1 files changed, 10 insertions, 35 deletions

diff --git a/util/random.c b/util/random.c
index 8332960b4d0c3..bb564f2f99aad 100644
--- a/util/random.c
+++ b/util/random.c
@@ -79,15 +79,8 @@
 #define MAX_VALUE 0x7fffffff
 
 #if defined(HAVE_SSL)
-void
-ub_systemseed(unsigned int ATTR_UNUSED(seed))
-{
-	/* arc4random_uniform does not need seeds, it gets kernel entropy */
-}
-
 struct ub_randstate* 
-ub_initstate(unsigned int ATTR_UNUSED(seed),
-	struct ub_randstate* ATTR_UNUSED(from))
+ub_initstate(struct ub_randstate* ATTR_UNUSED(from))
 {
 	struct ub_randstate* s = (struct ub_randstate*)malloc(1);
 	if(!s) {
@@ -119,12 +112,7 @@ struct ub_randstate {
 	int ready;
 };
 
-void ub_systemseed(unsigned int ATTR_UNUSED(seed))
-{
-}
-
-struct ub_randstate* ub_initstate(unsigned int ATTR_UNUSED(seed), 
-	struct ub_randstate* ATTR_UNUSED(from))
+struct ub_randstate* ub_initstate(struct ub_randstate* ATTR_UNUSED(from))
 {
 	struct ub_randstate* s = (struct ub_randstate*)calloc(1, sizeof(*s));
 	if(!s) {
@@ -140,7 +128,9 @@ long int ub_random(struct ub_randstate* ATTR_UNUSED(state))
 	/* random 31 bit value. */
 	SECStatus s = PK11_GenerateRandom((unsigned char*)&x, (int)sizeof(x));
 	if(s != SECSuccess) {
-		log_err("PK11_GenerateRandom error: %s",
+		/* unbound needs secure randomness for randomized
+		 * ID bits and port numbers in packets to upstream servers */
+		fatal_exit("PK11_GenerateRandom error: %s",
 			PORT_ErrorToString(PORT_GetError()));
 	}
 	return x & MAX_VALUE;
@@ -157,17 +147,7 @@ struct ub_randstate {
 	int seeded;
 };
 
-void ub_systemseed(unsigned int ATTR_UNUSED(seed))
-{
-/**
- * We seed on init and not here, as we need the ctx to re-seed.
- * This also means that re-seeding is not supported.
- */
-	log_err("Re-seeding not supported, generator untouched");
-}
-
-struct ub_randstate* ub_initstate(unsigned int seed,
-	struct ub_randstate* ATTR_UNUSED(from))
+struct ub_randstate* ub_initstate(struct ub_randstate* ATTR_UNUSED(from))
 {
 	struct ub_randstate* s = (struct ub_randstate*)calloc(1, sizeof(*s));
 	uint8_t buf[YARROW256_SEED_FILE_SIZE];
@@ -183,15 +163,10 @@ struct ub_randstate* ub_initstate(unsigned int seed,
 		yarrow256_seed(&s->ctx, YARROW256_SEED_FILE_SIZE, buf);
 		s->seeded = yarrow256_is_seeded(&s->ctx);
 	} else {
-		/* Stretch the uint32 input seed and feed it to Yarrow */
-		uint32_t v = seed;
-		size_t i;
-		for(i=0; i < (YARROW256_SEED_FILE_SIZE/sizeof(seed)); i++) {
-			memmove(buf+i*sizeof(seed), &v, sizeof(seed));
-			v = v*seed + (uint32_t)i;
-		}
-		yarrow256_seed(&s->ctx, YARROW256_SEED_FILE_SIZE, buf);
-		s->seeded = yarrow256_is_seeded(&s->ctx);
+		log_err("nettle random(yarrow) cannot initialize, "
+			"getentropy failed: %s", strerror(errno));
+		free(s);
+		return NULL;
 	}
 
 	return s;