Added interface to register random generators.

author: Nikos <nmav@crystal.(none)> 2008-03-29 12:01:27 +0200
committer: Nikos <nmav@crystal.(none)> 2008-03-29 12:01:27 +0200
commit: 0b37eef0f6b6626d5e4b5936bbc6f012416ef61a (patch)
tree: 040f519310dab705ecb523f7553e5a7902b646fb /lib
parent: c54d8ce49564b19b2a39995cf8b12cc41ebd9097 (diff)
download: gnutls-0b37eef0f6b6626d5e4b5936bbc6f012416ef61a.tar.gz
14 files changed, 260 insertions, 53 deletions
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 96691bdbfb..21411415e2 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -85,7 +85,7 @@ COBJECTS = gnutls_record.c gnutls_compress.c debug.c gnutls_cipher.c	\
 	gnutls_x509.c ext_cert_type.c gnutls_rsa_export.c		\
 	auth_rsa_export.c ext_server_name.c auth_dh_common.c		\
 	gnutls_helper.c ext_inner_application.c \
-	gnutls_supplemental.c crypto.c
+	gnutls_supplemental.c crypto.c random.c
 
 if ENABLE_OPRFI
 COBJECTS += $(OPRFI_COBJECTS)
@@ -106,7 +106,7 @@ HFILES = debug.h gnutls_compress.h defines.h gnutls_cipher.h		\
 	ext_srp.h gnutls_srp.h auth_srp.h auth_srp_passwd.h		\
 	gnutls_helper.h auth_psk.h auth_psk_passwd.h			\
 	ext_inner_application.h gnutls_supplemental.h ext_oprfi.h       \
-	crypto.h
+	crypto.h random.h
 
 # Separate so we can create the documentation
 
diff --git a/lib/auth_psk_passwd.c b/lib/auth_psk_passwd.c
index 82d1a9b635..0c3281d3e1 100644
--- a/lib/auth_psk_passwd.c
+++ b/lib/auth_psk_passwd.c
@@ -38,6 +38,7 @@
 #include <gnutls_str.h>
 #include <gnutls_datum.h>
 #include <gnutls_num.h>
+#include <random.h>
 
 
 /* this function parses passwd.psk file. Format is:
@@ -97,6 +98,8 @@ pwd_put_values (gnutls_datum_t * psk, char *str)
 static int
 _randomize_psk (gnutls_datum_t * psk)
 {
+  int ret;
+  
   psk->data = gnutls_malloc (16);
   if (psk->data == NULL)
     {
@@ -105,12 +108,14 @@ _randomize_psk (gnutls_datum_t * psk)
     }
 
   psk->size = 16;
-  if (gc_nonce ((char *) psk->data, 16) != GC_OK)
+  
+  ret = _gnutls_rnd (RND_NONCE, (char *) psk->data, 16);
+  if ( ret < 0)
     {
-      gnutls_assert ();
-      return GNUTLS_E_RANDOM_FAILED;
+      gnutls_assert();
+      return ret;
     }
-
+    
   return 0;
 }
 
diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c
index 59d12e465a..d4f34a000d 100644
--- a/lib/auth_rsa.c
+++ b/lib/auth_rsa.c
@@ -40,7 +40,7 @@
 #include "debug.h"
 #include <gnutls_sig.h>
 #include <gnutls_x509.h>
-#include <gc.h>
+#include <random.h>
 
 int _gnutls_gen_rsa_client_kx (gnutls_session_t, opaque **);
 int _gnutls_proc_rsa_client_kx (gnutls_session_t, opaque *, size_t);
@@ -290,10 +290,11 @@ _gnutls_proc_rsa_client_kx (gnutls_session_t session, opaque * data,
 
       /* we do not need strong random numbers here.
        */
-      if (gc_nonce (session->key->key.data, session->key->key.size) != GC_OK)
+      ret = _gnutls_rnd (RND_NONCE, session->key->key.data, session->key->key.size);
+      if (ret < 0)
 	{
 	  gnutls_assert ();
-	  return GNUTLS_E_RANDOM_FAILED;
+	  return ret;
 	}
 
