Introduce getter function for RNG context

This commit is contained in:
Hanno Becker 2019-07-23 13:24:02 +01:00
parent 9db697e8c6
commit 9a12243b01
4 changed files with 32 additions and 28 deletions

View file

@ -1560,6 +1560,10 @@ static inline mbedtls_ssl_recv_timeout_t* mbedtls_ssl_get_recv_timeout(
typedef int mbedtls_frng_t( void*, unsigned char*, size_t ); typedef int mbedtls_frng_t( void*, unsigned char*, size_t );
static inline void* mbedtls_ssl_conf_get_prng( mbedtls_ssl_config const *conf )
{
return( conf->p_rng );
}
#if !defined(MBEDTLS_SSL_CONF_RNG) #if !defined(MBEDTLS_SSL_CONF_RNG)
static inline mbedtls_frng_t* mbedtls_ssl_conf_get_frng( static inline mbedtls_frng_t* mbedtls_ssl_conf_get_frng(
mbedtls_ssl_config const *conf ) mbedtls_ssl_config const *conf )

View file

@ -375,7 +375,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
p + 2, end - p - 2, &kkpp_len, p + 2, end - p - 2, &kkpp_len,
mbedtls_ssl_conf_get_frng( ssl->conf ), mbedtls_ssl_conf_get_frng( ssl->conf ),
ssl->conf->p_rng ); mbedtls_ssl_conf_get_prng( ssl->conf ) );
if( ret != 0 ) if( ret != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret ); MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret );
@ -735,7 +735,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) );
#else #else
if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf ) if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf )
( ssl->conf->p_rng, p, 4 ) ) != 0 ) ( mbedtls_ssl_conf_get_prng( ssl->conf ), p, 4 ) ) != 0 )
{ {
return( ret ); return( ret );
} }
@ -744,7 +744,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
#endif /* MBEDTLS_HAVE_TIME */ #endif /* MBEDTLS_HAVE_TIME */
if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf ) if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf )
( ssl->conf->p_rng, p, 28 ) ) != 0 ) ( mbedtls_ssl_conf_get_prng( ssl->conf ), p, 28 ) ) != 0 )
{ {
return( ret ); return( ret );
} }
@ -911,7 +911,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
ssl->session_negotiate->ticket_len != 0 ) ssl->session_negotiate->ticket_len != 0 )
{ {
ret = mbedtls_ssl_conf_get_frng( ssl->conf ) ret = mbedtls_ssl_conf_get_frng( ssl->conf )
( ssl->conf->p_rng, ssl->session_negotiate->id, 32 ); ( mbedtls_ssl_conf_get_prng( ssl->conf ), ssl->session_negotiate->id, 32 );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
@ -2365,7 +2365,7 @@ static int ssl_rsa_generate_partial_pms( mbedtls_ssl_context *ssl,
ssl->conf->transport, out ); ssl->conf->transport, out );
if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf ) if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf )
( ssl->conf->p_rng, out + 2, 46 ) ) != 0 ) ( mbedtls_ssl_conf_get_prng( ssl->conf ), out + 2, 46 ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret );
return( ret ); return( ret );
@ -2435,7 +2435,7 @@ static int ssl_rsa_encrypt_partial_pms( mbedtls_ssl_context *ssl,
ppms, 48, out + len_bytes, ppms, 48, out + len_bytes,
olen, buflen - len_bytes, olen, buflen - len_bytes,
mbedtls_ssl_conf_get_frng( ssl->conf ), mbedtls_ssl_conf_get_frng( ssl->conf ),
ssl->conf->p_rng ) ) != 0 ) mbedtls_ssl_conf_get_prng( ssl->conf ) ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_rsa_pkcs1_encrypt", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_rsa_pkcs1_encrypt", ret );
goto cleanup; goto cleanup;
@ -3493,7 +3493,7 @@ static int ssl_client_key_exchange_write( mbedtls_ssl_context *ssl,
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
p, n, mbedtls_ssl_conf_get_frng( ssl->conf ), p, n, mbedtls_ssl_conf_get_frng( ssl->conf ),
ssl->conf->p_rng ); mbedtls_ssl_conf_get_prng( ssl->conf ) );
if( ret != 0 ) if( ret != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
@ -3530,7 +3530,7 @@ static int ssl_client_key_exchange_write( mbedtls_ssl_context *ssl,
ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
&n, p, end - p, &n, p, end - p,
mbedtls_ssl_conf_get_frng( ssl->conf ), mbedtls_ssl_conf_get_frng( ssl->conf ),
ssl->conf->p_rng ); mbedtls_ssl_conf_get_prng( ssl->conf ) );
if( ret != 0 ) if( ret != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
@ -3625,7 +3625,7 @@ static int ssl_client_key_exchange_write( mbedtls_ssl_context *ssl,
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
p, n, mbedtls_ssl_conf_get_frng( ssl->conf ), p, n, mbedtls_ssl_conf_get_frng( ssl->conf ),
ssl->conf->p_rng ); mbedtls_ssl_conf_get_prng( ssl->conf ) );
if( ret != 0 ) if( ret != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
@ -3646,7 +3646,7 @@ static int ssl_client_key_exchange_write( mbedtls_ssl_context *ssl,
ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n, ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n,
p, buflen, p, buflen,
mbedtls_ssl_conf_get_frng( ssl->conf ), mbedtls_ssl_conf_get_frng( ssl->conf ),
ssl->conf->p_rng ); mbedtls_ssl_conf_get_prng( ssl->conf ) );
if( ret != 0 ) if( ret != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
@ -3683,7 +3683,7 @@ static int ssl_client_key_exchange_write( mbedtls_ssl_context *ssl,
ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx, ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx,
p, end - p, &n, p, end - p, &n,
mbedtls_ssl_conf_get_frng( ssl->conf ), mbedtls_ssl_conf_get_frng( ssl->conf ),
ssl->conf->p_rng ); mbedtls_ssl_conf_get_prng( ssl->conf ) );
if( ret != 0 ) if( ret != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret );
@ -3895,7 +3895,7 @@ sign:
md_alg, hash_start, hashlen, md_alg, hash_start, hashlen,
ssl->out_msg + 6 + offset, &n, ssl->out_msg + 6 + offset, &n,
mbedtls_ssl_conf_get_frng( ssl->conf ), mbedtls_ssl_conf_get_frng( ssl->conf ),
ssl->conf->p_rng, rs_ctx ) ) != 0 ) mbedtls_ssl_conf_get_prng( ssl->conf ), rs_ctx ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE) #if defined(MBEDTLS_SSL__ECP_RESTARTABLE)

