The KAME IPSEC implementation at one point used its own pseudo-random

number generator, which was re-seeded via a timeout.  Now centralized
randomness/entropy is used, we can garbage collect the timeout and
re-seeding code (which was largely a no-op).

Discussed with:	itojun, suz, JINMEI Tatuya < jinmei at isl dot rdc dot toshiba dot co dot jp >

1 files changed, 0 insertions, 22 deletions

diff --git a/sys/netkey/key.c b/sys/netkey/key.c
index 58eafc2..c60772d 100644
--- a/sys/netkey/key.c
+++ b/sys/netkey/key.c
@@ -131,14 +131,12 @@ u_int32_t key_debug_level = 0;
 static u_int key_spi_trycnt = 1000;
 static u_int32_t key_spi_minval = 0x100;
 static u_int32_t key_spi_maxval = 0x0fffffff;	/* XXX */
-static u_int key_int_random = 60;	/*interval to initialize randseed,1(m)*/
 static u_int key_larval_lifetime = 30;	/* interval to expire acquiring, 30(s)*/
 static int key_blockacq_count = 10;	/* counter for blocking SADB_ACQUIRE.*/
 static int key_blockacq_lifetime = 20;	/* lifetime for blocking SADB_ACQUIRE.*/
 static int key_preferred_oldsa = 1;	/* preferred old sa rather than new sa.*/
 
 static u_int32_t acq_seq = 0;
-static int key_tick_init_random = 0;
 
 struct _satailq satailq;		/* list of all SAD entry */
 struct _sptailq sptailq;		/* SPD table + pcb */
@@ -242,10 +240,6 @@ SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE,	spi_minval,	CTLFLAG_RW, \
 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE,	spi_maxval,	CTLFLAG_RW, \
 	&key_spi_maxval,	0,	"");
 
-/* interval to initialize randseed */
-SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT,	int_random,	CTLFLAG_RW, \
-	&key_int_random,	0,	"");
-
 /* lifetime for larval SA */
 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME,	larval_lifetime, CTLFLAG_RW, \
 	&key_larval_lifetime,	0,	"");
@@ -435,7 +429,6 @@ static int key_cmpsaidx(struct secasindex *, struct secasindex *, int);
 
 static int key_sockaddrcmp(struct sockaddr *, struct sockaddr *, int);
 static int key_bbcmp(caddr_t, caddr_t, u_int);
-static void key_srandom(void);
 static u_long key_random(void);
 static u_int16_t key_satype2proto(u_int8_t);
 static u_int8_t key_proto2satype(u_int16_t);
@@ -4534,12 +4527,6 @@ key_timehandler(arg)
 	}
     }
 
-	/* initialize random seed */
-	if (key_tick_init_random++ > key_int_random) {
-		key_tick_init_random = 0;
-		key_srandom();
-	}
-
 	/*
 	 * should set timeout based on the most closest timer expiration.
 	 * we don't bother to do that yet.
@@ -4550,15 +4537,6 @@ key_timehandler(arg)
 	return;
 }
 
-/*
- * to initialize a seed for random()
- */
-static void
-key_srandom()
-{
-	return;
-}
-
 static u_long
 key_random()
 {