/****************
* Make a session key and put it into DEK
*/
void
make_session_key( DEK *dek )
{
gcry_cipher_hd_t chd;
int i, rc;
dek->keylen = openpgp_cipher_get_algo_keylen (dek->algo);
if (openpgp_cipher_open (&chd, dek->algo, GCRY_CIPHER_MODE_CFB,
(GCRY_CIPHER_SECURE
| (dek->algo >= 100 ?
0 : GCRY_CIPHER_ENABLE_SYNC))) )
BUG();
gcry_randomize (dek->key, dek->keylen, GCRY_STRONG_RANDOM );
for (i=0; i < 16; i++ )
{
rc = gcry_cipher_setkey (chd, dek->key, dek->keylen);
if (!rc)
{
gcry_cipher_close (chd);
return;
}
if (gpg_err_code (rc) != GPG_ERR_WEAK_KEY)
BUG();
log_info(_("weak key created - retrying\n") );
/* Renew the session key until we get a non-weak key. */
gcry_randomize (dek->key, dek->keylen, GCRY_STRONG_RANDOM);
}
log_fatal (_("cannot avoid weak key for symmetric cipher; "
"tried %d times!\n"), i);
}
std::string crypt_plugin::do_crypto( unsigned short len )
{
char *b, *r, *buff;
std::string out;
gcry_cipher_hd_t hand;
gcry_cipher_open( &hand, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_CBC_CTS );
gcry_cipher_setiv( hand, NULL, 0 );
b = new char[16];
gcry_randomize( b, 16, GCRY_STRONG_RANDOM );
gcry_cipher_setkey( hand, b, 16 );
buff = new char[len];
r = new char[len+1];
gcry_randomize( r, len, GCRY_STRONG_RANDOM );
gcry_cipher_encrypt( hand, buff, len, r, len );
delete b;
memset( r, 0, len+1 );
for( unsigned int i = 0; i < len; i++ ) {
int k = 1 + (int) (92.0 * ((float)buff[i] / 256.0));
if( k < 0 )
k *= -1;
r[i] = k+34;
}
gcry_cipher_close(hand);
out = r;
delete buff;
delete r;
return out;
}
/**
* @ingroup crypto
* Fill block with a random values.
*
* @param mode desired quality of the random number
* @param buffer the buffer to fill
* @param length buffer length
*/
void
GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
{
#ifdef gcry_fast_random_poll
static unsigned int invokeCount;
#endif
switch (mode)
{
case GNUNET_CRYPTO_QUALITY_STRONG:
/* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
#ifdef gcry_fast_random_poll
if ((invokeCount++ % 256) == 0)
gcry_fast_random_poll ();
#endif
gcry_randomize (buffer, length, GCRY_STRONG_RANDOM);
return;
case GNUNET_CRYPTO_QUALITY_NONCE:
gcry_create_nonce (buffer, length);
return;
case GNUNET_CRYPTO_QUALITY_WEAK:
/* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
#ifdef gcry_fast_random_poll
if ((invokeCount++ % 256) == 0)
gcry_fast_random_poll ();
#endif
gcry_randomize (buffer, length, GCRY_WEAK_RANDOM);
return;
default:
GNUNET_assert (0);
}
}
static void
random_bench (int very_strong)
{
char buf[128];
int i;
printf ("%-10s", "random");
if (!very_strong)
{
start_timer ();
for (i=0; i < 100; i++)
gcry_randomize (buf, sizeof buf, GCRY_STRONG_RANDOM);
stop_timer ();
printf (" %s", elapsed_time ());
}
start_timer ();
for (i=0; i < 100; i++)
gcry_randomize (buf, 8,
very_strong? GCRY_VERY_STRONG_RANDOM:GCRY_STRONG_RANDOM);
stop_timer ();
printf (" %s", elapsed_time ());
putchar ('\n');
if (verbose)
gcry_control (GCRYCTL_DUMP_RANDOM_STATS);
}
static void
check_rng_type_switching (void)
{
int rngtype, initial;
char tmp1[4];
if (verbose)
inf ("checking whether RNG type switching works\n");
rngtype = rng_type ();
if (debug)
inf ("rng type: %d\n", rngtype);
initial = rngtype;