View file

@ -2603,7 +2603,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
p + 2, end - p - 2, &kkpp_len, p + 2, end - p - 2, &kkpp_len,
mbedtls_ssl_conf_get_frng( ssl->conf ), mbedtls_ssl_conf_get_frng( ssl->conf ),
ssl->conf->p_rng ); mbedtls_ssl_conf_get_prng( ssl->conf ) );
if( ret != 0 ) if( ret != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret ); MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret );
@ -2783,7 +2783,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) );
#else #else
if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf ) if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf )
( ssl->conf->p_rng, p, 4 ) ) != 0 ) ( mbedtls_ssl_conf_get_prng( ssl->conf ), p, 4 ) ) != 0 )
{ {
return( ret ); return( ret );
} }
@ -2792,7 +2792,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
#endif /* MBEDTLS_HAVE_TIME */ #endif /* MBEDTLS_HAVE_TIME */
if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf ) if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf )
( ssl->conf->p_rng, p, 28 ) ) != 0 ) ( mbedtls_ssl_conf_get_prng( ssl->conf ), p, 28 ) ) != 0 )
{ {
return( ret ); return( ret );
} }
@ -2859,7 +2859,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
{ {
ssl->session_negotiate->id_len = n = 32; ssl->session_negotiate->id_len = n = 32;
if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf ) if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf )
( ssl->conf->p_rng, ssl->session_negotiate->id, n ) ) != 0 ) ( mbedtls_ssl_conf_get_prng( ssl->conf ), ssl->session_negotiate->id, n ) ) != 0 )
{ {
return( ret ); return( ret );
} }
@ -3272,7 +3272,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
ssl->out_msg + ssl->out_msglen, ssl->out_msg + ssl->out_msglen,
MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, &len, MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, &len,
mbedtls_ssl_conf_get_frng( ssl->conf ), mbedtls_ssl_conf_get_frng( ssl->conf ),
ssl->conf->p_rng ); mbedtls_ssl_conf_get_prng( ssl->conf ) );
if( ret != 0 ) if( ret != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret );
@ -3336,7 +3336,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
ssl->out_msg + ssl->out_msglen, &len, ssl->out_msg + ssl->out_msglen, &len,
mbedtls_ssl_conf_get_frng( ssl->conf ), mbedtls_ssl_conf_get_frng( ssl->conf ),
ssl->conf->p_rng ) ) != 0 ) mbedtls_ssl_conf_get_prng( ssl->conf ) ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_params", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_params", ret );
return( ret ); return( ret );
@ -3393,7 +3393,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
ssl->out_msg + ssl->out_msglen, ssl->out_msg + ssl->out_msglen,
MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen,
mbedtls_ssl_conf_get_frng( ssl->conf ), mbedtls_ssl_conf_get_frng( ssl->conf ),
ssl->conf->p_rng ) ) != 0 ) mbedtls_ssl_conf_get_prng( ssl->conf ) ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_params", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_params", ret );
return( ret ); return( ret );
@ -3579,7 +3579,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
ssl->out_msg + ssl->out_msglen + 2, ssl->out_msg + ssl->out_msglen + 2,
signature_len, signature_len,
mbedtls_ssl_conf_get_frng( ssl->conf ), mbedtls_ssl_conf_get_frng( ssl->conf ),
ssl->conf->p_rng ) ) != 0 ) mbedtls_ssl_conf_get_prng( ssl->conf ) ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
return( ret ); return( ret );
@ -3876,7 +3876,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
ret = mbedtls_pk_decrypt( private_key, p, len, ret = mbedtls_pk_decrypt( private_key, p, len,
peer_pms, peer_pmslen, peer_pmssize, peer_pms, peer_pmslen, peer_pmssize,
mbedtls_ssl_conf_get_frng( ssl->conf ), mbedtls_ssl_conf_get_frng( ssl->conf ),
ssl->conf->p_rng ); mbedtls_ssl_conf_get_prng( ssl->conf ) );
return( ret ); return( ret );
} }
@ -3946,7 +3946,7 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
* regardless of whether it will ultimately influence the output or not. * regardless of whether it will ultimately influence the output or not.
*/ */
ret = mbedtls_ssl_conf_get_frng( ssl->conf ) ret = mbedtls_ssl_conf_get_frng( ssl->conf )
( ssl->conf->p_rng, fake_pms, sizeof( fake_pms ) ); ( mbedtls_ssl_conf_get_prng( ssl->conf ), fake_pms, sizeof( fake_pms ) );
if( ret != 0 ) if( ret != 0 )
{ {
/* It's ok to abort on an RNG failure, since this does not reveal /* It's ok to abort on an RNG failure, since this does not reveal

