diff --git a/ChangeLog b/ChangeLog index e396e470e..d32065913 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20131025 + - (djm) [ssh-keygen.c ssh-keysign.c sshconnect1.c sshd.c] Remove + unnecessary arc4random_stir() calls. The only ones left are to ensure + that the PRNG gets a different state after fork() for platforms that + have broken the API. + 20131024 - (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check rather than full client name which may be of form user@REALM; diff --git a/ssh-keygen.c b/ssh-keygen.c index b664a5f1f..678dafe87 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -910,7 +910,6 @@ do_gen_all_hostkeys(struct passwd *pw) } printf("%s ", key_types[i].key_type_display); fflush(stdout); - arc4random_stir(); type = key_type_from_name(key_types[i].key_type); strlcpy(identity_file, key_types[i].path, sizeof(identity_file)); bits = 0; @@ -932,7 +931,6 @@ do_gen_all_hostkeys(struct passwd *pw) continue; } key_free(private); - arc4random_stir(); strlcat(identity_file, ".pub", sizeof(identity_file)); fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); if (fd == -1) { @@ -2543,8 +2541,6 @@ main(int argc, char **argv) return (0); } - arc4random_stir(); - if (key_type_name == NULL) key_type_name = "rsa"; @@ -2638,7 +2634,6 @@ passphrase_again: /* Clear the private key and the random number generator. */ key_free(private); - arc4random_stir(); if (!quiet) printf("Your identification has been saved in %s.\n", identity_file); diff --git a/ssh-keysign.c b/ssh-keysign.c index b67ed1ead..518373bf8 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -179,7 +179,6 @@ main(int argc, char **argv) permanently_set_uid(pw); seed_rng(); - arc4random_stir(); #ifdef DEBUG_SSH_KEYSIGN log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0); diff --git a/sshconnect1.c b/sshconnect1.c index f4b890773..7bd6cb018 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -542,9 +542,6 @@ ssh_kex(char *host, struct sockaddr *hostaddr) derive_ssh1_session_id(host_key->rsa->n, server_key->rsa->n, cookie, session_id); - /* Generate a session key. */ - arc4random_stir(); - /* * Generate an encryption key for the session. The key is a 256 bit * random number, interpreted as a 32-byte key, with the least diff --git a/sshd.c b/sshd.c index c9ead2e7f..d4349f618 100644 --- a/sshd.c +++ b/sshd.c @@ -398,7 +398,6 @@ generate_ephemeral_server_key(void) verbose("RSA key generation complete."); arc4random_buf(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); - arc4random_stir(); } /*ARGSUSED*/ @@ -1867,9 +1866,6 @@ main(int ac, char **av) /* Reinitialize the log (because of the fork above). */ log_init(__progname, options.log_level, options.log_facility, log_stderr); - /* Initialize the random number generator. */ - arc4random_stir(); - /* Chdir to the root directory so that the current disk can be unmounted if desired. */ if (chdir("/") == -1)