commit 6aa3ff95143e144266c40aadb12eeb83dbfe2648
parent b63b1ec2a5d916113d96b42d91fc9c237cc5a037
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Tue, 16 Jun 2026 16:08:00 +0200
migrate to new gnunet random API
Diffstat:
18 files changed, 59 insertions(+), 88 deletions(-)
diff --git a/flake.lock b/flake.lock
@@ -52,17 +52,17 @@
"systems": "systems_6"
},
"locked": {
- "lastModified": 1779394269,
- "narHash": "sha256-+UTs481V7c3Xi/fEg8pJDpajWjag9sb5Uc5uH+J/m+E=",
+ "lastModified": 1781617537,
+ "narHash": "sha256-ht+VQUCuJgiARIuGm8/49yukCZeXH1HHxLt+mu67OFM=",
"ref": "refs/heads/master",
- "rev": "55b7ddabb83475cc954a0ffa9f141d2b6d0abaf8",
- "revCount": 9989,
+ "rev": "548ebf45aef4a22ce652ff87ac4526c2a93091d0",
+ "revCount": 10031,
"submodules": true,
"type": "git",
"url": "https://git.gnunet.org/exchange"
},
"original": {
- "rev": "55b7ddabb83475cc954a0ffa9f141d2b6d0abaf8",
+ "rev": "548ebf45aef4a22ce652ff87ac4526c2a93091d0",
"type": "git",
"url": "https://git.gnunet.org/exchange"
}
@@ -115,17 +115,17 @@
"systems": "systems_5"
},
"locked": {
- "lastModified": 1774899416,
- "narHash": "sha256-YcGma1gX/t76xDv9DW71nKkWFhzXYz3NkN/WEceHbZM=",
+ "lastModified": 1781611204,
+ "narHash": "sha256-4uCu+3Cdi1ck9J7LT72INcrm3coIkP7Gh9k0COAr91g=",
"ref": "refs/heads/master",
- "rev": "7c6b613e37e301b0e81fb94af5878d00c98e5b75",
- "revCount": 33194,
+ "rev": "e8e7504b7ab43f7dffa25f273ff228069d8d6dd4",
+ "revCount": 33248,
"submodules": true,
"type": "git",
"url": "https://git.gnunet.org/gnunet"
},
"original": {
- "rev": "7c6b613e37e301b0e81fb94af5878d00c98e5b75",
+ "rev": "e8e7504b7ab43f7dffa25f273ff228069d8d6dd4",
"type": "git",
"url": "https://git.gnunet.org/gnunet"
}
@@ -136,17 +136,17 @@
"systems": "systems_7"
},
"locked": {
- "lastModified": 1774899416,
- "narHash": "sha256-YcGma1gX/t76xDv9DW71nKkWFhzXYz3NkN/WEceHbZM=",
+ "lastModified": 1781611204,
+ "narHash": "sha256-4uCu+3Cdi1ck9J7LT72INcrm3coIkP7Gh9k0COAr91g=",
"ref": "refs/heads/master",
- "rev": "7c6b613e37e301b0e81fb94af5878d00c98e5b75",
- "revCount": 33194,
+ "rev": "e8e7504b7ab43f7dffa25f273ff228069d8d6dd4",
+ "revCount": 33248,
"submodules": true,
"type": "git",
"url": "https://git.gnunet.org/gnunet"
},
"original": {
- "rev": "7c6b613e37e301b0e81fb94af5878d00c98e5b75",
+ "rev": "e8e7504b7ab43f7dffa25f273ff228069d8d6dd4",
"type": "git",
"url": "https://git.gnunet.org/gnunet"
}
@@ -213,16 +213,16 @@
},
"nixpkgs_5": {
"locked": {
- "lastModified": 1774799055,
- "narHash": "sha256-Tsq9BCz0q47ej1uFF39m4tuhcwru/ls6vCCJzutEpaw=",
+ "lastModified": 1780734595,
+ "narHash": "sha256-DmTfP92QFYRLOGXlMIE54MAgxSJjDWocl3gRNOu72Os=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "107cba9eb4a8d8c9f8e9e61266d78d340867913a",
+ "rev": "9b696460ac78b5ccfc17c854d8c976f20456e943",
"type": "github"
},
"original": {
"id": "nixpkgs",
- "ref": "release-25.11",
+ "ref": "release-26.05",
"type": "indirect"
}
},
@@ -243,31 +243,31 @@
},
"nixpkgs_7": {
"locked": {
- "lastModified": 1774799055,
- "narHash": "sha256-Tsq9BCz0q47ej1uFF39m4tuhcwru/ls6vCCJzutEpaw=",
+ "lastModified": 1780734595,
+ "narHash": "sha256-DmTfP92QFYRLOGXlMIE54MAgxSJjDWocl3gRNOu72Os=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "107cba9eb4a8d8c9f8e9e61266d78d340867913a",
+ "rev": "9b696460ac78b5ccfc17c854d8c976f20456e943",
"type": "github"
},
"original": {
"id": "nixpkgs",
- "ref": "release-25.11",
+ "ref": "release-26.05",
"type": "indirect"
}
},
"nixpkgs_8": {
"locked": {
- "lastModified": 1775730577,
- "narHash": "sha256-5i3MKmxBFQP9/wp3QyFWyS7DqURq/M4T8gr1JSbyygI=",
+ "lastModified": 1781616846,
+ "narHash": "sha256-pujkSXZ/LvNu0sObeK09KfS0lV/YoeWKZ5hwuY265Cs=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "0d5a853f7004a5fc57b61a97ccb02832f8e7ed9d",
+ "rev": "1d92060175b76bf5b7d8a1d5d1d924e31ef76ff8",
