summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/auth_srp_passwd.c18
-rw-r--r--lib/gnutls_cipher.c14
-rw-r--r--lib/gnutls_handshake.c14
-rw-r--r--lib/gnutls_pk.c8
4 files changed, 29 insertions, 25 deletions
diff --git a/lib/auth_srp_passwd.c b/lib/auth_srp_passwd.c
index d4386f5caf..7cdf5bd582 100644
--- a/lib/auth_srp_passwd.c
+++ b/lib/auth_srp_passwd.c
@@ -40,6 +40,7 @@
#include <gnutls_str.h>
#include <gnutls_datum.h>
#include <gnutls_num.h>
+#include <gc.h>
static int _randomize_pwd_entry(SRP_PWD_ENTRY * entry);
@@ -361,7 +362,10 @@ static int _randomize_pwd_entry(SRP_PWD_ENTRY * entry)
return GNUTLS_E_INTERNAL_ERROR;
}
- _gnutls_get_random(&rnd, 1, GNUTLS_WEAK_RANDOM);
+ if (gc_nonce (&rnd, 1) != GC_OK) {
+ gnutls_assert();
+ return GNUTLS_E_RANDOM_FAILED;
+ }
entry->salt.size = (rnd % 10) + 9;
entry->v.data = gnutls_malloc(20);
@@ -371,7 +375,10 @@ static int _randomize_pwd_entry(SRP_PWD_ENTRY * entry)
return GNUTLS_E_MEMORY_ERROR;
}
- _gnutls_get_random(entry->v.data, 20, GNUTLS_WEAK_RANDOM);
+ if (gc_nonce (entry->v.data, 20) != GC_OK) {
+ gnutls_assert();
+ return GNUTLS_E_RANDOM_FAILED;
+ }
entry->salt.data = gnutls_malloc(entry->salt.size);
if (entry->salt.data == NULL) {
@@ -379,10 +386,9 @@ static int _randomize_pwd_entry(SRP_PWD_ENTRY * entry)
return GNUTLS_E_MEMORY_ERROR;
}
- if (_gnutls_get_random
- (entry->salt.data, entry->salt.size, GNUTLS_WEAK_RANDOM) < 0) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ if (gc_nonce (entry->salt.data, entry->salt.size) != GC_OK) {
+ gnutls_assert();
+ return GNUTLS_E_RANDOM_FAILED;
}
return 0;
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index 42a14909eb..2cf9144871 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -40,6 +40,7 @@
#include "gnutls_kx.h"
#include "gnutls_record.h"
#include "gnutls_constate.h"
+#include <gc.h>
inline static int is_write_comp_null(gnutls_session_t session)
{
@@ -215,9 +216,9 @@ calc_enc_length(gnutls_session_t session, int data_size,
break;
case CIPHER_BLOCK:
- if (_gnutls_get_random(&rnd, 1, GNUTLS_WEAK_RANDOM) < 0) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ if (gc_nonce (&rnd, 1) != GC_OK) {
+ gnutls_assert();
+ return GNUTLS_E_RANDOM_FAILED;
}
/* make rnd a multiple of blocksize */
@@ -337,10 +338,9 @@ int _gnutls_compressed2ciphertext(gnutls_session_t session,
session->security_parameters.version >= GNUTLS_TLS1_1) {
/* copy the random IV.
*/
- if (_gnutls_get_random(data_ptr, blocksize, GNUTLS_WEAK_RANDOM) <
- 0) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ if (gc_nonce (data_ptr, blocksize) != GC_OK) {
+ gnutls_assert();
+ return GNUTLS_E_RANDOM_FAILED;
}
data_ptr += blocksize;
}
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index e1a9a357b4..4ce7e78d9a 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -50,6 +50,7 @@
#include <ext_srp.h>
#include <gnutls_rsa_export.h> /* for gnutls_get_rsa_params() */
#include <auth_anon.h> /* for gnutls_anon_server_credentials_t */
+#include <gc.h>
#ifdef HANDSHAKE_DEBUG
#define ERR(x, y) _gnutls_handshake_log( "HSK[%x]: %s (%d)\n", session, x,y)
@@ -239,10 +240,9 @@ int _gnutls_tls_create_random(opaque * dst)
/* generate server random value */
_gnutls_write_uint32(tim, dst);
- if (_gnutls_get_random
- (&dst[4], TLS_RANDOM_SIZE - 4, GNUTLS_WEAK_RANDOM) < 0) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ if (gc_nonce (&dst[4], TLS_RANDOM_SIZE - 4) != GC_OK) {
+ gnutls_assert();
+ return GNUTLS_E_RANDOM_FAILED;
}
return 0;
@@ -2352,9 +2352,9 @@ int _gnutls_generate_session_id(opaque * session_id, uint8 * len)
{
*len = TLS_MAX_SESSION_ID_SIZE;
- if (_gnutls_get_random(session_id, *len, GNUTLS_WEAK_RANDOM) < 0) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ if (gc_nonce (session_id, *len) != GC_OK) {
+ gnutls_assert();
+ return GNUTLS_E_RANDOM_FAILED;
}
return 0;
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index 9f2183cefd..785bb9e84c 100644
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -37,6 +37,7 @@
#include "debug.h"
#include <x509/mpi.h>
#include <x509/common.h>
+#include <gc.h>
static int _gnutls_pk_encrypt(int algo, mpi_t * resarr, mpi_t data,
mpi_t * pkey, int pkey_len);
@@ -96,17 +97,14 @@ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum_t * ciphertext,
return GNUTLS_E_INTERNAL_ERROR;
}
- if ((ret =
- _gnutls_get_random(ps, psize, GNUTLS_STRONG_RANDOM)) < 0) {
+ if ((ret = gc_pseudo_random (ps, psize)) != GC_OK) {
gnutls_assert();
gnutls_afree(edata);
return ret;
}
for (i = 0; i < psize; i++)
while (ps[i] == 0) {
- if ((ret =
- _gnutls_get_random(&ps[i], 1,
- GNUTLS_STRONG_RANDOM)) < 0) {
+ if ((ret = gc_pseudo_random (&ps[i], 1)) != GC_OK) {
gnutls_assert();
gnutls_afree(edata);
return ret;
View Lorry Controller Status