     }
@@ -344,11 +345,11 @@ _gnutls_gen_rsa_client_kx (gnutls_session_t session, opaque ** data)
       return GNUTLS_E_MEMORY_ERROR;
     }
 
-  if (gc_pseudo_random (session->key->key.data,
-			session->key->key.size) != GC_OK)
+  ret = _gnutls_rnd( RND_RANDOM, session->key->key.data, session->key->key.size);
+  if ( ret < 0)
     {
       gnutls_assert ();
-      return GNUTLS_E_RANDOM_FAILED;
+      return ret;
     }
 
   ver = _gnutls_get_adv_version (session);
diff --git a/lib/auth_srp_passwd.c b/lib/auth_srp_passwd.c
index 45909fdd86..8f098315d3 100644
--- a/lib/auth_srp_passwd.c
+++ b/lib/auth_srp_passwd.c
@@ -39,7 +39,7 @@
 #include <gnutls_str.h>
 #include <gnutls_datum.h>
 #include <gnutls_num.h>
-#include <gc.h>
+#include <random.h>
 
 static int _randomize_pwd_entry (SRP_PWD_ENTRY * entry);
 
@@ -397,6 +397,7 @@ static int
 _randomize_pwd_entry (SRP_PWD_ENTRY * entry)
 {
   unsigned char rnd;
+  int ret;
 
   if (entry->g.size == 0 || entry->n.size == 0)
     {
@@ -404,11 +405,13 @@ _randomize_pwd_entry (SRP_PWD_ENTRY * entry)
       return GNUTLS_E_INTERNAL_ERROR;
     }
 
-  if (gc_nonce (&rnd, 1) != GC_OK)
+  ret = _gnutls_rnd (RND_NONCE, &rnd, 1);
+  if (ret < 0)
     {
       gnutls_assert ();
-      return GNUTLS_E_RANDOM_FAILED;
+      return ret;
     }
+
   entry->salt.size = (rnd % 10) + 9;
 
   entry->v.data = gnutls_malloc (20);
@@ -419,10 +422,11 @@ _randomize_pwd_entry (SRP_PWD_ENTRY * entry)
       return GNUTLS_E_MEMORY_ERROR;
     }
 
-  if (gc_nonce (entry->v.data, 20) != GC_OK)
+  ret = _gnutls_rnd (RND_RANDOM, entry->v.data, 20);
+  if ( ret < 0)
     {
       gnutls_assert ();
-      return GNUTLS_E_RANDOM_FAILED;
+      return ret;
     }
 
   entry->salt.data = gnutls_malloc (entry->salt.size);
@@ -432,12 +436,13 @@ _randomize_pwd_entry (SRP_PWD_ENTRY * entry)
       return GNUTLS_E_MEMORY_ERROR;
     }
 
-  if (gc_nonce (entry->salt.data, entry->salt.size) != GC_OK)
+  ret = _gnutls_rnd (RND_NONCE, entry->salt.data, entry->salt.size);
+  if (ret < 0)
     {
-      gnutls_assert ();
-      return GNUTLS_E_RANDOM_FAILED;
+      gnutls_assert();
+      return ret;
     }
-
+    
   return 0;
 }
 
diff --git a/lib/crypto.c b/lib/crypto.c
index fda2263699..830623157f 100644
--- a/lib/crypto.c
+++ b/lib/crypto.c
@@ -37,6 +37,7 @@ typedef struct algo_list {
 #define cipher_list algo_list
 #define mac_list algo_list
 #define digest_list algo_list
+#define rnd_list algo_list
 