gcry_randomize (tmp1, sizeof tmp1, GCRY_STRONG_RANDOM);
if (debug)
print_hex (" sample: ", tmp1, sizeof tmp1);
if (rngtype != rng_type ())
die ("RNG type unexpectedly changed\n");
gcry_control (GCRYCTL_SET_PREFERRED_RNG_TYPE, GCRY_RNG_TYPE_SYSTEM);
rngtype = rng_type ();
if (debug)
inf ("rng type: %d\n", rngtype);
if (rngtype != initial)
die ("switching to System RNG unexpectedly succeeded\n");
gcry_randomize (tmp1, sizeof tmp1, GCRY_STRONG_RANDOM);
if (debug)
print_hex (" sample: ", tmp1, sizeof tmp1);
if (rngtype != rng_type ())
die ("RNG type unexpectedly changed\n");
gcry_control (GCRYCTL_SET_PREFERRED_RNG_TYPE, GCRY_RNG_TYPE_FIPS);
rngtype = rng_type ();
if (debug)
inf ("rng type: %d\n", rngtype);
if (rngtype != initial)
die ("switching to FIPS RNG unexpectedly succeeded\n");
gcry_randomize (tmp1, sizeof tmp1, GCRY_STRONG_RANDOM);
if (debug)
print_hex (" sample: ", tmp1, sizeof tmp1);
if (rngtype != rng_type ())
die ("RNG type unexpectedly changed\n");
gcry_control (GCRYCTL_SET_PREFERRED_RNG_TYPE, GCRY_RNG_TYPE_STANDARD);
rngtype = rng_type ();
if (debug)
inf ("rng type: %d\n", rngtype);
if (rngtype != GCRY_RNG_TYPE_STANDARD)
die ("switching to standard RNG failed\n");
gcry_randomize (tmp1, sizeof tmp1, GCRY_STRONG_RANDOM);
if (debug)
print_hex (" sample: ", tmp1, sizeof tmp1);
if (rngtype != rng_type ())
die ("RNG type unexpectedly changed\n");
}
/**
* Create a new SessionKey (for symmetric encryption).
*
* @param key session key to initialize
*/
void
GNUNET_CRYPTO_symmetric_create_session_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key)
{
gcry_randomize (key->aes_key,
GNUNET_CRYPTO_AES_KEY_LENGTH,
GCRY_STRONG_RANDOM);
gcry_randomize (key->twofish_key,
GNUNET_CRYPTO_AES_KEY_LENGTH,
GCRY_STRONG_RANDOM);
}
/* Check that forking won't return the same random. */
static void
check_forking (void)
{
pid_t pid;
int rp[2];
int i, status;
size_t nread;
char tmp1[16], tmp1c[16], tmp1p[16];
/* We better make sure that the RNG has been initialzied. */
gcry_randomize (tmp1, sizeof tmp1, GCRY_STRONG_RANDOM);
if (verbose)
print_hex ("initial random: ", tmp1, sizeof tmp1);
if (pipe (rp) == -1)
die ("pipe failed: %s\n", strerror (errno));
pid = fork ();
if (pid == (pid_t)(-1))
die ("fork failed: %s\n", strerror (errno));
if (!pid)
{
gcry_randomize (tmp1c, sizeof tmp1c, GCRY_STRONG_RANDOM);
if (writen (rp[1], tmp1c, sizeof tmp1c))
die ("write failed: %s\n", strerror (errno));
if (verbose)
{
print_hex (" child random: ", tmp1c, sizeof tmp1c);
fflush (stdout);
}
_exit (0);
}
gcry_randomize (tmp1p, sizeof tmp1p, GCRY_STRONG_RANDOM);
if (verbose)
print_hex (" parent random: ", tmp1p, sizeof tmp1p);
close (rp[1]);
if (readn (rp[0], tmp1c, sizeof tmp1c, &nread))
die ("read failed: %s\n", strerror (errno));
if (nread != sizeof tmp1c)
die ("read too short\n");
while ( (i=waitpid (pid, &status, 0)) == -1 && errno == EINTR)
;
if (i != (pid_t)(-1)
&& WIFEXITED (status) && !WEXITSTATUS (status))
;
else
die ("child failed\n");
if (!memcmp (tmp1p, tmp1c, sizeof tmp1c))
die ("parent and child got the same random number\n");
}
/* RNG */
int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)
{
switch(quality) {
case CRYPT_RND_NORMAL:
gcry_randomize(buffer, length, GCRY_STRONG_RANDOM);
