diff --git a/include/libssh/libcrypto.h b/include/libssh/libcrypto.h index 4b8e5414..e2d2baad 100644 --- a/include/libssh/libcrypto.h +++ b/include/libssh/libcrypto.h @@ -73,7 +73,7 @@ typedef BN_CTX* bignum_CTX; #define bignum_bn2dec(num) BN_bn2dec(num) #define bignum_dec2bn(bn,data) BN_dec2bn(data,bn) #define bignum_bn2hex(num) BN_bn2hex(num) -#define bignum_rand(rnd, bits, top, bottom) BN_rand(rnd,bits,top,bottom) +#define bignum_rand(rnd, bits) BN_rand(rnd, bits, 0, 1) #define bignum_ctx_new() BN_CTX_new() #define bignum_ctx_free(num) BN_CTX_free(num) #define bignum_mod_exp(dest,generator,exp,modulo,ctx) BN_mod_exp(dest,generator,exp,modulo,ctx) diff --git a/include/libssh/libmbedcrypto.h b/include/libssh/libmbedcrypto.h index 7cc1bbb0..9f8ee9a2 100644 --- a/include/libssh/libmbedcrypto.h +++ b/include/libssh/libmbedcrypto.h @@ -86,8 +86,7 @@ int ssh_mbedcry_is_bit_set(bignum num, size_t pos); #define bignum_bn2dec(num) ssh_mbedcry_bn2num(num, 10) #define bignum_dec2bn(data, bn) mbedtls_mpi_read_string(bn, 10, data) #define bignum_bn2hex(num) ssh_mbedcry_bn2num(num, 16) -#define bignum_rand(rnd, bits, top, bottom) ssh_mbedcry_rand(rnd, bits, \ - top, bottom) +#define bignum_rand(rnd, bits) ssh_mbedcry_rand((rnd), (bits), 0, 1) #define bignum_mod_exp(dest, generator, exp, modulo, ctx) \ mbedtls_mpi_exp_mod(dest, generator, exp, modulo, NULL) #define bignum_num_bytes(num) mbedtls_mpi_size(num) diff --git a/src/dh.c b/src/dh.c index f4601868..2be0252d 100644 --- a/src/dh.c +++ b/src/dh.c @@ -122,37 +122,6 @@ static bignum select_p(enum ssh_key_exchange_e type) { return type == SSH_KEX_DH_GROUP14_SHA1 ? p_group14 : p_group1; } -int ssh_get_random(void *where, int len, int strong){ - -#ifdef HAVE_LIBGCRYPT - /* variable not used in gcrypt */ - (void) strong; - /* not using GCRY_VERY_STRONG_RANDOM which is a bit overkill */ - gcry_randomize(where,len,GCRY_STRONG_RANDOM); - - return 1; -#elif defined HAVE_LIBCRYPTO -# if OPENSSL_VERSION_NUMBER > 0x10100000L - /* variable not used in new libcrypto */ - (void) strong; - - return RAND_bytes(where, len); -# else /* OPENSSL_VERSION_NUMBER */ - if (strong) { - return RAND_bytes(where,len); - } else { - return RAND_pseudo_bytes(where,len); - } -# endif /* OPENSSL_VERSION_NUMBER */ -#elif defined HAVE_LIBMBEDCRYPTO - return ssh_mbedtls_random(where, len, strong); -#endif - - /* never reached */ - return 1; -} - - /* * This inits the values g and p which are used for DH key agreement * FIXME: Make the function thread safe by adding a semaphore or mutex. @@ -260,13 +229,7 @@ int ssh_dh_generate_x(ssh_session session) { return -1; } -#ifdef HAVE_LIBGCRYPT bignum_rand(session->next_crypto->x, keysize); -#elif defined HAVE_LIBCRYPTO - bignum_rand(session->next_crypto->x, keysize, -1, 0); -#elif defined HAVE_LIBMBEDCRYPTO - bignum_rand(session->next_crypto->x, keysize, -1, 0); -#endif /* not harder than this */ #ifdef DEBUG_CRYPTO @@ -289,13 +252,7 @@ int ssh_dh_generate_y(ssh_session session) { return -1; } -#ifdef HAVE_LIBGCRYPT bignum_rand(session->next_crypto->y, keysize); -#elif defined HAVE_LIBCRYPTO - bignum_rand(session->next_crypto->y, keysize, -1, 0); -#elif defined HAVE_LIBMBEDCRYPTO - bignum_rand(session->next_crypto->y, keysize, -1, 0); -#endif /* not harder than this */ #ifdef DEBUG_CRYPTO diff --git a/src/libcrypto.c b/src/libcrypto.c index 2c918916..bde706b8 100644 --- a/src/libcrypto.c +++ b/src/libcrypto.c @@ -78,6 +78,14 @@ void ssh_reseed(void){ #endif } +int ssh_get_random(void *where, int len, int strong) +{ + (void)strong; + + /* Returns -1 when not supported, 0 on error, 1 on success */ + return !!RAND_bytes(where, len); +} + SHACTX sha1_init(void) { int rc; diff --git a/src/libgcrypt.c b/src/libgcrypt.c index 4b84cd40..0eed44bb 100644 --- a/src/libgcrypt.c +++ b/src/libgcrypt.c @@ -50,7 +50,18 @@ static int alloc_key(struct ssh_cipher_struct *cipher) { } void ssh_reseed(void){ - } +} + +int ssh_get_random(void *where, int len, int strong) +{ + /* variable not used in gcrypt */ + (void) strong; + + /* not using GCRY_VERY_STRONG_RANDOM which is a bit overkill */ + gcry_randomize(where,len,GCRY_STRONG_RANDOM); + + return 1; +} SHACTX sha1_init(void) { SHACTX ctx = NULL; diff --git a/src/libmbedcrypto.c b/src/libmbedcrypto.c index aa183f18..03281f47 100644 --- a/src/libmbedcrypto.c +++ b/src/libmbedcrypto.c @@ -40,6 +40,11 @@ void ssh_reseed(void) mbedtls_ctr_drbg_reseed(&ssh_mbedtls_ctr_drbg, NULL, 0); } +int ssh_get_random(void *where, int len, int strong) +{ + return ssh_mbedtls_random(where, len, strong); +} + SHACTX sha1_init(void) { SHACTX ctx = NULL;