Index: tcp_subr.c
===================================================================
RCS file: /cvs/src/sys/netinet/tcp_subr.c,v
retrieving revision 1.133
diff -u -p -r1.133 tcp_subr.c
--- tcp_subr.c	20 Oct 2014 03:43:40 -0000	1.133
+++ tcp_subr.c	20 Oct 2014 09:52:00 -0000
@@ -99,7 +99,6 @@
 #endif /* INET6 */
 
 #include <crypto/md5.h>
-#include <crypto/sha2.h>
 
 /* patchable/settable parameters for tcp */
 int	tcp_mssdflt = TCP_MSS;
@@ -944,44 +943,17 @@ tcp_mtudisc_increase(inp, errno)
 }
 
 #define TCP_ISS_CONN_INC 4096
-int tcp_secret_init;
-u_char tcp_secret[16];
-SHA2_CTX tcp_secret_ctx;
 
 void
 tcp_set_iss_tsm(struct tcpcb *tp)
 {
-	SHA2_CTX ctx;
-	union {
-		uint8_t bytes[SHA512_DIGEST_LENGTH];
-		uint32_t words[2];
-	} digest;
+	u_int32_t words[2];
 
+	arc4random_buf(words, sizeof(words));
 
-	if (tcp_secret_init == 0) {
-		arc4random_buf(tcp_secret, sizeof(tcp_secret));
-		SHA512Init(&tcp_secret_ctx);
-		SHA512Update(&tcp_secret_ctx, tcp_secret, sizeof(tcp_secret));
-		tcp_secret_init = 1;
-	}
-	ctx = tcp_secret_ctx;
-	SHA512Update(&ctx, (char *)&tp->t_inpcb->inp_lport, sizeof(u_short));
-	SHA512Update(&ctx, (char *)&tp->t_inpcb->inp_fport, sizeof(u_short));
-	if (tp->pf == AF_INET6) {
-		SHA512Update(&ctx, (char *)&tp->t_inpcb->inp_laddr6,
-		    sizeof(struct in6_addr));
-		SHA512Update(&ctx, (char *)&tp->t_inpcb->inp_faddr6,
-		    sizeof(struct in6_addr));
-	} else {
-		SHA512Update(&ctx, (char *)&tp->t_inpcb->inp_laddr,
-		    sizeof(struct in_addr));
-		SHA512Update(&ctx, (char *)&tp->t_inpcb->inp_faddr,
-		    sizeof(struct in_addr));
-	}
-	SHA512Final(digest.bytes, &ctx);
 	tcp_iss += TCP_ISS_CONN_INC;
-	tp->iss = digest.words[0] + tcp_iss;
-	tp->ts_modulate = digest.words[1];
+	tp->iss = words[1] + tcp_iss;
+	tp->ts_modulate = words[2];
 }
 
 #ifdef TCP_SIGNATURE