break;
case CRYPT_RND_SALT:
case CRYPT_RND_KEY:
default:
gcry_randomize(buffer, length, GCRY_VERY_STRONG_RANDOM);
break;
}
return 0;
}
std::string crypt_plugin::do_sha( unsigned short which, unsigned short len ) {
char *work_a, *work_b, *work_c;
std::string out;
int alg;
work_a = new char[which];
work_b = new char[which];
work_c = new char[len];
alg = 0;
gcry_randomize( work_a, which, GCRY_STRONG_RANDOM );
switch( which ) {
case 256:
alg = GCRY_MD_SHA256;
break;
case 512:
alg = GCRY_MD_SHA512;
break;
}
gcry_md_hash_buffer( alg, work_b, work_a, which );
delete work_a;
for( unsigned int x = 0; x < len; x++ ) {
int k = 1 + (int) (92.0 * ((float)work_b[x] / 256.0));
if( k < 0 )
k *= -1;
work_c[x] = k+34;
}
delete work_b;
out = work_c;
delete work_c;
return out;
}
static void
fill_random_nonzero (guchar *data, gsize n_data)
{
guchar *rnd;
guint n_zero, i, j;
gcry_randomize (data, n_data, GCRY_STRONG_RANDOM);
/* Find any zeros in random data */
n_zero = 0;
for (i = 0; i < n_data; ++i) {
if (data[i] == 0x00)
++n_zero;
}
while (n_zero > 0) {
rnd = gcry_random_bytes (n_zero, GCRY_STRONG_RANDOM);
n_zero = 0;
for (i = 0, j = 0; i < n_data; ++i) {
if (data[i] != 0x00)
continue;
/* Use some of the replacement data */
data[i] = rnd[j];
++j;
/* It's zero again :( */
if (data[i] == 0x00)
n_zero++;
}
gcry_free (rnd);
}
}
static int srp_callback(gnutls_session_t session, const char *username, gnutls_datum_t *salt,
gnutls_datum_t *verifier, gnutls_datum_t *generator, gnutls_datum_t *prime)
{
int ret;
if ( strcmp(username, "prelude-adduser") != 0 )
return -1;
salt->size = 4;
salt->data = gnutls_malloc(4);
if ( ! salt->data ) {
fprintf(stderr, "memory exhausted.\n");
return -1;
}
gcry_randomize(salt->data, salt->size, GCRY_WEAK_RANDOM);
ret = copy_datum(generator, &gnutls_srp_1024_group_generator);
if ( ret < 0 )
return -1;
ret = copy_datum(prime, &gnutls_srp_1024_group_prime);
if ( ret < 0 )
return -1;
return gnutls_srp_verifier(username, one_shot_passwd, salt, generator, prime, verifier);
}
/*output this number*/
void mpiOut2(gcry_mpi_t value)
{ int i=0;
char buffer[1024/8],buffer2[1024/8]; //buffer for the output
gcry_randomize (buffer, 1024/8, GCRY_STRONG_RANDOM);
printf("\n random buffer: ");
for (i = 0; i<1024/8; i++){
if(i%32==0)
printf("\n");
printf("%0u", (unsigned char)buffer[i]);
}
printf("\n");
gcry_mpi_t test;
test=gcry_mpi_snew(1024/8);
gcry_mpi_scan(&test,GCRYMPI_FMT_STD,buffer,sizeof(buffer),NULL);
gcry_mpi_print(GCRYMPI_FMT_STD,buffer2,sizeof(buffer2),NULL,test); //converts the MPI to a writable buffer
printf("\n random buffer2:\n");
for (i = 0; i<1024/8; i++){
if(i%32==0)
printf("\n");
printf("%0u", (unsigned char)buffer2[i]);
}
printf("\n test");
}
gsti_error_t
_gsti_kex_send_init_packet (gsti_ctx_t ctx)
{
gsti_error_t err = 0;
MSG_kexinit * kex;
/* First send our kexinit packet. */
kex = ctx->host_kex = _gsti_xcalloc (1, sizeof *kex);
/* We need the cookie later, so store it. */
gcry_randomize (kex->cookie, SSH_COOKIESIZE, GCRY_STRONG_RANDOM);
memcpy (ctx->cookie, kex->cookie, SSH_COOKIESIZE);
build_kex_list (ctx, &kex->kex_algo);
build_pkalgo_list (ctx, &kex->server_host_key_algos);
build_cipher_list (ctx, &kex->encr_algos_c2s, &kex->encr_algos_s2c);
