diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-11 21:00:29 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-11 21:00:29 +0000 |
commit | 43ca2890ff0d043a4343cb277c534d9711a642b5 (patch) | |
tree | 8324655ed8fed4c93b125305adcda21920bc6b06 | |
parent | cc01e539a47a78bb43e341a922cf2583f18aa692 (diff) | |
download | gnutls-43ca2890ff0d043a4343cb277c534d9711a642b5.tar.gz |
Patch by Werner Koch:
* configure.in: Check for gcry_create_nonce.
* lib/gnutls_random.c (_gnutls_get_random): Ditto.
* src/crypt.c (_srp_crypt): Use gcry_create_nonce if available.
Also removed some unneeded code in random.c.
-rw-r--r-- | configure.in | 9 | ||||
-rw-r--r-- | lib/gnutls_random.c | 27 | ||||
-rw-r--r-- | src/crypt.c | 9 |
3 files changed, 23 insertions, 22 deletions
diff --git a/configure.in b/configure.in index 352a00fc36..fa14cc0351 100644 --- a/configure.in +++ b/configure.in @@ -246,6 +246,15 @@ AM_PATH_LIBGCRYPT($GNUTLS_GCRYPT_VERSION,, dnl Can't disable - gnutls depends on gcrypt AC_DEFINE(USE_GCRYPT, 1, [use gcrypt]) +# Since libgcrypt 1.1.90 we have a new function to create nonces etc. +# it is useful to use this one instead of the the standard random +# functions. As a temporary solution we check for that function and +# don't require an unrelease libgcrypt. This should be changed after +# libgcrypt 1.2 has been released. +save_LIBS="$LIBS" +LIBS="$LIBS $LIBGCRYPT_LIBS" +AC_CHECK_FUNCS(gcry_create_nonce) +LIBS="$save_LIBS" AC_MSG_CHECKING([whether to disable SRP authentication support]) diff --git a/lib/gnutls_random.c b/lib/gnutls_random.c index b80639ca1e..2937342bb4 100644 --- a/lib/gnutls_random.c +++ b/lib/gnutls_random.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2001 Nikos Mavroyanopoulos + * Copyright (C) 2001,2003 Nikos Mavroyanopoulos * * This file is part of GNUTLS. * @@ -39,27 +39,14 @@ */ int _gnutls_get_random(opaque * res, int bytes, int level) { -#ifndef USE_GCRYPT - int fd; - char *device; - - device = "/dev/urandom"; - - fd = open(device, O_RDONLY); - if (fd < 0) { - _gnutls_log( "Could not open random device\n"); - return GNUTLS_E_FILE_ERROR; - } else { - ssize_t err = read(fd, res, bytes); - /* IMPLEMENTME: handle EINTR etc. nicely! */ - close(fd); - if ( (err < 0) || (err < bytes) ) return GNUTLS_E_FILE_ERROR; +#ifdef HAVE_GCRY_CREATE_NONCE + if (level == GNUTLS_WEAK_RANDOM) { + gcry_create_nonce( res, bytes); + return 0; } - return 0; -#else /* using gcrypt */ +#endif + gcry_randomize( res, bytes, level); return 0; -#endif - } diff --git a/src/crypt.c b/src/crypt.c index 34b745e2ea..acd77d77cb 100644 --- a/src/crypt.c +++ b/src/crypt.c @@ -524,8 +524,13 @@ gnutls_datum verifier, txt_verifier; if ((unsigned)salt_size > sizeof(salt)) return NULL; - /* generate the salt */ - gcry_randomize( salt, salt_size, GCRY_WEAK_RANDOM); + /* generate the salt + */ +#ifdef HAVE_GCRY_CREATE_NONCE + gcry_create_nonce( salt, salt_size); +#else + gcry_randomize( salt, salt_size, GCRY_WEAK_RANDOM); +#endif dat_salt.data = salt; dat_salt.size = salt_size; |