 static int _algo_register( algo_list* al, int algorithm, int priority, void* s)
 {
@@ -101,8 +102,24 @@ cipher_list* cl;
 static cipher_list glob_cl = { GNUTLS_CIPHER_NULL, 0, NULL, NULL };
 static mac_list glob_ml = { GNUTLS_MAC_NULL, 0, NULL, NULL };
 static digest_list glob_dl = { GNUTLS_MAC_NULL, 0, NULL, NULL };
-
-
+static rnd_list glob_rnd = { 0, 0, NULL, NULL };
+
+
+/**
+  * gnutls_crypto_cipher_register - register a cipher algorithm
+  * @algorithm: is the gnutls algorithm identifier
+  * @priority: is the priority of the algorithm
+  * @s: is a structure holding new cipher's data
+  *
+  * This function will register a cipher algorithm to be used
+  * by gnutls. Any algorithm registered will override
+  * the included algorithms and by convention kernel implemented
+  * algorithms have priority of 90. The algorithm with the lowest
+  * priority will be used by gnutls.
+  *
+  * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+  *
+  **/
 int gnutls_crypto_cipher_register( gnutls_cipher_algorithm_t algorithm, int priority, gnutls_crypto_cipher_st* s)
 {
   return _algo_register( &glob_cl, algorithm, priority, s);
@@ -113,6 +130,45 @@ gnutls_crypto_cipher_st *_gnutls_get_crypto_cipher( gnutls_cipher_algorithm_t al
   return _get_algo( &glob_cl, algo);
 }
 
+/**
+  * gnutls_crypto_rnd_register - register a random generator
+  * @priority: is the priority of the generator
+  * @s: is a structure holding new generator's data
+  *
+  * This function will register a random generator to be used
+  * by gnutls. Any generator registered will override
+  * the included generator and by convention kernel implemented
+  * generators have priority of 90. The generator with the lowest
+  * priority will be used by gnutls.
+  *
+  * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+  *
+  **/
+int gnutls_crypto_rnd_register( int priority, gnutls_crypto_rnd_st* s)
+{
+  return _algo_register( &glob_rnd, 1, priority, s);
+}
+
+gnutls_crypto_rnd_st *_gnutls_get_crypto_rnd()
+{
+  return _get_algo( &glob_rnd, 1);
+}
+
+/**
+  * gnutls_crypto_mac_register - register a MAC algorithm
+  * @algorithm: is the gnutls algorithm identifier
+  * @priority: is the priority of the algorithm
+  * @s: is a structure holding new algorithms's data
+  *
+  * This function will register a MAC algorithm to be used
+  * by gnutls. Any algorithm registered will override
+  * the included algorithms and by convention kernel implemented
+  * algorithms have priority of 90. The algorithm with the lowest
+  * priority will be used by gnutls.
+  *
+  * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+  *
+  **/
 int gnutls_crypto_mac_register( gnutls_mac_algorithm_t algorithm, int priority, gnutls_crypto_mac_st* s)
 {
   return _algo_register( &glob_ml, algorithm, priority, s);
@@ -123,7 +179,21 @@ gnutls_crypto_mac_st *_gnutls_get_crypto_mac( gnutls_mac_algorithm_t algo)
   return _get_algo( &glob_ml, algo);
 }
 
-
+/**
+  * gnutls_crypto_digest_register - register a digest algorithm
+  * @algorithm: is the gnutls algorithm identifier
+  * @priority: is the priority of the algorithm
+  * @s: is a structure holding new algorithms's data
+  *
+  * This function will register a digest (hash) algorithm to be used
+  * by gnutls. Any algorithm registered will override
+  * the included algorithms and by convention kernel implemented
+  * algorithms have priority of 90. The algorithm with the lowest
+  * priority will be used by gnutls.
+  *
+  * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+  *
+  **/
 int gnutls_crypto_digest_register( gnutls_digest_algorithm_t algorithm, int priority, gnutls_crypto_digest_st* s)
 {
   return _algo_register( &glob_dl, algorithm, priority, s);
diff --git a/lib/crypto.h b/lib/crypto.h
index eb695a8757..f52e403909 100644
--- a/lib/crypto.h
+++ b/lib/crypto.h
@@ -1,3 +1,4 @@
 gnutls_crypto_cipher_st *_gnutls_get_crypto_cipher( gnutls_cipher_algorithm_t algo);
 gnutls_crypto_digest_st *_gnutls_get_crypto_digest( gnutls_digest_algorithm_t algo);
 gnutls_crypto_mac_st *_gnutls_get_crypto_mac( gnutls_mac_algorithm_t algo);
+gnutls_crypto_rnd_st *_gnutls_get_crypto_rnd();
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index cd3cdb1c27..ad192f46bd 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -39,6 +39,7 @@
 #include "gnutls_kx.h"
 #include "gnutls_record.h"
 #include "gnutls_constate.h"
+#include <random.h>
 #include <gc.h>
 