build_hmac_list (ctx, &kex->mac_algos_c2s, &kex->mac_algos_s2c);
build_compress_list (ctx, &kex->compr_algos_c2s, &kex->compr_algos_s2c);
err = build_msg_kexinit (kex, &ctx->pkt);
if (!err)
err = _gsti_packet_write (ctx, &ctx->pkt);
if (err)
{
free_msg_kexinit (kex);
_gsti_free (kex);
return err;
}
/* Must do it here because write_packet fills in the packet type. */
err = gsti_bstr_make (&ctx->host_kexinit_data,
ctx->pkt.payload, ctx->pkt.payload_len);
if (!err)
err = _gsti_packet_flush (ctx);
return err;
}
void Call(char* buffer, size_t len)
{
#ifdef GNUTLS_HAS_RND
gnutls_rnd(GNUTLS_RND_RANDOM, buffer, len);
#else
gcry_randomize(buffer, len, GCRY_STRONG_RANDOM);
#endif
}
/* Check that a closed random device os re-opened if needed. */
static void
check_close_random_device (void)
{
#ifdef HAVE_W32_SYSTEM
if (verbose)
inf ("check_close_random_device skipped: not applicable on Windows\n");
#else /*!HAVE_W32_SYSTEM*/
pid_t pid;
int i, status;
char buf[4];
if (verbose)
inf ("checking that close_random_device works\n");
gcry_randomize (buf, sizeof buf, GCRY_STRONG_RANDOM);
if (verbose)
print_hex ("parent random: ", buf, sizeof buf);
pid = fork ();
if (pid == (pid_t)(-1))
die ("fork failed: %s\n", strerror (errno));
if (!pid)
{
gcry_control (GCRYCTL_CLOSE_RANDOM_DEVICE, 0);
/* The next call will re-open the device. */
gcry_randomize (buf, sizeof buf, GCRY_STRONG_RANDOM);
if (verbose)
{
print_hex ("child random : ", buf, sizeof buf);
fflush (stdout);
}
_exit (0);
}
while ( (i=waitpid (pid, &status, 0)) == -1 && errno == EINTR)
;
if (i != (pid_t)(-1)
&& WIFEXITED (status) && !WEXITSTATUS (status))
;
else
die ("child failed\n");
#endif /*!HAVE_W32_SYSTEM*/
}
int
rb_get_random(void *buf, size_t length)
{
#if GNUTLS_VERSION_MAJOR < 3
gcry_randomize(buf, length, GCRY_STRONG_RANDOM);
#else
gnutls_rnd(GNUTLS_RND_KEY, buf, length);
#endif
return 1;
}
/* Create a new session key and append it as a tuple to the memory
buffer MB.
The EncFS daemon takes a passphrase from stdin and internally
mangles it by means of some KDF from OpenSSL. We want to store a
binary key but we need to make sure that certain characters are not
used because the EncFS utility reads it from stdin and obviously
acts on some of the characters. This we replace CR (in case of an
MSDOS version of EncFS), LF (the delimiter used by EncFS) and Nul
(because it is unlikely to work). We use 32 bytes (256 bit)
because that is sufficient for the largest cipher (AES-256) and in
addition gives enough margin for a possible entropy degradation by
the KDF. */
gpg_error_t
be_encfs_create_new_keys (membuf_t *mb)
{
char *buffer;
int i, j;
/* Allocate a buffer of 32 bytes plus 8 spare bytes we may need to
replace the unwanted values. */
buffer = xtrymalloc_secure (32+8);
if (!buffer)
return gpg_error_from_syserror ();
/* Randomize the buffer. STRONG random should be enough as it is a
good compromise between security and performance. The
anticipated usage of this tool is the quite often creation of new
containers and thus this should not deplete the system's entropy
tool too much. */
gcry_randomize (buffer, 32+8, GCRY_STRONG_RANDOM);
for (i=j=0; i < 32; i++)
{
if (buffer[i] == '\r' || buffer[i] == '\n' || buffer[i] == 0 )
