2014/04/18 23:52:25 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.425 2014/04/19 14:53:48 tedu Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -64,7 +64,6 @@
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
-#include <openssl/rand.h>
 
 #include "xmalloc.h"
 #include "ssh.h"
@@ -584,7 +583,6 @@ demote_sensitive_data(void)
 static void
 privsep_preauth_child(void)
 {
-       u_int32_t rnd[256];
        gid_t gidset[1];
        struct passwd *pw;
 
@@ -597,10 +595,6 @@ privsep_preauth_child(void)
                ssh_gssapi_prepare_supported_oids();
 #endif
 
-       arc4random_buf(rnd, sizeof(rnd));
-       RAND_seed(rnd, sizeof(rnd));
-       explicit_bzero(rnd, sizeof(rnd));
-
        /* Demote the private keys to public keys. */
        demote_sensitive_data();
 
@@ -702,7 +696,6 @@ privsep_preauth(Authctxt *authctxt)
 static void
 privsep_postauth(Authctxt *authctxt)
 {
-       u_int32_t rnd[256];
 
        if (authctxt->pw->pw_uid == 0 || options.use_login) {
                /* File descriptor passing is broken or root login */
@@ -733,10 +726,6 @@ privsep_postauth(Authctxt *authctxt)
        /* Demote the private keys to public keys. */
        demote_sensitive_data();
 
-       arc4random_buf(rnd, sizeof(rnd));
-       RAND_seed(rnd, sizeof(rnd));
-       explicit_bzero(rnd, sizeof(rnd));
-
        /* Drop privileges */
        do_setusercontext(authctxt->pw);
 
@@ -1117,7 +1106,6 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
        struct sockaddr_storage from;
        socklen_t fromlen;
        pid_t pid;
-       u_char rnd[256];
 
        /* setup fd set for accept */
        fdset = NULL;
@@ -1309,14 +1297,6 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
                        }
 
                        close(*newsock);
-
-                       /*
-                        * Ensure that our random state differs
-                        * from that of the child
-                        */
-                       arc4random_buf(rnd, sizeof(rnd));
-                       RAND_seed(rnd, sizeof(rnd));
-                       explicit_bzero(rnd, sizeof(rnd));
                }
 
                /* child process check (or debug mode) */