 inline static int
@@ -236,7 +237,7 @@ calc_enc_length (gnutls_session_t session, int data_size,
 		 cipher_type_t block_algo, uint16_t blocksize)
 {
   uint8_t rnd;
-  int length;
+  int length, ret;
 
   *pad = 0;
 
@@ -247,10 +248,11 @@ calc_enc_length (gnutls_session_t session, int data_size,
 
       break;
     case CIPHER_BLOCK:
-      if (gc_nonce (&rnd, 1) != GC_OK)
+      ret =_gnutls_rnd (RND_NONCE, &rnd, 1);
+      if ( ret < 0)
 	{
 	  gnutls_assert ();
-	  return GNUTLS_E_RANDOM_FAILED;
+	  return ret;
 	}
 
       /* make rnd a multiple of blocksize */
@@ -378,11 +380,13 @@ _gnutls_compressed2ciphertext (gnutls_session_t session,
     {
       /* copy the random IV.
        */
-      if (gc_nonce (data_ptr, blocksize) != GC_OK)
+      ret = _gnutls_rnd (RND_NONCE, data_ptr, blocksize);
+      if (ret < 0)
 	{
 	  gnutls_assert ();
-	  return GNUTLS_E_RANDOM_FAILED;
+	  return ret;
 	}
+
       data_ptr += blocksize;
     }
 
diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c
index 683ee78279..e6089a8f26 100644
--- a/lib/gnutls_global.c
+++ b/lib/gnutls_global.c
@@ -26,6 +26,7 @@
 #include <gnutls_errors.h>
 #include <libtasn1.h>
 #include <gnutls_dh.h>
+#include <random.h>
 
 #ifdef HAVE_WINSOCK
 # include <winsock2.h>
@@ -304,9 +305,14 @@ gnutls_global_init (void)
       result = _gnutls_asn2err (res);
       goto out;
     }
-    
-  /* Initialize the gcrypt (if used random generator) */
-  gc_pseudo_random (&c, 1);
+
+  /* Initialize the random generator */
+  result = _gnutls_rnd_init();
+  if (result < 0)
+    {
+      gnutls_assert();
+      goto out;
+    }
 
 out:
   return result;
@@ -330,6 +336,7 @@ gnutls_global_deinit (void)
 #if HAVE_WINSOCK
       WSACleanup ();
 #endif
+      _gnutls_rnd_deinit();
       asn1_delete_structure (&_gnutls_gnutls_asn);
       asn1_delete_structure (&_gnutls_pkix1_asn);
       gc_done ();
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 71e6484afc..d9fa09c783 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -52,6 +52,7 @@
 #include <auth_anon.h>		/* for gnutls_anon_server_credentials_t */
 #include <auth_psk.h>		/* for gnutls_psk_server_credentials_t */
 #include <gc.h>
+#include <random.h>
 
 #ifdef HANDSHAKE_DEBUG
 #define ERR(x, y) _gnutls_handshake_log( "HSK[%x]: %s (%d)\n", session, x,y)
@@ -253,6 +254,7 @@ int
 _gnutls_tls_create_random (opaque * dst)
 {
   uint32_t tim;
+  int ret;
 
   /* Use weak random numbers for the most of the
    * buffer except for the first 4 that are the
@@ -263,10 +265,11 @@ _gnutls_tls_create_random (opaque * dst)
   /* generate server random value */
   _gnutls_write_uint32 (tim, dst);
 
