libcrypto: Use new RAND_priv_bytes() for strong randomness

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

ConfigureChecks.cmake

@@ -120,6 +120,10 @@ if (OPENSSL_FOUND)
     set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
     check_function_exists(EVP_CIPHER_CTX_new HAVE_OPENSSL_EVP_CIPHER_CTX_NEW)
 
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
+    check_function_exists(RAND_priv_bytes HAVE_OPENSSL_RAND_PRIV_BYTES)
+
     unset(CMAKE_REQUIRED_INCLUDES)
     unset(CMAKE_REQUIRED_LIBRARIES)
 endif()

src/libcrypto.c

@@ -93,7 +93,14 @@ void ssh_reseed(void){
  */
 int ssh_get_random(void *where, int len, int strong)
 {
+#ifdef HAVE_OPENSSL_RAND_PRIV_BYTES
+    if (strong) {
+        /* Returns -1 when not supported, 0 on error, 1 on success */
+        return !!RAND_priv_bytes(where, len);
+    }
+#else
     (void)strong;
+#endif /* HAVE_RAND_PRIV_BYTES */
 
     /* Returns -1 when not supported, 0 on error, 1 on success */
     return !!RAND_bytes(where, len);