From 1036356324fecc13099ac6e986b549f6219327d7 Mon Sep 17 00:00:00 2001
From: "tedu@openbsd.org" <tedu@openbsd.org>
Date: Sat, 17 Sep 2016 18:00:27 +0000
Subject: [PATCH] upstream commit

replace two arc4random loops with arc4random_buf ok
deraadt natano

Upstream-ID: e18ede972d1737df54b49f011fa4f3917a403f48
---
 clientloop.c | 15 +++++++--------
 hostfile.c   |  7 +++----
 2 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/clientloop.c b/clientloop.c
index 47098f3af..58e712241 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.287 2016/09/12 01:22:38 deraadt Exp $ */
+/* $OpenBSD: clientloop.c,v 1.288 2016/09/17 18:00:27 tedu Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -311,7 +311,7 @@ client_x11_get_proto(const char *display, const char *xauth_path,
 	char xauthfile[PATH_MAX], xauthdir[PATH_MAX];
 	static char proto[512], data[512];
 	FILE *f;
-	int got_data = 0, generated = 0, do_unlink = 0, i, r;
+	int got_data = 0, generated = 0, do_unlink = 0, r;
 	struct stat st;
 	u_int now, x11_timeout_real;
 
@@ -438,17 +438,16 @@ client_x11_get_proto(const char *display, const char *xauth_path,
 	 * for the local connection.
 	 */
 	if (!got_data) {
-		u_int32_t rnd = 0;
+		u_int8_t rnd[16];
+		u_int i;
 
 		logit("Warning: No xauth data; "
 		    "using fake authentication data for X11 forwarding.");
 		strlcpy(proto, SSH_X11_PROTO, sizeof proto);
-		for (i = 0; i < 16; i++) {
-			if (i % 4 == 0)
-				rnd = arc4random();
+		arc4random_buf(rnd, sizeof(rnd));
+		for (i = 0; i < sizeof(rnd); i++) {
 			snprintf(data + 2 * i, sizeof data - 2 * i, "%02x",
-			    rnd & 0xff);
-			rnd >>= 8;
+			    rnd[i]);
 		}
 	}
 
diff --git a/hostfile.c b/hostfile.c
index 2850a4793..4548fbab3 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hostfile.c,v 1.66 2015/05/04 06:10:48 djm Exp $ */
+/* $OpenBSD: hostfile.c,v 1.67 2016/09/17 18:00:27 tedu Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -123,14 +123,13 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len)
 	u_char salt[256], result[256];
 	char uu_salt[512], uu_result[512];
 	static char encoded[1024];
-	u_int i, len;
+	u_int len;
 
 	len = ssh_digest_bytes(SSH_DIGEST_SHA1);
 
 	if (name_from_hostfile == NULL) {
 		/* Create new salt */
-		for (i = 0; i < len; i++)
-			salt[i] = arc4random();
+		arc4random_buf(salt, len);
 	} else {
 		/* Extract salt from known host entry */
 		if (extract_salt(name_from_hostfile, src_len, salt,