"type": "github"
},
"original": {
"id": "nixpkgs",
- "ref": "release-25.11",
+ "ref": "release-26.05",
"type": "indirect"
}
},
diff --git a/flake.nix b/flake.nix
@@ -21,10 +21,10 @@
{
inputs = {
- nixpkgs.url = "nixpkgs/release-25.11";
+ nixpkgs.url = "nixpkgs/release-26.05";
systems.url = "github:nix-systems/default";
- gnunet.url = "git+https://git.gnunet.org/gnunet?rev=7c6b613e37e301b0e81fb94af5878d00c98e5b75";
- exchange.url = "git+https://git.gnunet.org/exchange?rev=55b7ddabb83475cc954a0ffa9f141d2b6d0abaf8";
+ gnunet.url = "git+https://git.gnunet.org/gnunet?rev=e8e7504b7ab43f7dffa25f273ff228069d8d6dd4";
+ exchange.url = "git+https://git.gnunet.org/exchange?rev=548ebf45aef4a22ce652ff87ac4526c2a93091d0";
donau.url = "git+https://git.gnunet.org/donau?rev=4f609168fe263891f134eff01f86288066acdd81";
self.submodules = true;
};
diff --git a/src/backend/taler-merchant-httpd_auth.c b/src/backend/taler-merchant-httpd_auth.c
@@ -285,8 +285,7 @@ TMH_compute_auth (const char *token,
struct TALER_MerchantAuthenticationSaltP *salt,
struct TALER_MerchantAuthenticationHashP *hash)
{
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
- salt,
+ GNUNET_CRYPTO_random_block (salt,
sizeof (*salt));
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Computing initial auth using token with salt %s\n",
diff --git a/src/backend/taler-merchant-httpd_helper.c b/src/backend/taler-merchant-httpd_helper.c
@@ -583,8 +583,7 @@ TMH_setup_wire_account (
if (NULL != credit_facade_credentials)
wm->credit_facade_credentials
= json_incref ((json_t*) credit_facade_credentials);
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
- &wm->wire_salt,
+ GNUNET_CRYPTO_random_block (&wm->wire_salt,
sizeof (wm->wire_salt));
wm->payto_uri.full_payto
= GNUNET_strdup (payto_uri.full_payto);
diff --git a/src/backend/taler-merchant-httpd_mfa.c b/src/backend/taler-merchant-httpd_mfa.c
@@ -257,15 +257,13 @@ mfa_challenge_start (
unsigned long long challenge_num;
char *code;
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
- &salt,
+ GNUNET_CRYPTO_random_block (&salt,
sizeof (salt));
TALER_MERCHANT_mfa_body_hash (hc->request_body,
&salt,
&h_body);
challenge_num = (unsigned long long)
- GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_NONCE,
- 1000 * 1000 * 100);
+ GNUNET_CRYPTO_random_u64 (1000 * 1000 * 100);
/* Note: if this is changed, the code in
taler-merchant-httpd_post-challenge-ID.c and
taler-merchant-httpd_post-challenge-ID-confirm.c must
diff --git a/src/backend/taler-merchant-httpd_post-challenge-ID.c b/src/backend/taler-merchant-httpd_post-challenge-ID.c
@@ -441,8 +441,7 @@ phase_send_challenge (struct MfaState *mfa)
char **cmd_argv = NULL;
challenge_num = (unsigned long long)
- GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_NONCE,
- 1000 * 1000 * 100);
+ GNUNET_CRYPTO_random_u64 (1000 * 1000 * 100);
GNUNET_asprintf (&mfa->code,
"%04llu-%04llu",
challenge_num / 10000,
diff --git a/src/backend/taler-merchant-httpd_post-management-instances.c b/src/backend/taler-merchant-httpd_post-management-instances.c
@@ -616,8 +616,7 @@ retry:
struct GNUNET_TIME_Timestamp expiration_time;
bool refreshable = true;
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
- &btoken,
+ GNUNET_CRYPTO_random_block (&btoken,
sizeof (btoken));
expiration_time
= GNUNET_TIME_relative_to_timestamp (login_token_expiration);
diff --git a/src/backend/taler-merchant-httpd_post-private-orders.c b/src/backend/taler-merchant-httpd_post-private-orders.c
@@ -3747,8 +3747,7 @@ phase_parse_order (struct OrderContext *oc)
/* Check for error state of strftime */
GNUNET_assert (0 != off);
buf[off++] = '-';
- rand = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK,
- UINT64_MAX);
+ rand = GNUNET_CRYPTO_random_u64 (UINT64_MAX);