{
/* Replace. */
if (j == 8)
{
/* Need to get more random. */
gcry_randomize (buffer+32, 8, GCRY_STRONG_RANDOM);
j = 0;
}
buffer[i] = buffer[32+j];
j++;
}
}
/* Store the key. */
append_tuple (mb, KEYBLOB_TAG_ENCKEY, buffer, 32);
/* Free the temporary buffer. */
wipememory (buffer, 32+8); /* A failsafe extra wiping. */
xfree (buffer);
return 0;
}
static int
wrap_gcry_rnd (void *ctx, int level, void *data, size_t datasize)
{
if (level == GNUTLS_RND_NONCE)
gcry_create_nonce (data, datasize);
else
gcry_randomize (data, datasize, level);
return 0;
}
static int
wrap_gcry_rnd_init (void **ctx)
{
char c;
gcry_create_nonce (&c, 1);
gcry_randomize (&c, 1, GCRY_STRONG_RANDOM);
return 0;
}
int ssh_get_random(void *where, int len, int strong)
{
/* variable not used in gcrypt */
(void) strong;
/* not using GCRY_VERY_STRONG_RANDOM which is a bit overkill */
gcry_randomize(where,len,GCRY_STRONG_RANDOM);
return 1;
}
static int
xmlSecGCryptKWDes3GenerateRandom(void * context,
xmlSecByte * out, xmlSecSize outSize) {
xmlSecGCryptKWDes3CtxPtr ctx = (xmlSecGCryptKWDes3CtxPtr)context;
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(out != NULL, -1);
xmlSecAssert2(outSize > 0, -1);
gcry_randomize(out, outSize, GCRY_STRONG_RANDOM);
return((int)outSize);
}
void Curl_gtls_random(struct SessionHandle *data,
unsigned char *entropy,
size_t length)
{
#if defined(USE_GNUTLS_NETTLE)
(void)data;
gnutls_rnd(GNUTLS_RND_RANDOM, entropy, length);
#elif defined(USE_GNUTLS)
Curl_gtls_seed(data); /* Initiate the seed if not already done */
gcry_randomize(entropy, length, GCRY_STRONG_RANDOM);
#endif
}
static void
random_bench (void)
{
char buf[128];
int i;
printf ("%-10s", "random");
start_timer ();
for (i=0; i < 100; i++)
gcry_randomize (buf, sizeof buf, GCRY_STRONG_RANDOM);
stop_timer ();
printf (" %s", elapsed_time ());
start_timer ();
for (i=0; i < 100; i++)
gcry_randomize (buf, 8, GCRY_STRONG_RANDOM);
stop_timer ();
printf (" %s", elapsed_time ());
putchar ('\n');
}
int
ipmi_get_random (void *buf, unsigned int buflen)
{
#if (HAVE_DEVURANDOM || HAVE_DEVRANDOM)
int fd, rv;
#endif /* !(HAVE_DEVURANDOM || HAVE_DEVRANDOM) */
if (!buf)
{
SET_ERRNO (EINVAL);
return (-1);
}
if (!buflen)
return (0);
#if (HAVE_DEVURANDOM || HAVE_DEVRANDOM)
#if HAVE_DEVURANDOM
if ((fd = open ("/dev/urandom", O_RDONLY)) < 0)
goto gcrypt_rand;
#else /* !HAVE_DEVURANDOM */
if ((fd = open ("/dev/random", O_RDONLY)) < 0)
goto gcrypt_rand;
#endif /* !HAVE_DEVURANDOM */
if ((rv = read (fd, buf, buflen)) < buflen)
{
close (fd);
goto gcrypt_rand;
}
/* ignore potential error, cleanup path */
close (fd);
return (rv);
#endif /* !(HAVE_DEVURANDOM || HAVE_DEVRANDOM) */
gcrypt_rand:
/* achu: nothing to do with encryption, but the gcrypt lib isn't loaded
* hopefully the user has /dev/random or /dev/urandom.
*/
#ifdef WITH_ENCRYPTION
gcry_randomize ((unsigned char *)buf, buflen, GCRY_STRONG_RANDOM);
return (buflen);
#else /* !WITH_ENCRYPTION */
SET_ERRNO (EPERM);
return (-1);
#endif /* !WITH_ENCRYPTION */
}
/**
* Produce a random unsigned 32-bit number modulo @a i.
*
* @param mode desired quality of the random number
* @param i the upper limit (exclusive) for the random number
* @return a random value in the interval [0,i[.
