So the OpenSSL codebase does "get the time, add it as a random seed"

in a bunch of places inside the TLS engine, to try to keep entropy high.
I wonder if their moto is "If you can't solve a problem, at least try
to do it badly".
ok miod

16 files changed, 2 insertions, 34 deletions

diff --git a/src/lib/libcrypto/bn/bn_rand.c b/src/lib/libcrypto/bn/bn_rand.c
index b376c28ff3..5cbb1f33c1 100644
--- a/src/lib/libcrypto/bn/bn_rand.c
+++ b/src/lib/libcrypto/bn/bn_rand.c
@@ -119,7 +119,6 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
         {
         unsigned char *buf=NULL;
         int ret=0,bit,bytes,mask;
-        time_t tim;
 
         if (bits == 0)
                 {
@@ -139,8 +138,6 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
                 }
 
         /* make a random number and set the top and bottom bits */
-        time(&tim);
-        RAND_add(&tim,sizeof(tim),0.0);
 
         if (pseudorand)
                 {
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 15c4bca58c..4c6aac7536 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -147,7 +147,6 @@ int
 dtls1_connect(SSL *s)
 {
         BUF_MEM *buf = NULL;
-        unsigned long Time = (unsigned long)time(NULL);
         void (*cb)(const SSL *ssl, int type, int val) = NULL;
         int ret = -1;
         int new_state, state, skip = 0;
@@ -156,7 +155,6 @@ dtls1_connect(SSL *s)
         char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
 #endif
 
-        RAND_add(&Time, sizeof(Time), 0);
         ERR_clear_error();
         errno = 0;
 
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 95dffe9484..164fcfbf1f 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -145,7 +145,6 @@ int
 dtls1_accept(SSL *s)
 {
         BUF_MEM *buf;
-        unsigned long Time = (unsigned long)time(NULL);
         void (*cb)(const SSL *ssl, int type, int val) = NULL;
         unsigned long alg_k;
         int ret = -1;
@@ -156,7 +155,6 @@ dtls1_accept(SSL *s)
         char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
 #endif
 
-        RAND_add(&Time, sizeof(Time), 0);
         ERR_clear_error();
         errno = 0;
 
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index 0fd388a05a..8ed79c3d55 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -145,12 +145,10 @@ int
 ssl23_connect(SSL *s)
 {
         BUF_MEM *buf = NULL;
-        unsigned long Time = (unsigned long)time(NULL);
         void (*cb)(const SSL *ssl, int type, int val) = NULL;
         int ret = -1;
         int new_state, state;
 
-        RAND_add(&Time, sizeof(Time), 0);
         ERR_clear_error();
         errno = 0;
 
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index 35db7b4992..2aad21e93c 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -147,12 +147,10 @@ int
 ssl23_accept(SSL *s)
 {
         BUF_MEM *buf;
-        unsigned long Time = (unsigned long)time(NULL);
         void (*cb)(const SSL *ssl, int type, int val) = NULL;
         int ret = -1;
         int new_state, state;
 
-        RAND_add(&Time, sizeof(Time), 0);
         ERR_clear_error();
         errno = 0;
 
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index b9ca6b6f9b..4ad8d3943e 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -186,12 +186,10 @@ int
 ssl3_connect(SSL *s)
 {
         BUF_MEM *buf = NULL;
-        unsigned long Time = (unsigned long)time(NULL);
         void (*cb)(const SSL *ssl, int type, int val) = NULL;
         int ret = -1;
         int new_state, state, skip = 0;
 
-        RAND_add(&Time, sizeof(Time), 0);
         ERR_clear_error();
         errno = 0;
 
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index eeadb160d1..14066031ca 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -210,12 +210,11 @@ int
 ssl3_accept(SSL *s)
 {
         BUF_MEM *buf;
-        unsigned long alg_k, Time = (unsigned long)time(NULL);
+        unsigned long alg_k;
         void (*cb)(const SSL *ssl, int type, int val) = NULL;
         int ret = -1;
         int new_state, state, skip = 0;
 
-        RAND_add(&Time, sizeof(Time), 0);
         ERR_clear_error();
         errno = 0;
 
diff --git a/src/lib/libssl/src/crypto/bn/bn_rand.c b/src/lib/libssl/src/crypto/bn/bn_rand.c
index b376c28ff3..5cbb1f33c1 100644
--- a/src/lib/libssl/src/crypto/bn/bn_rand.c
+++ b/src/lib/libssl/src/crypto/bn/bn_rand.c
@@ -119,7 +119,6 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
         {
         unsigned char *buf=NULL;
         int ret=0,bit,bytes,mask;
-        time_t tim;
 
         if (bits == 0)
                 {
@@ -139,8 +138,6 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
                 }
 
         /* make a random number and set the top and bottom bits */
-        time(&tim);
-        RAND_add(&tim,sizeof(tim),0.0);
 
         if (pseudorand)
                 {
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index 15c4bca58c..4c6aac7536 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -147,7 +147,6 @@ int
 dtls1_connect(SSL *s)
 {
         BUF_MEM *buf = NULL;
-        unsigned long Time = (unsigned long)time(NULL);
         void (*cb)(const SSL *ssl, int type, int val) = NULL;
         int ret = -1;
         int new_state, state, skip = 0;
@@ -156,7 +155,6 @@ dtls1_connect(SSL *s)
         char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
 #endif
 