last = GNUNET_STRINGS_data_to_string (&rand,
sizeof (uint64_t),
&buf[off],
@@ -4088,8 +4087,7 @@ phase_parse_request (struct OrderContext *oc)
}
if (create_token)
{
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
- &oc->parse_request.claim_token,
+ GNUNET_CRYPTO_random_block (&oc->parse_request.claim_token,
sizeof (oc->parse_request.claim_token));
}
/* Compute h_post_data (for idempotency check) */
diff --git a/src/backend/taler-merchant-httpd_post-private-token.c b/src/backend/taler-merchant-httpd_post-private-token.c
@@ -80,8 +80,7 @@ TMH_private_post_instances_ID_token (const struct TMH_RequestHandler *rh,
if (GNUNET_OK != res)
return (GNUNET_NO == res) ? MHD_YES : MHD_NO;
}
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
- &btoken,
+ GNUNET_CRYPTO_random_block (&btoken,
sizeof (btoken));
expiration_time = GNUNET_TIME_relative_to_timestamp (duration);
{
diff --git a/src/backenddb/insert_report.c b/src/backenddb/insert_report.c
@@ -63,8 +63,7 @@ TALER_MERCHANTDB_insert_report (
GNUNET_assert (NULL != pg->current_merchant_id);
GNUNET_assert (0 == strcmp (instance_id,
pg->current_merchant_id));
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
- &report_token,
+ GNUNET_CRYPTO_random_block (&report_token,
sizeof (report_token));
start =
GNUNET_TIME_absolute_to_timestamp (
diff --git a/src/backenddb/test_merchantdb.c b/src/backenddb/test_merchantdb.c
@@ -264,10 +264,9 @@ make_account (struct TALER_MERCHANTDB_AccountDetails *account)
memset (account,
0,
sizeof (*account));
- GNUNET_CRYPTO_hash_create_random (GNUNET_CRYPTO_QUALITY_STRONG,
- &account->h_wire.hash);
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
- &account->salt,
+ GNUNET_CRYPTO_random_block (&account->h_wire.hash,
+ sizeof account->h_wire.hash);
+ GNUNET_CRYPTO_random_block (&account->salt,
sizeof (account->salt));
account->payto_uri.full_payto
= (char *) "payto://x-taler-bank/bank.demo.taler.net/4";
@@ -1653,8 +1652,7 @@ make_order (const char *order_id,
GNUNET_assert (NULL != order->contract);
order->pay_deadline = GNUNET_TIME_relative_to_timestamp (
GNUNET_TIME_UNIT_DAYS);
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
- &order->claim_token,
+ GNUNET_CRYPTO_random_block (&order->claim_token,
sizeof (order->claim_token));
refund_deadline = GNUNET_TIME_relative_to_timestamp (GNUNET_TIME_UNIT_WEEKS);
GNUNET_assert (0 ==
@@ -2874,11 +2872,9 @@ make_deposit (const struct InstanceData *instance,
&deposit->amount_with_fee,
&deposit->deposit_fee));
deposit->h_wire = account->h_wire;
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
- &deposit->exchange_sig,
+ GNUNET_CRYPTO_random_block (&deposit->exchange_sig,
sizeof (deposit->exchange_sig));
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
- &deposit->coin_sig,
+ GNUNET_CRYPTO_random_block (&deposit->coin_sig,
sizeof (deposit->coin_sig));
}
@@ -3751,9 +3747,7 @@ make_transfer (const struct ExchangeSignkeyData *signkey,
{
struct TALER_TrackTransferDetails *details = NULL;
- GNUNET_CRYPTO_seed_weak_random (585);
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
- &transfer->wtid,
+ GNUNET_CRYPTO_random_block (&transfer->wtid,
sizeof (struct TALER_WireTransferIdentifierRawP));
transfer->exchange_url = deposits[0].exchange_url;
transfer->verified = false;
@@ -5646,9 +5640,7 @@ run_test_lookup_orders_all_filters (
unsigned int *permutation;
/* Pseudorandomly generate variations for the filter to differentiate */
- GNUNET_CRYPTO_seed_weak_random (1);
- permutation = GNUNET_CRYPTO_random_permute (GNUNET_CRYPTO_QUALITY_WEAK,
- 64);
+ permutation = GNUNET_CRYPTO_random_permute (64);
for (unsigned int i = 0; i < 64; ++i)
{
unsigned int dest = permutation[i];
diff --git a/src/merchant-tools/taler-merchant-passwd.c b/src/merchant-tools/taler-merchant-passwd.c
@@ -92,8 +92,7 @@ run (void *cls,
