From 0ceae45e5de5b80105a62918bacf6cd88694bee4 Mon Sep 17 00:00:00 2001
From: tedu <tedu@openbsd.org>
Date: Sat, 19 Apr 2014 14:53:48 +0000
Subject: [PATCH] Delete futile calls to RAND_seed. ok djm

---
 usr.bin/ssh/ssh-keysign.c |  6 +-----
 usr.bin/ssh/sshd.c        | 22 +---------------------
 2 files changed, 2 insertions(+), 26 deletions(-)

diff --git a/usr.bin/ssh/ssh-keysign.c b/usr.bin/ssh/ssh-keysign.c
index 9bba7410f7b..96de058f85e 100644
--- a/usr.bin/ssh/ssh-keysign.c
+++ b/usr.bin/ssh/ssh-keysign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keysign.c,v 1.40 2014/04/01 02:05:27 djm Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.41 2014/04/19 14:53:48 tedu Exp $ */
 /*
  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
  *
@@ -26,7 +26,6 @@
 #include <sys/types.h>
 
 #include <openssl/evp.h>
-#include <openssl/rand.h>
 #include <openssl/rsa.h>
 
 #include <fcntl.h>
@@ -152,7 +151,6 @@ main(int argc, char **argv)
 	u_char *signature, *data;
 	char *host, *fp;
 	u_int slen, dlen;
-	u_int32_t rnd[256];
 
 	/* Ensure that stdin and stdout are connected */
 	if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2)
@@ -194,8 +192,6 @@ main(int argc, char **argv)
 		fatal("could not open any host key");
 
 	OpenSSL_add_all_algorithms();
-	arc4random_buf(rnd, sizeof(rnd));
-	RAND_seed(rnd, sizeof(rnd));
 
 	found = 0;
 	for (i = 0; i < NUM_KEYTYPES; i++) {
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index cf013ee5af7..0e1c1d37bab 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.424 2014/04/18 23:52:25 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.425 2014/04/19 14:53:48 tedu Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -64,7 +64,6 @@
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
-#include <openssl/rand.h>
 
 #include "xmalloc.h"
 #include "ssh.h"
@@ -584,7 +583,6 @@ demote_sensitive_data(void)
 static void
 privsep_preauth_child(void)
 {
-	u_int32_t rnd[256];
 	gid_t gidset[1];
 	struct passwd *pw;
 
@@ -597,10 +595,6 @@ privsep_preauth_child(void)
 		ssh_gssapi_prepare_supported_oids();
 #endif
 
-	arc4random_buf(rnd, sizeof(rnd));
-	RAND_seed(rnd, sizeof(rnd));
-	explicit_bzero(rnd, sizeof(rnd));
-
 	/* Demote the private keys to public keys. */
 	demote_sensitive_data();
 
@@ -702,7 +696,6 @@ privsep_preauth(Authctxt *authctxt)
 static void
 privsep_postauth(Authctxt *authctxt)
 {
-	u_int32_t rnd[256];
 
 	if (authctxt->pw->pw_uid == 0 || options.use_login) {
 		/* File descriptor passing is broken or root login */
@@ -733,10 +726,6 @@ privsep_postauth(Authctxt *authctxt)
 	/* Demote the private keys to public keys. */
 	demote_sensitive_data();
 
-	arc4random_buf(rnd, sizeof(rnd));
-	RAND_seed(rnd, sizeof(rnd));
-	explicit_bzero(rnd, sizeof(rnd));
-
 	/* Drop privileges */
 	do_setusercontext(authctxt->pw);
 
@@ -1117,7 +1106,6 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
 	struct sockaddr_storage from;
 	socklen_t fromlen;
 	pid_t pid;
-	u_char rnd[256];
 
 	/* setup fd set for accept */
 	fdset = NULL;
@@ -1309,14 +1297,6 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
 			}
 
 			close(*newsock);
-
-			/*
-			 * Ensure that our random state differs
-			 * from that of the child
-			 */
-			arc4random_buf(rnd, sizeof(rnd));
-			RAND_seed(rnd, sizeof(rnd));
-			explicit_bzero(rnd, sizeof(rnd));
 		}
 
 		/* child process check (or debug mode) */
-- 
2.20.1