From 38c53db9533a3e0ac446ee0a83dac8768d282de9 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Thu, 5 Jul 2018 08:56:33 +0200
Subject: [PATCH] libcrypto: Use new RAND_priv_bytes() for strong randomness

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
---
 ConfigureChecks.cmake | 4 ++++
 src/libcrypto.c       | 7 +++++++
 2 files changed, 11 insertions(+)

diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
index 677c98b4..07c53c73 100644
--- a/ConfigureChecks.cmake
+++ b/ConfigureChecks.cmake
@@ -120,6 +120,10 @@ if (OPENSSL_FOUND)
     set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
     check_function_exists(EVP_CIPHER_CTX_new HAVE_OPENSSL_EVP_CIPHER_CTX_NEW)
 
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
+    check_function_exists(RAND_priv_bytes HAVE_OPENSSL_RAND_PRIV_BYTES)
+
     unset(CMAKE_REQUIRED_INCLUDES)
     unset(CMAKE_REQUIRED_LIBRARIES)
 endif()
diff --git a/src/libcrypto.c b/src/libcrypto.c
index 46570294..846e37e1 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -93,7 +93,14 @@ void ssh_reseed(void){
  */
 int ssh_get_random(void *where, int len, int strong)
 {
+#ifdef HAVE_OPENSSL_RAND_PRIV_BYTES
+    if (strong) {
+        /* Returns -1 when not supported, 0 on error, 1 on success */
+        return !!RAND_priv_bytes(where, len);
+    }
+#else
     (void)strong;
+#endif /* HAVE_RAND_PRIV_BYTES */
 
     /* Returns -1 when not supported, 0 on error, 1 on success */
     return !!RAND_bytes(where, len);