crytpo: Make sure we check return of ssh_get_random() correctly

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

src/channels.c

@@ -1802,9 +1802,14 @@ static char *generate_cookie(void) {
   static const char *hex = "0123456789abcdef";
   char s[36];
   unsigned char rnd[16];
+  int ok;
   int i;
 
-  ssh_get_random(rnd,sizeof(rnd),0);
+  ok = ssh_get_random(rnd, sizeof(rnd), 0);
+  if (!ok) {
+      return NULL;
+  }
+
   for (i = 0; i < 16; i++) {
     s[i*2] = hex[rnd[i] & 0x0f];
     s[i*2+1] = hex[rnd[i] >> 4];

src/curve25519.c

@@ -44,9 +44,10 @@
  */
 int ssh_client_curve25519_init(ssh_session session){
   int rc;
+  int ok;
 
-  rc = ssh_get_random(session->next_crypto->curve25519_privkey, CURVE25519_PRIVKEY_SIZE, 1);
-  if (rc == 0){
+  ok = ssh_get_random(session->next_crypto->curve25519_privkey, CURVE25519_PRIVKEY_SIZE, 1);
+  if (!ok) {
 	  ssh_set_error(session, SSH_FATAL, "PRNG error");
 	  return SSH_ERROR;
   }
@@ -190,6 +191,7 @@ int ssh_server_curve25519_init(ssh_session session, ssh_buffer packet){
     /* SSH host keys (rsa,dsa,ecdsa) */
     ssh_key privkey;
     ssh_string sig_blob = NULL;
+    int ok;
     int rc;
 
     /* Extract the client pubkey from the init packet */
@@ -210,8 +212,8 @@ int ssh_server_curve25519_init(ssh_session session, ssh_buffer packet){
     ssh_string_free(q_c_string);
     /* Build server's keypair */
 
-    rc = ssh_get_random(session->next_crypto->curve25519_privkey, CURVE25519_PRIVKEY_SIZE, 1);
-    if (rc == 0){
+    ok = ssh_get_random(session->next_crypto->curve25519_privkey, CURVE25519_PRIVKEY_SIZE, 1);
+    if (!ok) {
         ssh_set_error(session, SSH_FATAL, "PRNG error");
         return SSH_ERROR;
     }

src/external/ed25519.c

@@ -85,10 +85,10 @@ int crypto_sign_ed25519_keypair(unsigned char *pk,
     SHA512CTX ctx;
     unsigned char extsk[64];
     int i;
-    int rc;
+    int ok;
 
-    rc = ssh_get_random(sk, 32, 0);
-    if (rc < 0){
+    ok = ssh_get_random(sk, 32, 0);
+    if (!ok) {
         return -1;
     }
 

src/kex.c

@@ -645,9 +645,14 @@ static char *ssh_client_select_hostkeys(ssh_session session)
 int ssh_set_client_kex(ssh_session session){
     struct ssh_kex_struct *client= &session->next_crypto->client_kex;
     const char *wanted;
+    int ok;
     int i;
 
-    ssh_get_random(client->cookie, 16, 0);
+    ok = ssh_get_random(client->cookie, 16, 0);
+    if (!ok) {
+        ssh_set_error(session, SSH_FATAL, "PRNG error");
+        return SSH_ERROR;
+    }
 
     memset(client->methods, 0, KEX_METHODS_SIZE * sizeof(char **));
     /* first check if we have specific host key methods */

src/libcrypto.c

@@ -78,6 +78,19 @@ void ssh_reseed(void){
 #endif
 }
 
+/**
+ * @brief Get random bytes
+ *
+ * Make sure to always check the return code of this function!
+ *
+ * @param[in]  where    The buffer to fill with random bytes
+ *
+ * @param[in]  len      The size of the buffer to fill.
+ *
+ * @param[in]  strong   Use a strong or private RNG source.
+ *
+ * @return 1 on success, 0 on error.
+ */
 int ssh_get_random(void *where, int len, int strong)
 {
     (void)strong;

src/packet.c

@@ -579,7 +579,13 @@ static int packet_send2(ssh_session session) {
   }
 
   if (session->current_crypto != NULL) {
-    ssh_get_random(padstring, padding, 0);
+      int ok;
+
+      ok = ssh_get_random(padstring, padding, 0);
+      if (!ok) {
+          ssh_set_error(session, SSH_FATAL, "PRNG error");
+          goto error;
+      }
   }
 
   if (header_buffer == NULL){

src/pki_container_openssh.c

@@ -576,6 +576,7 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
     int to_encrypt=0;
     unsigned char *b64;
     uint32_t str_len, len;
+    int ok;
     int rc;
 
     if (privkey == NULL) {
@@ -594,7 +595,11 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
     if(buffer == NULL || pubkey_s == NULL){
         goto error;
     }
-    ssh_get_random(&rnd, sizeof(rnd), 0);
+
+    ok = ssh_get_random(&rnd, sizeof(rnd), 0);
+    if (!ok) {
+        goto error;
+    }
 
     privkey_buffer = ssh_buffer_new();
     if (privkey_buffer == NULL) {
@@ -634,7 +639,13 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
             ssh_buffer_free(kdf_buf);
             goto error;
         }
-        ssh_get_random(ssh_string_data(salt),16, 0);
+
+        ok = ssh_get_random(ssh_string_data(salt), 16, 0);
+        if (!ok) {
+            ssh_buffer_free(kdf_buf);
+            goto error;
+        }
+
         ssh_buffer_pack(kdf_buf, "Sd", salt, rounds);
         kdf_options = ssh_string_new(ssh_buffer_get_len(kdf_buf));
         if (kdf_options == NULL){

src/server.c

@@ -90,9 +90,15 @@ static int server_set_kex(ssh_session session) {
   char hostkeys[64] = {0};
   enum ssh_keytypes_e keytype;
   size_t len;
+  int ok;
 
   ZERO_STRUCTP(server);
-  ssh_get_random(server->cookie, 16, 0);
+
+  ok = ssh_get_random(server->cookie, 16, 0);
+  if (!ok) {
+      ssh_set_error(session, SSH_FATAL, "PRNG error");
+      return -1;
+  }
 
   if (session->srv.ed25519_key != NULL) {
       snprintf(hostkeys,

tests/unittests/torture_rand.c

@@ -40,14 +40,14 @@ static int teardown(void **state) {
 static void *torture_rand_thread(void *threadid) {
     char buffer[12];
     int i;
-    int r;
+    int ok;
 
     (void) threadid;
 
     buffer[0] = buffer[1] = buffer[10] = buffer[11] = 'X';
     for(i = 0; i < NUM_LOOPS; ++i) {
-        r = ssh_get_random(&buffer[2], i % 8 + 1, 0);
-        assert_true(r == 1);
+        ok = ssh_get_random(&buffer[2], i % 8 + 1, 0);
+        assert_true(ok);
     }
 
     pthread_exit(NULL);