bignum: Harmonize ssh_get_random()

Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

include/libssh/libcrypto.h

@@ -73,7 +73,7 @@ typedef BN_CTX* bignum_CTX;
 #define bignum_bn2dec(num) BN_bn2dec(num)
 #define bignum_dec2bn(bn,data) BN_dec2bn(data,bn)
 #define bignum_bn2hex(num) BN_bn2hex(num)
-#define bignum_rand(rnd, bits, top, bottom) BN_rand(rnd,bits,top,bottom)
+#define bignum_rand(rnd, bits) BN_rand(rnd, bits, 0, 1)
 #define bignum_ctx_new() BN_CTX_new()
 #define bignum_ctx_free(num) BN_CTX_free(num)
 #define bignum_mod_exp(dest,generator,exp,modulo,ctx) BN_mod_exp(dest,generator,exp,modulo,ctx)

include/libssh/libmbedcrypto.h

@@ -86,8 +86,7 @@ int ssh_mbedcry_is_bit_set(bignum num, size_t pos);
 #define bignum_bn2dec(num) ssh_mbedcry_bn2num(num, 10)
 #define bignum_dec2bn(data, bn) mbedtls_mpi_read_string(bn, 10, data)
 #define bignum_bn2hex(num) ssh_mbedcry_bn2num(num, 16)
-#define bignum_rand(rnd, bits, top, bottom) ssh_mbedcry_rand(rnd, bits, \
-        top, bottom)
+#define bignum_rand(rnd, bits) ssh_mbedcry_rand((rnd), (bits), 0, 1)
 #define bignum_mod_exp(dest, generator, exp, modulo, ctx) \
         mbedtls_mpi_exp_mod(dest, generator, exp, modulo, NULL)
 #define bignum_num_bytes(num) mbedtls_mpi_size(num)

src/dh.c

@@ -122,37 +122,6 @@ static bignum select_p(enum ssh_key_exchange_e type) {
     return type == SSH_KEX_DH_GROUP14_SHA1 ? p_group14 : p_group1;
 }
 
-int ssh_get_random(void *where, int len, int strong){
-
-#ifdef HAVE_LIBGCRYPT
-  /* variable not used in gcrypt */
-  (void) strong;
-  /* not using GCRY_VERY_STRONG_RANDOM which is a bit overkill */
-  gcry_randomize(where,len,GCRY_STRONG_RANDOM);
-
-  return 1;
-#elif defined HAVE_LIBCRYPTO
-# if OPENSSL_VERSION_NUMBER > 0x10100000L
-  /* variable not used in new libcrypto */
-  (void) strong;
-
-  return RAND_bytes(where, len);
-# else /* OPENSSL_VERSION_NUMBER */
-  if (strong) {
-    return RAND_bytes(where,len);
-  } else {
-    return RAND_pseudo_bytes(where,len);
-  }
-# endif /* OPENSSL_VERSION_NUMBER */
-#elif defined HAVE_LIBMBEDCRYPTO
-  return ssh_mbedtls_random(where, len, strong);
-#endif
-
-  /* never reached */
-  return 1;
-}
-
-
 /*
  * This inits the values g and p which are used for DH key agreement
  * FIXME: Make the function thread safe by adding a semaphore or mutex.
@@ -260,13 +229,7 @@ int ssh_dh_generate_x(ssh_session session) {
     return -1;
   }
 
-#ifdef HAVE_LIBGCRYPT
   bignum_rand(session->next_crypto->x, keysize);
-#elif defined HAVE_LIBCRYPTO
-  bignum_rand(session->next_crypto->x, keysize, -1, 0);
-#elif defined HAVE_LIBMBEDCRYPTO
-  bignum_rand(session->next_crypto->x, keysize, -1, 0);
-#endif
 
   /* not harder than this */
 #ifdef DEBUG_CRYPTO
@@ -289,13 +252,7 @@ int ssh_dh_generate_y(ssh_session session) {
     return -1;
   }
 
-#ifdef HAVE_LIBGCRYPT
   bignum_rand(session->next_crypto->y, keysize);
-#elif defined HAVE_LIBCRYPTO
-  bignum_rand(session->next_crypto->y, keysize, -1, 0);
-#elif defined HAVE_LIBMBEDCRYPTO
-  bignum_rand(session->next_crypto->y, keysize, -1, 0);
-#endif
 
   /* not harder than this */
 #ifdef DEBUG_CRYPTO

src/libcrypto.c

@@ -78,6 +78,14 @@ void ssh_reseed(void){
 #endif
 }
 
+int ssh_get_random(void *where, int len, int strong)
+{
+    (void)strong;
+
+    /* Returns -1 when not supported, 0 on error, 1 on success */
+    return !!RAND_bytes(where, len);
+}
+
 SHACTX sha1_init(void)
 {
     int rc;

src/libgcrypt.c

@@ -50,7 +50,18 @@ static int alloc_key(struct ssh_cipher_struct *cipher) {
 }
 
 void ssh_reseed(void){
-	}
+}
+
+int ssh_get_random(void *where, int len, int strong)
+{
+    /* variable not used in gcrypt */
+    (void) strong;
+
+    /* not using GCRY_VERY_STRONG_RANDOM which is a bit overkill */
+    gcry_randomize(where,len,GCRY_STRONG_RANDOM);
+
+    return 1;
+}
 
 SHACTX sha1_init(void) {
   SHACTX ctx = NULL;

src/libmbedcrypto.c

@@ -40,6 +40,11 @@ void ssh_reseed(void)
     mbedtls_ctr_drbg_reseed(&ssh_mbedtls_ctr_drbg, NULL, 0);
 }
 
+int ssh_get_random(void *where, int len, int strong)
+{
+    return ssh_mbedtls_random(where, len, strong);
+}
+
 SHACTX sha1_init(void)
 {
     SHACTX ctx = NULL;