View file

@ -1669,7 +1669,7 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl )
MBEDTLS_PREMASTER_SIZE, MBEDTLS_PREMASTER_SIZE,
&ssl->handshake->pmslen, &ssl->handshake->pmslen,
mbedtls_ssl_conf_get_frng( ssl->conf ), mbedtls_ssl_conf_get_frng( ssl->conf ),
ssl->conf->p_rng ) ) != 0 ) mbedtls_ssl_conf_get_prng( ssl->conf ) ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
return( ret ); return( ret );
@ -1697,7 +1697,7 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl )
ssl->handshake->premaster, ssl->handshake->premaster,
MBEDTLS_MPI_MAX_SIZE, MBEDTLS_MPI_MAX_SIZE,
mbedtls_ssl_conf_get_frng( ssl->conf ), mbedtls_ssl_conf_get_frng( ssl->conf ),
ssl->conf->p_rng ) ) != 0 ) mbedtls_ssl_conf_get_prng( ssl->conf ) ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
return( ret ); return( ret );
@ -1729,7 +1729,7 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl )
ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx, ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx,
ssl->handshake->premaster, 32, &ssl->handshake->pmslen, ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
mbedtls_ssl_conf_get_frng( ssl->conf ), mbedtls_ssl_conf_get_frng( ssl->conf ),
ssl->conf->p_rng ); mbedtls_ssl_conf_get_prng( ssl->conf ) );
if( ret != 0 ) if( ret != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret );
@ -1823,7 +1823,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
p + 2, end - ( p + 2 ), &len, p + 2, end - ( p + 2 ), &len,
mbedtls_ssl_conf_get_frng( ssl->conf ), mbedtls_ssl_conf_get_frng( ssl->conf ),
ssl->conf->p_rng ) ) != 0 ) mbedtls_ssl_conf_get_prng( ssl->conf ) ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
return( ret ); return( ret );
@ -1845,7 +1845,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen, if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen,
p + 2, end - ( p + 2 ), p + 2, end - ( p + 2 ),
mbedtls_ssl_conf_get_frng( ssl->conf ), mbedtls_ssl_conf_get_frng( ssl->conf ),
ssl->conf->p_rng ) ) != 0 ) mbedtls_ssl_conf_get_prng( ssl->conf ) ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
return( ret ); return( ret );
@ -4189,7 +4189,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
if( ( ret = mbedtls_ssl_encrypt_buf( ssl, ssl->transform_out, &rec, if( ( ret = mbedtls_ssl_encrypt_buf( ssl, ssl->transform_out, &rec,
mbedtls_ssl_conf_get_frng( ssl->conf ), mbedtls_ssl_conf_get_frng( ssl->conf ),
ssl->conf->p_rng ) ) != 0 ) mbedtls_ssl_conf_get_prng( ssl->conf ) ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret );
return( ret ); return( ret );