-  if (gc_nonce (&dst[4], TLS_RANDOM_SIZE - 4) != GC_OK)
+  ret = _gnutls_rnd (RND_NONCE, &dst[4], TLS_RANDOM_SIZE - 4);
+  if (ret < 0)
     {
       gnutls_assert ();
-      return GNUTLS_E_RANDOM_FAILED;
+      return ret;
     }
 
   return 0;
@@ -2668,11 +2671,13 @@ int
 _gnutls_generate_session_id (opaque * session_id, uint8_t * len)
 {
   *len = TLS_MAX_SESSION_ID_SIZE;
+  int ret;
 
-  if (gc_nonce (session_id, *len) != GC_OK)
+  ret = _gnutls_rnd (RND_NONCE, session_id, *len);
+  if (ret < 0)
     {
       gnutls_assert ();
-      return GNUTLS_E_RANDOM_FAILED;
+      return ret;
     }
 
   return 0;
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index 3427083beb..f9f4d4d499 100644
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -36,7 +36,7 @@
 #include "debug.h"
 #include <x509/x509_int.h>
 #include <x509/common.h>
-#include <gc.h>
+#include <random.h>
 
 static int _gnutls_pk_encrypt (int algo, mpi_t * resarr, mpi_t data,
 			       mpi_t * pkey, int pkey_len);
@@ -102,20 +102,22 @@ _gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext,
 	  return GNUTLS_E_INTERNAL_ERROR;
 	}
 
-      if (gc_pseudo_random (ps, psize) != GC_OK)
+      ret = _gnutls_rnd (RND_RANDOM, ps, psize);
+      if ( ret < 0)
 	{
 	  gnutls_assert ();
 	  gnutls_afree (edata);
-	  return GNUTLS_E_RANDOM_FAILED;
+	  return ret;
 	}
       for (i = 0; i < psize; i++)
 	while (ps[i] == 0)
 	  {
-	    if (gc_pseudo_random (&ps[i], 1) != GC_OK)
+	    ret = _gnutls_rnd (RND_RANDOM, &ps[i], 1);
+	    if (ret < 0)
 	      {
 		gnutls_assert ();
 		gnutls_afree (edata);
-		return GNUTLS_E_RANDOM_FAILED;
+		return ret;
 	      }
 	  }
       break;
diff --git a/lib/random.c b/lib/random.c
new file mode 100644
index 0000000000..25353cabac
--- /dev/null
+++ b/lib/random.c
@@ -0,0 +1,86 @@
+/*
+ * Copyright (C) 2008 Free Software Foundation
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GNUTLS.
+ *
+ * The GNUTLS library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file handles all the internal functions that cope with random data.
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <random.h>
+
+static gnutls_crypto_rnd_st * cc = NULL;
+static void * rnd_ctx;
+
+int
+_gnutls_rnd_init ()
+{
+  int result;
+
+  /* check if a digest has been registered 
+   */
+  cc = _gnutls_get_crypto_rnd();
+  if (cc != NULL) {
+    if (cc->init(& rnd_ctx) < 0) {
+      gnutls_assert();
+      return GNUTLS_E_RANDOM_FAILED;
+    }
+  } else {
+    char c;
+    gc_pseudo_random (&c, 1);
+  }
+  
+  return 0;
+}
+
+void
+_gnutls_rnd_deinit ()
+{
+  if (cc != NULL) {
+    cc->deinit( rnd_ctx);
+  }
+  
+  return;
+}
+
+int
+_gnutls_rnd (int level, void *data, int len)
+{
+int ret = GC_OK;
+
+  if (len > 0) {
+    if (cc != NULL) {
+      return cc->rnd( rnd_ctx, level, data, len);
+    }
+    
+    if (level == RND_NONCE)
+      ret = gc_nonce (data, len);
+    else
+      ret = gc_pseudo_random( data, len);
+
+  }
+
+  if (ret == GC_OK) return 0;
+  else return GNUTLS_E_RANDOM_FAILED;
+}
+
diff --git a/lib/random.h b/lib/random.h
new file mode 100644
index 0000000000..c899c67a98
--- /dev/null
+++ b/lib/random.h
@@ -0,0 +1,14 @@
+#ifndef RANDOM_H
+# define RANDOM_H
+
+#include <gnutls/crypto.h>
+
+#define RND_RANDOM GNUTLS_RND_RANDOM
+#define RND_NONCE GNUTLS_RND_NONCE
+#define RND_KEY GNUTLS_RND_KEY
+
+int _gnutls_rnd (int level, void *data, int len);
+void _gnutls_rnd_deinit ();
+int _gnutls_rnd_init ();
+
+#endif
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index e5e443c09f..15e13c36fb 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -37,7 +37,7 @@
 #include <common.h>
 #include <x509_b64.h>
 #include "x509_int.h"
-#include <gc.h>
+#include <random.h>
 
