Fixed some things in the random number usage. Weak levels are used

where possible to avoid emptying the strong random pool.

3 files changed, 7 insertions, 37 deletions

diff --git a/libextra/auth_srp_passwd.c b/libextra/auth_srp_passwd.c
index 7fec38df15..6b71962cfe 100644
--- a/libextra/auth_srp_passwd.c
+++ b/libextra/auth_srp_passwd.c
@@ -362,7 +362,7 @@ unsigned char rnd;
 		return GNUTLS_E_MEMORY_ERROR;
 	}
 
-	_gnutls_get_random( entry->v.data, 20, GNUTLS_STRONG_RANDOM);
+	_gnutls_get_random( entry->v.data, 20, GNUTLS_WEAK_RANDOM);
 
 	entry->salt.data = gnutls_malloc( entry->salt.size);
 	if (entry->salt.data==NULL) {
diff --git a/libextra/gnutls_openpgp.c b/libextra/gnutls_openpgp.c
index e510fbda72..d3661e37ba 100644
--- a/libextra/gnutls_openpgp.c
+++ b/libextra/gnutls_openpgp.c
@@ -1137,7 +1137,7 @@ int gnutls_certificate_set_openpgp_key(gnutls_certificate_credentials res,
 
 	res->ncerts++;
 	
-	/* FIXME: Check if they match.
+	/* FIXME: Check if the keys match.
 	 */
 
 	return 0;
diff --git a/libextra/gnutls_srp.c b/libextra/gnutls_srp.c
index 7c90693fb1..3639eb409b 100644
--- a/libextra/gnutls_srp.c
+++ b/libextra/gnutls_srp.c
@@ -86,7 +86,7 @@ GNUTLS_MPI _gnutls_calc_srp_B(GNUTLS_MPI * ret_b, GNUTLS_MPI g, GNUTLS_MPI n, GN
 	/* calculate:  B = (3v + g^b) % N 
 	 */
 	bits = _gnutls_mpi_get_nbits(n);
-	b = _gnutls_mpi_new(bits);	/* FIXME: allocate in secure memory */
+	b = _gnutls_mpi_snew(bits);
 	if (b==NULL) {
 		gnutls_assert();
 		return NULL;
@@ -101,7 +101,7 @@ GNUTLS_MPI _gnutls_calc_srp_B(GNUTLS_MPI * ret_b, GNUTLS_MPI g, GNUTLS_MPI n, GN
 	
 	_gnutls_mpi_randomize(b, bits, GCRY_STRONG_RANDOM);
 
-	tmpB = _gnutls_mpi_new(bits);	/* FIXME: allocate in secure memory */
+	tmpB = _gnutls_mpi_snew(bits);
 	if (tmpB==NULL) {
 		gnutls_assert();
 		_gnutls_mpi_release( &b);
@@ -109,7 +109,7 @@ GNUTLS_MPI _gnutls_calc_srp_B(GNUTLS_MPI * ret_b, GNUTLS_MPI g, GNUTLS_MPI n, GN
 		return NULL;
 	}
 
-	B = _gnutls_mpi_new(bits);	/* FIXME: allocate in secure memory */
+	B = _gnutls_mpi_snew(bits);
 	if (tmpB==NULL) {
 		gnutls_assert();
 		_gnutls_mpi_release( &b);
@@ -220,7 +220,7 @@ GNUTLS_MPI _gnutls_calc_srp_A(GNUTLS_MPI * a, GNUTLS_MPI g, GNUTLS_MPI n)
 	int bits;
 
 	bits = _gnutls_mpi_get_nbits(n);
-	tmpa = _gnutls_mpi_new(bits);	/* FIXME: allocate in secure memory */
+	tmpa = _gnutls_mpi_snew(bits);
 	if (tmpa==NULL) {
 		gnutls_assert();
 		return NULL;
@@ -228,7 +228,7 @@ GNUTLS_MPI _gnutls_calc_srp_A(GNUTLS_MPI * a, GNUTLS_MPI g, GNUTLS_MPI n)
 	
 	_gnutls_mpi_randomize(tmpa, bits, GCRY_STRONG_RANDOM);
 
-	A = _gnutls_mpi_new(bits);	/* FIXME: allocate in secure memory */
+	A = _gnutls_mpi_snew(bits);
 	if (A==NULL) {
 		gnutls_assert();
 		_gnutls_mpi_release( &tmpa);
@@ -641,34 +641,4 @@ opaque digest[20];
 	return 0;
 }
 
-/* FIXME: Functions for backwards compatibility 
- */
-
-void gnutls_srp_free_client_cred( gnutls_srp_client_credentials sc) {
-	gnutls_srp_free_client_credentials( sc);
-}
-
-void gnutls_srp_free_server_cred( gnutls_srp_server_credentials sc) {
-	gnutls_srp_free_server_credentials( sc);
-}
-
-int gnutls_srp_allocate_client_cred( gnutls_srp_client_credentials *sc) {
-	return gnutls_srp_allocate_client_credentials( sc);
-}
-
-int gnutls_srp_allocate_server_cred( gnutls_srp_server_credentials *sc) 
-{
-	return gnutls_srp_allocate_server_credentials( sc);
-}
-
-int gnutls_srp_set_server_cred_file( gnutls_srp_server_credentials res, char *password_file, char * password_conf_file) 
-{
-	return gnutls_srp_set_server_credentials_file( res, password_file, password_conf_file);
-}
-
-int gnutls_srp_set_client_cred( gnutls_srp_client_credentials res, char *username, char * password) 
-{
-	return gnutls_srp_set_client_credentials( res, username, password);
-}
-
 #endif /* ENABLE_SRP */