mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-11 02:35:39 +00:00
Allow compile-time configuration of PRNG in SSL module
Introduces MBEDTLS_SSL_CONF_RNG to allow configuring the RNG to be used by the SSL module at compile-time. Impact on code-size: | | GCC 8.2.1 | ARMC5 5.06 | ARMC6 6.12 | | --- | --- | --- | --- | | `libmbedtls.a` before | 23535 | 24089 | 27103 | | `libmbedtls.a` after | 23471 | 24077 | 27045 | | gain in Bytes | 64 | 12 | 58 |
This commit is contained in:
parent
1841f84c79
commit
ece325c8dd
|
@ -93,6 +93,7 @@
|
|||
#define MBEDTLS_SSL_CONF_AUTHMODE MBEDTLS_SSL_VERIFY_REQUIRED
|
||||
#define MBEDTLS_SSL_CONF_BADMAC_LIMIT 0
|
||||
#define MBEDTLS_SSL_CONF_ANTI_REPLAY MBEDTLS_SSL_ANTI_REPLAY_ENABLED
|
||||
#define MBEDTLS_SSL_CONF_RNG mbedtls_hmac_drbg_random
|
||||
#define MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET \
|
||||
MBEDTLS_SSL_EXTENDED_MS_ENABLED
|
||||
#define MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET \
|
||||
|
|
|
@ -51,6 +51,8 @@
|
|||
|
||||
/* ssl_client2 and ssl_server2 use CTR-DRBG so far. */
|
||||
#define MBEDTLS_CTR_DRBG_C
|
||||
#undef MBEDTLS_SSL_CONF_RNG
|
||||
#define MBEDTLS_SSL_CONF_RNG mbedtls_ctr_drbg_random
|
||||
|
||||
/* The ticket implementation hardcodes AES-GCM */
|
||||
#define MBEDTLS_GCM_C
|
||||
|
|
|
@ -3601,6 +3601,13 @@
|
|||
//#define MBEDTLS_SSL_CONF_CID_LEN 0
|
||||
//#define MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID MBEDTLS_SSL_UNEXPECTED_CID_IGNORE
|
||||
|
||||
/* The PRNG to use by the SSL module. If defined, this must
|
||||
* evaluate to the name on externally defined function with signature
|
||||
* int (*f_rng)(void *, unsigned char *, size_t),
|
||||
* e.g. mbedtls_ctr_drbg_random or mbedtls_hmac_drbg_random.
|
||||
*/
|
||||
//#define MBEDTLS_SSL_CONF_RNG mbedtls_ctr_drbg_random
|
||||
|
||||
/* ExtendedMasterSecret extension
|
||||
* The following two options must be set/unset simultaneously. */
|
||||
//#define MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET MBEDTLS_SSL_EXTENDED_MS_ENABLED
|
||||
|
|
|
@ -902,8 +902,10 @@ struct mbedtls_ssl_config
|
|||
void (*f_dbg)(void *, int, const char *, int, const char *);
|
||||
void *p_dbg; /*!< context for the debug function */
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_RNG)
|
||||
/** Callback for getting (pseudo-)random numbers */
|
||||
int (*f_rng)(void *, unsigned char *, size_t);
|
||||
#endif /* !MBEDTLS_SSL_CONF_RNG */
|
||||
void *p_rng; /*!< context for the RNG function */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
|
||||
|
@ -1462,9 +1464,16 @@ void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
|
|||
void *p_vrfy );
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_RNG)
|
||||
/**
|
||||
* \brief Set the random number generator callback
|
||||
*
|
||||
* \note On constrained systems, the RNG can also be
|
||||
* configured at compile-time via the option
|
||||
* MBEDTLS_SSL_CONF_RNG. In this case, the
|
||||
* \p f_rng argument in this function has no
|
||||
* effect.
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param f_rng RNG function
|
||||
* \param p_rng RNG parameter
|
||||
|
@ -1472,6 +1481,16 @@ void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
|
|||
void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
#else
|
||||
/**
|
||||
* \brief Set the random number generator callback context.
