Use cryptographically secure random number generator.

drieseng · drieseng · commit f1f273cf3495 · 2022-05-29T14:40:59.000+02:00
Fixes CVE-2022-29245.
diff --git a/src/Renci.SshNet/Properties/CommonAssemblyInfo.cs b/src/Renci.SshNet/Properties/CommonAssemblyInfo.cs
@@ -5,13 +5,13 @@
 [assembly: AssemblyDescription("SSH.NET is a Secure Shell (SSH) library for .NET, optimized for parallelism.")]
 [assembly: AssemblyCompany("Renci")]
 [assembly: AssemblyProduct("SSH.NET")]
-[assembly: AssemblyCopyright("Copyright � Renci 2010-2021")]
+[assembly: AssemblyCopyright("Copyright � Renci 2010-2022")]
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
 
-[assembly: AssemblyVersion("2020.0.1")]
-[assembly: AssemblyFileVersion("2020.0.1")]
-[assembly: AssemblyInformationalVersion("2020.0.1")]
+[assembly: AssemblyVersion("2020.0.2")]
+[assembly: AssemblyFileVersion("2020.0.2")]
+[assembly: AssemblyInformationalVersion("2020.0.2")]
 [assembly: CLSCompliant(false)]
 
 // Setting ComVisible to false makes the types in this assembly not visible 
diff --git a/src/Renci.SshNet/Security/KeyExchangeECCurve25519.cs b/src/Renci.SshNet/Security/KeyExchangeECCurve25519.cs
@@ -46,9 +46,7 @@ public override void Start(Session session, KeyExchangeInitMessage message)
             var basepoint = new byte[MontgomeryCurve25519.PublicKeySizeInBytes];
             basepoint[0] = 9;
 
-            var rnd = new Random();
-            _privateKey = new byte[MontgomeryCurve25519.PrivateKeySizeInBytes];
-            rnd.NextBytes(_privateKey);
+            _privateKey = CryptoAbstraction.GenerateRandom(MontgomeryCurve25519.PrivateKeySizeInBytes);
 
             _clientExchangeValue = new byte[MontgomeryCurve25519.PublicKeySizeInBytes];
             MontgomeryOperations.scalarmult(_clientExchangeValue, 0, _privateKey, 0, basepoint, 0);