*/
uint32_t
GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode,
uint32_t i)
{
#ifdef gcry_fast_random_poll
static unsigned int invokeCount;
#endif
uint32_t ret;
uint32_t ul;
GNUNET_assert (i > 0);
switch (mode)
{
case GNUNET_CRYPTO_QUALITY_STRONG:
/* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
#ifdef gcry_fast_random_poll
if ((invokeCount++ % 256) == 0)
gcry_fast_random_poll ();
#endif
ul = UINT32_MAX - (UINT32_MAX % i);
do
{
gcry_randomize ((unsigned char *) &ret, sizeof (uint32_t),
GCRY_STRONG_RANDOM);
}
while (ret >= ul);
return ret % i;
case GNUNET_CRYPTO_QUALITY_NONCE:
ul = UINT32_MAX - (UINT32_MAX % i);
do
{
gcry_create_nonce (&ret, sizeof (ret));
}
while (ret >= ul);
return ret % i;
case GNUNET_CRYPTO_QUALITY_WEAK:
ret = i * get_weak_random ();
if (ret >= i)
ret = i - 1;
return ret;
default:
GNUNET_assert (0);
}
return 0;
}
void nuts_msg_kex_init_prepare(struct nuts_kex_init *msg) {
if (msg == NULL) {
return;
}
gcry_randomize(msg->cookie, sizeof(msg->cookie), GCRY_STRONG_RANDOM);
nuts_namelist_init(&msg->kex_algorithms);
nuts_namelist_init(&msg->server_host_key_algorithms);
nuts_namelist_init(&msg->encryption_algorithms[NUTS_READ]);
nuts_namelist_init(&msg->encryption_algorithms[NUTS_WRITE]);
nuts_namelist_init(&msg->mac_algorithms[NUTS_READ]);
nuts_namelist_init(&msg->mac_algorithms[NUTS_WRITE]);
nuts_namelist_init(&msg->compression_algorithms[NUTS_READ]);
nuts_namelist_init(&msg->compression_algorithms[NUTS_WRITE]);
nuts_namelist_init(&msg->languages[NUTS_READ]);
nuts_namelist_init(&msg->languages[NUTS_WRITE]);
msg->first_kex_packet_follows = 0;
}
void
rng_init(struct rng_ctx *ctx)
{
int32_t val;
int i;
gcry_randomize(&ctx->seed, sizeof(ctx->seed), GCRY_STRONG_RANDOM);
/* Load the shuffle array - first 8 iterations discarded */
for (i = sizeof(ctx->iv) / sizeof(ctx->iv[0]) + 7; i >= 0; i--)
{
val = rng_rand_internal(&ctx->seed);
if (i < sizeof(ctx->iv) / sizeof(ctx->iv[0]))
ctx->iv[i] = val;
}
ctx->iy = ctx->iv[0];
}
void Password_random(Password *password, uint length)
{
#ifdef HAVE_GCRYPT
#else /* not HAVE_GCRYPT */
int z;
#endif /* HAVE_GCRYPT */
assert(password != NULL);
password->length = MIN(length,MAX_PASSWORD_LENGTH);
#ifdef HAVE_GCRYPT
gcry_randomize((unsigned char*)password->data,password->length,GCRY_STRONG_RANDOM);
#else /* not HAVE_GCRYPT */
srandom((unsigned int)time(NULL));
for (z = 0; z < password->length; z++)
{
password->data[z] = (char)(random()%256)^obfuscator[z];
}
#endif /* HAVE_GCRYPT */
}
int ssh_get_random(void *where, int len, int strong){
#ifdef HAVE_LIBGCRYPT
/* variable not used in gcrypt */
(void) strong;
/* not using GCRY_VERY_STRONG_RANDOM which is a bit overkill */
gcry_randomize(where,len,GCRY_STRONG_RANDOM);
return 1;
#elif defined HAVE_LIBCRYPTO
if (strong) {
return RAND_bytes(where,len);
} else {
return RAND_pseudo_bytes(where,len);
}
#endif
/* never reached */
return 1;
}
/*
* crypt_generate_random_bytes() - Generate random number bytes
* return: error code or NO_ERROR
* thread_p(in): thread context
* dest(out): the generated bytes
* length(in): the length of bytes to generate
* Note:
*/
int
crypt_generate_random_bytes (THREAD_ENTRY * thread_p, char *dest, int length)
{
int error_status = NO_ERROR;
assert (dest != NULL);
if (thread_p == NULL)
{
thread_p = thread_get_thread_entry_info ();
}
if (init_gcrypt () != NO_ERROR)
{
return ER_ENCRYPTION_LIB_FAILED;
}
gcry_randomize (dest, length, GCRY_STRONG_RANDOM);
return error_status;
}
