diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-05-08 12:49:55 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-05-08 12:49:55 +0000 |
commit | ac011a17fd076e97c4f54cab93038d0f6be35f26 (patch) | |
tree | 4ca34c5336b10fa529b9eb245117e44eb40de633 /libextra | |
parent | 64d925dc6569f00ab8eeba329eb28b9daf8d05be (diff) | |
download | gnutls-ac011a17fd076e97c4f54cab93038d0f6be35f26.tar.gz |
Fixed some things in the random number usage. Weak levels are used
where possible to avoid emptying the strong random pool.
Diffstat (limited to 'libextra')
-rw-r--r-- | libextra/auth_srp_passwd.c | 2 | ||||
-rw-r--r-- | libextra/gnutls_openpgp.c | 2 | ||||
-rw-r--r-- | libextra/gnutls_srp.c | 40 |
3 files changed, 7 insertions, 37 deletions
diff --git a/libextra/auth_srp_passwd.c b/libextra/auth_srp_passwd.c index 7fec38df15..6b71962cfe 100644 --- a/libextra/auth_srp_passwd.c +++ b/libextra/auth_srp_passwd.c @@ -362,7 +362,7 @@ unsigned char rnd; return GNUTLS_E_MEMORY_ERROR; } - _gnutls_get_random( entry->v.data, 20, GNUTLS_STRONG_RANDOM); + _gnutls_get_random( entry->v.data, 20, GNUTLS_WEAK_RANDOM); entry->salt.data = gnutls_malloc( entry->salt.size); if (entry->salt.data==NULL) { diff --git a/libextra/gnutls_openpgp.c b/libextra/gnutls_openpgp.c index e510fbda72..d3661e37ba 100644 --- a/libextra/gnutls_openpgp.c +++ b/libextra/gnutls_openpgp.c @@ -1137,7 +1137,7 @@ int gnutls_certificate_set_openpgp_key(gnutls_certificate_credentials res, res->ncerts++; - /* FIXME: Check if they match. + /* FIXME: Check if the keys match. */ return 0; diff --git a/libextra/gnutls_srp.c b/libextra/gnutls_srp.c index 7c90693fb1..3639eb409b 100644 --- a/libextra/gnutls_srp.c +++ b/libextra/gnutls_srp.c @@ -86,7 +86,7 @@ GNUTLS_MPI _gnutls_calc_srp_B(GNUTLS_MPI * ret_b, GNUTLS_MPI g, GNUTLS_MPI n, GN /* calculate: B = (3v + g^b) % N */ bits = _gnutls_mpi_get_nbits(n); - b = _gnutls_mpi_new(bits); /* FIXME: allocate in secure memory */ + b = _gnutls_mpi_snew(bits); if (b==NULL) { gnutls_assert(); return NULL; @@ -101,7 +101,7 @@ GNUTLS_MPI _gnutls_calc_srp_B(GNUTLS_MPI * ret_b, GNUTLS_MPI g, GNUTLS_MPI n, GN _gnutls_mpi_randomize(b, bits, GCRY_STRONG_RANDOM); - tmpB = _gnutls_mpi_new(bits); /* FIXME: allocate in secure memory */ + tmpB = _gnutls_mpi_snew(bits); if (tmpB==NULL) { gnutls_assert(); _gnutls_mpi_release( &b); @@ -109,7 +109,7 @@ GNUTLS_MPI _gnutls_calc_srp_B(GNUTLS_MPI * ret_b, GNUTLS_MPI g, GNUTLS_MPI n, GN return NULL; } - B = _gnutls_mpi_new(bits); /* FIXME: allocate in secure memory */ + B = _gnutls_mpi_snew(bits); if (tmpB==NULL) { gnutls_assert(); _gnutls_mpi_release( &b); @@ -220,7 +220,7 @@ GNUTLS_MPI _gnutls_calc_srp_A(GNUTLS_MPI * a, GNUTLS_MPI g, GNUTLS_MPI n) int bits; bits = _gnutls_mpi_get_nbits(n); - tmpa = _gnutls_mpi_new(bits); /* FIXME: allocate in secure memory */ + tmpa = _gnutls_mpi_snew(bits); if (tmpa==NULL) { gnutls_assert(); return NULL; @@ -228,7 +228,7 @@ GNUTLS_MPI _gnutls_calc_srp_A(GNUTLS_MPI * a, GNUTLS_MPI g, GNUTLS_MPI n) _gnutls_mpi_randomize(tmpa, bits, GCRY_STRONG_RANDOM); - A = _gnutls_mpi_new(bits); /* FIXME: allocate in secure memory */ + A = _gnutls_mpi_snew(bits); if (A==NULL) { gnutls_assert(); _gnutls_mpi_release( &tmpa); @@ -641,34 +641,4 @@ opaque digest[20]; return 0; } -/* FIXME: Functions for backwards compatibility - */ - -void gnutls_srp_free_client_cred( gnutls_srp_client_credentials sc) { - gnutls_srp_free_client_credentials( sc); -} - -void gnutls_srp_free_server_cred( gnutls_srp_server_credentials sc) { - gnutls_srp_free_server_credentials( sc); -} - -int gnutls_srp_allocate_client_cred( gnutls_srp_client_credentials *sc) { - return gnutls_srp_allocate_client_credentials( sc); -} - -int gnutls_srp_allocate_server_cred( gnutls_srp_server_credentials *sc) -{ - return gnutls_srp_allocate_server_credentials( sc); -} - -int gnutls_srp_set_server_cred_file( gnutls_srp_server_credentials res, char *password_file, char * password_conf_file) -{ - return gnutls_srp_set_server_credentials_file( res, password_file, password_conf_file); -} - -int gnutls_srp_set_client_cred( gnutls_srp_client_credentials res, char *username, char * password) -{ - return gnutls_srp_set_client_credentials( res, username, password); -} - #endif /* ENABLE_SRP */ |