return;
}
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
- &ias.auth_salt,
+ GNUNET_CRYPTO_random_block (&ias.auth_salt,
sizeof (ias.auth_salt));
TALER_merchant_instance_auth_hash_with_salt (&ias.auth_hash,
&ias.auth_salt,
diff --git a/src/testing/testing_api_cmd_claim_order.c b/src/testing/testing_api_cmd_claim_order.c
@@ -186,8 +186,7 @@ order_claim_run (void *cls,
if (NULL != pls->order_id)
{
order_id = pls->order_id;
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
- &dummy_nonce,
+ GNUNET_CRYPTO_random_block (&dummy_nonce,
sizeof (dummy_nonce));
nonce = &dummy_nonce;
claim_token = NULL;
@@ -205,8 +204,7 @@ order_claim_run (void *cls,
TALER_TESTING_get_trait_claim_nonce (order_cmd,
&nonce))
{
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
- &dummy_nonce,
+ GNUNET_CRYPTO_random_block (&dummy_nonce,
sizeof (dummy_nonce));
nonce = &dummy_nonce;
}
diff --git a/src/testing/testing_api_cmd_lock_product.c b/src/testing/testing_api_cmd_lock_product.c
@@ -242,8 +242,7 @@ TALER_TESTING_cmd_merchant_lock_product (
pis->merchant_url = merchant_url;
pis->product_id = product_id;
pis->http_status = http_status;
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
- &uuid,
+ GNUNET_CRYPTO_random_block (&uuid,
sizeof (struct GNUNET_Uuid));
pis->uuid = GNUNET_STRINGS_data_to_string_alloc (&uuid,
sizeof (uuid));
diff --git a/src/testing/testing_api_cmd_pay_order.c b/src/testing/testing_api_cmd_pay_order.c
@@ -261,11 +261,9 @@ prepare_donau_data (struct TALER_TESTING_Interpreter *is,
= &ss->bkps[cnt].blinded_udi;
udi_hash = &ss->h_udis[cnt];
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
- &ps,
+ GNUNET_CRYPTO_random_block (&ps,
sizeof (ps));
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
- udi_nonce,
+ GNUNET_CRYPTO_random_block (udi_nonce,
sizeof (*udi_nonce));
switch (ss->selected_pks[cnt].bsign_pub_key->cipher)
{
diff --git a/src/testing/testing_api_cmd_post_orders.c b/src/testing/testing_api_cmd_post_orders.c
@@ -415,8 +415,7 @@ orders_run (void *cls,
json_string (order_id)));
GNUNET_free (order_id);
}
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
- &ps->nonce,
+ GNUNET_CRYPTO_random_block (&ps->nonce,
sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
ps->po = TALER_MERCHANT_post_private_orders_create (
TALER_TESTING_interpreter_get_context (is),
@@ -503,8 +502,7 @@ orders_run2 (void *cls,
return;
}
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
- &ps->nonce,
+ GNUNET_CRYPTO_random_block (&ps->nonce,
sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
for (token = strtok (products_string, ";");
NULL != token;
@@ -680,8 +678,7 @@ orders_run3 (void *cls,
GNUNET_free (order_id);
}
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
- &ps->nonce,
+ GNUNET_CRYPTO_random_block (&ps->nonce,
sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
ps->po = TALER_MERCHANT_post_private_orders_create (
TALER_TESTING_interpreter_get_context (is),
diff --git a/src/testing/testing_api_cmd_post_transfers.c b/src/testing/testing_api_cmd_post_transfers.c
@@ -452,8 +452,7 @@ TALER_TESTING_cmd_merchant_post_transfer2 (
&pts->credit_amount));
if (NULL == wtid)
{
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
- &pts->wtid,
+ GNUNET_CRYPTO_random_block (&pts->wtid,
sizeof (pts->wtid));
}
else
diff --git a/src/testing/testing_api_cmd_post_using_templates.c b/src/testing/testing_api_cmd_post_using_templates.c
@@ -399,8 +399,7 @@ post_using_templates_run (void *cls,
&tis->otp_alg))
TALER_TESTING_FAIL (is);
}
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
- &tis->nonce,
+ GNUNET_CRYPTO_random_block (&tis->nonce,
sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
tis->iph = TALER_MERCHANT_post_templates_create (
TALER_TESTING_interpreter_get_context (is),