 
 /* Decodes the PKCS #12 auth_safe, and returns the allocated raw data,
@@ -869,10 +869,11 @@ gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass)
 
   /* Generate the salt.
    */
-  if (gc_nonce (salt, sizeof (salt)) != GC_OK)
+  result = _gnutls_rnd (RND_NONCE, salt, sizeof (salt));
+  if (result < 0)
     {
       gnutls_assert ();
-      return GNUTLS_E_RANDOM_FAILED;
+      return result;
     }
 
   /* Write the salt into the structure.
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index 7304a7569f..ec5e7ea336 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -37,6 +37,7 @@
 #include <gnutls_algorithms.h>
 #include <gnutls_num.h>
 #include <gc.h>
+#include <random.h>
 
 
 #define PBES2_OID "1.2.840.113549.1.5.13"
@@ -1752,10 +1753,11 @@ generate_key (schema_id schema,
   else if (schema == PKCS12_RC2_40_SHA1)
     enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
 
-  if (gc_pseudo_random (rnd, 2) != GC_OK)
+  ret = _gnutls_rnd( RND_RANDOM, rnd, 2);
+  if (ret < 0)
     {
       gnutls_assert ();
-      return GNUTLS_E_RANDOM_FAILED;
+      return ret;
     }
 
   /* generate salt */
@@ -1766,7 +1768,8 @@ generate_key (schema_id schema,
   else
     kdf_params->salt_size = 8;
 
-  if (gc_pseudo_random (kdf_params->salt, kdf_params->salt_size) != GC_OK)
+  ret = _gnutls_rnd ( RND_RANDOM, kdf_params->salt, kdf_params->salt_size);
+  if ( ret < 0) 
     {
       gnutls_assert ();
       return GNUTLS_E_RANDOM_FAILED;
@@ -1801,12 +1804,15 @@ generate_key (schema_id schema,
 	  return GNUTLS_E_ENCRYPTION_FAILED;
 	}
 
-      if (enc_params->iv_size &&
-	  gc_nonce (enc_params->iv, enc_params->iv_size) != GC_OK)
-	{
-	  gnutls_assert ();
-	  return GNUTLS_E_RANDOM_FAILED;
-	}
+      if (enc_params->iv_size)
+        {
+	  ret = _gnutls_rnd (RND_NONCE, enc_params->iv, enc_params->iv_size);
+	  if (ret < 0)
+  	    {
+	      gnutls_assert ();
+	      return ret;
+	    }
+        }
     }
   else
     {				/* PKCS12 schemas */
author	Nikos <nmav@crystal.(none)>	2008-03-29 12:01:27 +0200
committer	Nikos <nmav@crystal.(none)>	2008-03-29 12:01:27 +0200
commit	0b37eef0f6b6626d5e4b5936bbc6f012416ef61a (patch)
tree	040f519310dab705ecb523f7553e5a7902b646fb /lib
parent	c54d8ce49564b19b2a39995cf8b12cc41ebd9097 (diff)
download	gnutls-0b37eef0f6b6626d5e4b5936bbc6f012416ef61a.tar.gz