diff --git a/channels.c b/channels.c index 241aa3cdc..5d8c2a0c0 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.352 2016/09/12 01:22:38 deraadt Exp $ */ +/* $OpenBSD: channels.c,v 1.353 2016/09/19 07:52:42 natano Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -4215,7 +4215,6 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, char *new_data; int screen_number; const char *cp; - u_int32_t rnd = 0; if (x11_saved_display == NULL) x11_saved_display = xstrdup(disp); @@ -4236,23 +4235,20 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, if (x11_saved_proto == NULL) { /* Save protocol name. */ x11_saved_proto = xstrdup(proto); - /* - * Extract real authentication data and generate fake data - * of the same length. - */ + + /* Extract real authentication data. */ x11_saved_data = xmalloc(data_len); - x11_fake_data = xmalloc(data_len); for (i = 0; i < data_len; i++) { if (sscanf(data + 2 * i, "%2x", &value) != 1) fatal("x11_request_forwarding: bad " "authentication data: %.100s", data); - if (i % 4 == 0) - rnd = arc4random(); x11_saved_data[i] = value; - x11_fake_data[i] = rnd & 0xff; - rnd >>= 8; } x11_saved_data_len = data_len; + + /* Generate fake data of the same length. */ + x11_fake_data = xmalloc(data_len); + arc4random_buf(x11_fake_data, data_len); x11_fake_data_len = data_len; } diff --git a/sshconnect1.c b/sshconnect1.c index bfc523bde..a04536184 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect1.c,v 1.78 2015/11/15 22:26:49 jcs Exp $ */ +/* $OpenBSD: sshconnect1.c,v 1.79 2016/09/19 07:52:42 natano Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -509,7 +509,6 @@ ssh_kex(char *host, struct sockaddr *hostaddr) u_char cookie[8]; u_int supported_ciphers; u_int server_flags, client_flags; - u_int32_t rnd = 0; debug("Waiting for server public key."); @@ -568,12 +567,7 @@ ssh_kex(char *host, struct sockaddr *hostaddr) * random number, interpreted as a 32-byte key, with the least * significant 8 bits being the first byte of the key. */ - for (i = 0; i < 32; i++) { - if (i % 4 == 0) - rnd = arc4random(); - session_key[i] = rnd & 0xff; - rnd >>= 8; - } + arc4random_buf(session_key, sizeof(session_key)); /* * According to the protocol spec, the first byte of the session key