SSL test programs: abstract CTR_DRBG away

In ssl_client2 and ssl_server2, to generate random data, go through a
level of indirection provided by ssl_test_lib. This way the programs
don't depend on a particular choice of RNG implementation, and only
ssl_test_lib.{h,c} explicitly reference CTR_DRBG.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-01-13 18:59:46 +01:00
parent f1cb75fe13
commit 535fb37870
4 changed files with 27 additions and 6 deletions

View file

@ -1880,7 +1880,7 @@ int main( int argc, char *argv[] )
#endif #endif
#endif #endif
} }
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &rng.drbg ); mbedtls_ssl_conf_rng( &conf, rng_get, &rng );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout ); mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout );

View file

@ -2682,7 +2682,7 @@ int main( int argc, char *argv[] )
#endif #endif
#endif #endif
} }
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &rng.drbg ); mbedtls_ssl_conf_rng( &conf, rng_get, &rng );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
#if defined(MBEDTLS_SSL_CACHE_C) #if defined(MBEDTLS_SSL_CACHE_C)
@ -2701,7 +2701,7 @@ int main( int argc, char *argv[] )
if( opt.tickets == MBEDTLS_SSL_SESSION_TICKETS_ENABLED ) if( opt.tickets == MBEDTLS_SSL_SESSION_TICKETS_ENABLED )
{ {
if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx, if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx,
mbedtls_ctr_drbg_random, &rng.drbg, rng_get, &rng,
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_CIPHER_AES_256_GCM,
opt.ticket_timeout ) ) != 0 ) opt.ticket_timeout ) ) != 0 )
{ {
@ -2723,7 +2723,7 @@ int main( int argc, char *argv[] )
if( opt.cookies > 0 ) if( opt.cookies > 0 )
{ {
if( ( ret = mbedtls_ssl_cookie_setup( &cookie_ctx, if( ( ret = mbedtls_ssl_cookie_setup( &cookie_ctx,
mbedtls_ctr_drbg_random, &rng.drbg ) ) != 0 ) rng_get, &rng ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret );
goto exit; goto exit;
@ -2875,8 +2875,8 @@ int main( int argc, char *argv[] )
ssl_async_keys.inject_error = ( opt.async_private_error < 0 ? ssl_async_keys.inject_error = ( opt.async_private_error < 0 ?
- opt.async_private_error : - opt.async_private_error :
opt.async_private_error ); opt.async_private_error );
ssl_async_keys.f_rng = mbedtls_ctr_drbg_random; ssl_async_keys.f_rng = rng_get;
ssl_async_keys.p_rng = &rng.drbg; ssl_async_keys.p_rng = &rng;
mbedtls_ssl_conf_async_private_cb( &conf, mbedtls_ssl_conf_async_private_cb( &conf,
sign, sign,
decrypt, decrypt,

View file

@ -95,6 +95,12 @@ void rng_free( rng_context_t *rng )
mbedtls_entropy_free( &rng->entropy ); mbedtls_entropy_free( &rng->entropy );
} }
int rng_get( void *p_rng, unsigned char *output, size_t output_len )
{
rng_context_t *rng = p_rng;
return( mbedtls_ctr_drbg_random( &rng->drbg, output, output_len ) );
}
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
int ca_callback( void *data, mbedtls_x509_crt const *child, int ca_callback( void *data, mbedtls_x509_crt const *child,
mbedtls_x509_crt **candidates ) mbedtls_x509_crt **candidates )

View file

@ -164,6 +164,21 @@ int rng_seed( rng_context_t *rng, int reproducible, const char *pers );
*/ */
void rng_free( rng_context_t *rng ); void rng_free( rng_context_t *rng );
/** Generate random data.
*
* This function is suitable for use as the \c f_rng argument to Mbed TLS
* library functions.
*
* \param p_rng The CTR_DRBG context. This must be a pointer to a
* #rng_context_t structure.
* \param output The buffer to fill.
* \param output_len The length of the buffer in bytes.
*
* \return \c 0 on success.
* \return An Mbed TLS error code on error.
*/
int rng_get( void *p_rng, unsigned char *output, size_t output_len );
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
int ca_callback( void *data, mbedtls_x509_crt const *child, int ca_callback( void *data, mbedtls_x509_crt const *child,
mbedtls_x509_crt **candidates ); mbedtls_x509_crt **candidates );