Implement add_salt().

rfc8188_test doesn't use it (since fixed salt values are given by
the examples), but calls it just to be sure that nothing blows up.

src/rfc8188.c

@@ -29,6 +29,7 @@
 /* Chapter references are to RFC 8188 */
 
 #include <openssl/hmac.h>
+#include <openssl/rand.h>
 #include <openssl/err.h>
 
 #include <string.h>
@@ -82,6 +83,16 @@ encode_header(uint8_t *hdr, uint32_t rs, uint8_t idlen, uint8_t *keyid)
 	memcpy(hdr + ID_OFF, keyid, idlen);
 }
 
+int
+add_salt(unsigned char *hdr, char *errmsg)
+{
+        if (RAND_bytes(hdr, SALT_LEN) != 1) {
+                mk_error(errmsg);
+                return (-1);
+        }
+        return 0;
+}
+
 /* ch 2.2 pseudorandom key */
 int
 derive_prk(uint8_t *salt, uint8_t *key, unsigned char *prk, char *errmsg)

src/rfc8188.h

@@ -82,8 +82,8 @@ decode_header(uint8_t *hdr, uint32_t *rs, uint8_t *idlen)
  */
 void encode_header(uint8_t *hdr, uint32_t rs, uint8_t idlen, uint8_t *keyid);
 
-/* XXX implement me */
-int add_salt(unsigned char *hdr);
+/* Set SALT_LEN random bytes from the libcrypto CSPRNG at hdr. */
+int add_salt(unsigned char *hdr, char errmsg[ERRMSG_LEN]);
 
 /*
  * ch. 2.2 pseudorandom key

src/rfc8188_test.c

@@ -280,5 +280,13 @@ main(int argc, char *argv[])
 	AZ(memcmp(body1_test_b64, body1_b64, len));
 
 	cipher_ctx_fini(ctx);
+
+        /* Just call add_salt() for sanity's sake. */
+        memset(body1, 0, SALT_LEN);
+        if (add_salt(body1, errmsg) != 0) {
+		fprintf(stderr, "add_salt: %s\n", errmsg);
+		exit(-1);
+	}
+
 	exit(0);
 }