- (djm) [ssh-keygen.c ssh-keysign.c sshconnect1.c sshd.c] Remove
unnecessary arc4random_stir() calls. The only ones left are to ensure
that the PRNG gets a different state after fork() for platforms that
have broken the API.
diff --git a/ChangeLog b/ChangeLog
index e396e47..d320659 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+20131025
+ - (djm) [ssh-keygen.c ssh-keysign.c sshconnect1.c sshd.c] Remove
+ unnecessary arc4random_stir() calls. The only ones left are to ensure
+ that the PRNG gets a different state after fork() for platforms that
+ have broken the API.
+
20131024
- (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check
rather than full client name which may be of form user@REALM;
diff --git a/ssh-keygen.c b/ssh-keygen.c
index b664a5f..678dafe 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -910,7 +910,6 @@
}
printf("%s ", key_types[i].key_type_display);
fflush(stdout);
- arc4random_stir();
type = key_type_from_name(key_types[i].key_type);
strlcpy(identity_file, key_types[i].path, sizeof(identity_file));
bits = 0;
@@ -932,7 +931,6 @@
continue;
}
key_free(private);
- arc4random_stir();
strlcat(identity_file, ".pub", sizeof(identity_file));
fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
if (fd == -1) {
@@ -2543,8 +2541,6 @@
return (0);
}
- arc4random_stir();
-
if (key_type_name == NULL)
key_type_name = "rsa";
@@ -2638,7 +2634,6 @@
/* Clear the private key and the random number generator. */
key_free(private);
- arc4random_stir();
if (!quiet)
printf("Your identification has been saved in %s.\n", identity_file);
diff --git a/ssh-keysign.c b/ssh-keysign.c
index b67ed1e..518373b 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -179,7 +179,6 @@
permanently_set_uid(pw);
seed_rng();
- arc4random_stir();
#ifdef DEBUG_SSH_KEYSIGN
log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0);
diff --git a/sshconnect1.c b/sshconnect1.c
index f4b8907..7bd6cb0 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -542,9 +542,6 @@
derive_ssh1_session_id(host_key->rsa->n, server_key->rsa->n, cookie, session_id);
- /* Generate a session key. */
- arc4random_stir();
-
/*
* Generate an encryption key for the session. The key is a 256 bit
* random number, interpreted as a 32-byte key, with the least
diff --git a/sshd.c b/sshd.c
index c9ead2e..d4349f6 100644
--- a/sshd.c
+++ b/sshd.c
@@ -398,7 +398,6 @@
verbose("RSA key generation complete.");
arc4random_buf(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
- arc4random_stir();
}
/*ARGSUSED*/
@@ -1867,9 +1866,6 @@
/* Reinitialize the log (because of the fork above). */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
- /* Initialize the random number generator. */
- arc4random_stir();
-
/* Chdir to the root directory so that the current disk can be
unmounted if desired. */
if (chdir("/") == -1)