-        RAND_add(&Time, sizeof(Time), 0);
         ERR_clear_error();
         errno = 0;
 
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index 95dffe9484..164fcfbf1f 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -145,7 +145,6 @@ int
 dtls1_accept(SSL *s)
 {
         BUF_MEM *buf;
-        unsigned long Time = (unsigned long)time(NULL);
         void (*cb)(const SSL *ssl, int type, int val) = NULL;
         unsigned long alg_k;
         int ret = -1;
@@ -156,7 +155,6 @@ dtls1_accept(SSL *s)
         char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
 #endif
 
-        RAND_add(&Time, sizeof(Time), 0);
         ERR_clear_error();
         errno = 0;
 
diff --git a/src/lib/libssl/src/ssl/s23_clnt.c b/src/lib/libssl/src/ssl/s23_clnt.c
index 0fd388a05a..8ed79c3d55 100644
--- a/src/lib/libssl/src/ssl/s23_clnt.c
+++ b/src/lib/libssl/src/ssl/s23_clnt.c
@@ -145,12 +145,10 @@ int
 ssl23_connect(SSL *s)
 {
         BUF_MEM *buf = NULL;
-        unsigned long Time = (unsigned long)time(NULL);
         void (*cb)(const SSL *ssl, int type, int val) = NULL;
         int ret = -1;
         int new_state, state;
 
-        RAND_add(&Time, sizeof(Time), 0);
         ERR_clear_error();
         errno = 0;
 
diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c
index 35db7b4992..2aad21e93c 100644
--- a/src/lib/libssl/src/ssl/s23_srvr.c
+++ b/src/lib/libssl/src/ssl/s23_srvr.c
@@ -147,12 +147,10 @@ int
 ssl23_accept(SSL *s)
 {
         BUF_MEM *buf;
-        unsigned long Time = (unsigned long)time(NULL);
         void (*cb)(const SSL *ssl, int type, int val) = NULL;
         int ret = -1;
         int new_state, state;
 
-        RAND_add(&Time, sizeof(Time), 0);
         ERR_clear_error();
         errno = 0;
 
diff --git a/src/lib/libssl/src/ssl/s2_clnt.c b/src/lib/libssl/src/ssl/s2_clnt.c
index a1cfab6f2d..6c48c25064 100644
--- a/src/lib/libssl/src/ssl/s2_clnt.c
+++ b/src/lib/libssl/src/ssl/s2_clnt.c
@@ -146,13 +146,11 @@ IMPLEMENT_ssl2_meth_func(SSLv2_client_method,
 int
 ssl2_connect(SSL *s)
 {
-        unsigned long l = (unsigned long)time(NULL);
         BUF_MEM *buf = NULL;
         int ret = -1;
         void (*cb)(const SSL *ssl, int type, int val) = NULL;
         int new_state, state;
 
-        RAND_add(&l, sizeof(l), 0);
         ERR_clear_error();
         errno = 0;
 
diff --git a/src/lib/libssl/src/ssl/s2_srvr.c b/src/lib/libssl/src/ssl/s2_srvr.c
index aa63fe85ba..8023243e9a 100644
--- a/src/lib/libssl/src/ssl/s2_srvr.c
+++ b/src/lib/libssl/src/ssl/s2_srvr.c
@@ -146,14 +146,12 @@ IMPLEMENT_ssl2_meth_func(SSLv2_server_method,
 int
 ssl2_accept(SSL *s)
 {
-        unsigned long l = (unsigned long)time(NULL);
         BUF_MEM *buf = NULL;
         int ret = -1;
         long num1;
         void (*cb)(const SSL *ssl, int type, int val) = NULL;
         int new_state, state;
 
-        RAND_add(&l, sizeof(l), 0);
         ERR_clear_error();
         errno = 0;
 
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index b9ca6b6f9b..4ad8d3943e 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -186,12 +186,10 @@ int
 ssl3_connect(SSL *s)
 {
         BUF_MEM *buf = NULL;
-        unsigned long Time = (unsigned long)time(NULL);
         void (*cb)(const SSL *ssl, int type, int val) = NULL;
         int ret = -1;
         int new_state, state, skip = 0;
 
-        RAND_add(&Time, sizeof(Time), 0);
         ERR_clear_error();
         errno = 0;
 
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index eeadb160d1..14066031ca 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -210,12 +210,11 @@ int
 ssl3_accept(SSL *s)
 {
         BUF_MEM *buf;
-        unsigned long alg_k, Time = (unsigned long)time(NULL);
+        unsigned long alg_k;
         void (*cb)(const SSL *ssl, int type, int val) = NULL;
         int ret = -1;
         int new_state, state, skip = 0;
 
-        RAND_add(&Time, sizeof(Time), 0);
         ERR_clear_error();
         errno = 0;