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param p_rng RNG parameter
|
||||
*/
|
||||
void mbedtls_ssl_conf_rng_ctx( mbedtls_ssl_config *conf,
|
||||
void *p_rng );
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Set the debug callback
|
||||
|
|
|
@ -1289,6 +1289,27 @@ static inline unsigned int mbedtls_ssl_conf_get_anti_replay(
|
|||
#endif /* MBEDTLS_SSL_CONF_ANTI_REPLAY */
|
||||
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
|
||||
|
||||
typedef int (*mbedtls_frng_t)( void*, unsigned char*, size_t );
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_RNG)
|
||||
static inline mbedtls_frng_t mbedtls_ssl_conf_get_frng(
|
||||
mbedtls_ssl_config const *conf )
|
||||
{
|
||||
return( conf->f_rng );
|
||||
}
|
||||
#else /* !MBEDTLS_SSL_CONF_RNG */
|
||||
|
||||
#define mbedtls_ssl_conf_rng_func MBEDTLS_SSL_CONF_RNG
|
||||
extern int mbedtls_ssl_conf_rng_func( void*, unsigned char*, size_t );
|
||||
|
||||
static inline mbedtls_frng_t mbedtls_ssl_conf_get_frng(
|
||||
mbedtls_ssl_config const *conf )
|
||||
{
|
||||
((void) conf);
|
||||
return ((mbedtls_frng_t*) mbedtls_ssl_conf_rng_func);
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_CONF_RNG */
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
||||
static inline unsigned int mbedtls_ssl_conf_get_ems(
|
||||
mbedtls_ssl_config const *conf )
|
||||
|
|
|
@ -394,7 +394,8 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
|
||||
p + 2, end - p - 2, &kkpp_len,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
mbedtls_ssl_conf_get_frng( ssl->conf ),
|
||||
ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret );
|
||||
|
@ -751,14 +752,20 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
|
|||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) );
|
||||
#else
|
||||
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf )
|
||||
( ssl->conf->p_rng, p, 4 ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
p += 4;
|
||||
#endif /* MBEDTLS_HAVE_TIME */
|
||||
|
||||
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 28 ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf )
|
||||
( ssl->conf->p_rng, p, 28 ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
@ -822,7 +829,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
|
||||
|
||||
if( ssl->conf->f_rng == NULL )
|
||||
if( mbedtls_ssl_conf_get_frng( ssl->conf ) == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided") );
|
||||
return( MBEDTLS_ERR_SSL_NO_RNG );
|
||||
|
@ -908,7 +915,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
ssl->session_negotiate->ticket != NULL &&
|
||||
ssl->session_negotiate->ticket_len != 0 )
|
||||
{
|
||||
ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id, 32 );
|
||||
ret = mbedtls_ssl_conf_get_frng( ssl->conf )
|
||||
( ssl->conf->p_rng, ssl->session_negotiate->id, 32 );
|
||||
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
@ -2333,7 +2341,8 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
|
|||
mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver,
|
||||
ssl->conf->transport, p );
|
||||
|
||||
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf )
|
||||
( ssl->conf->p_rng, p + 2, 46 ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret );
|
||||
return( ret );
|
||||
|
@ -2382,7 +2391,8 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
|
|||
p, ssl->handshake->pmslen,
|
||||
ssl->out_msg + offset + len_bytes, olen,
|
||||
MBEDTLS_SSL_OUT_CONTENT_LEN - offset - len_bytes,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
mbedtls_ssl_conf_get_frng( ssl->conf ),
|
||||
ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_rsa_pkcs1_encrypt", ret );
|
||||
goto cleanup;
|
||||
|
@ -3155,7 +3165,8 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
|
||||
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
|
||||
&ssl->out_msg[i], n,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
mbedtls_ssl_conf_get_frng( ssl->conf ),
|
||||
ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
|
||||
|
@ -3169,7 +3180,8 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
ssl->handshake->premaster,
|
||||
MBEDTLS_PREMASTER_SIZE,
|
||||
&ssl->handshake->pmslen,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
mbedtls_ssl_conf_get_frng( ssl->conf ),
|
||||
ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
|
||||
return( ret );
|
||||
|
@ -3206,7 +3218,8 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
|
||||
&n,
|
||||
&ssl->out_msg[i], 1000,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
mbedtls_ssl_conf_get_frng( ssl->conf ),
|
||||
ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
|
||||
|
@ -3235,7 +3248,8 @@ ecdh_calc_secret:
|
|||
&ssl->handshake->pmslen,
|
||||
ssl->handshake->premaster,
|
||||
MBEDTLS_MPI_MAX_SIZE,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
mbedtls_ssl_conf_get_frng( ssl->conf ),
|
||||
ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
|
@ -3317,7 +3331,8 @@ ecdh_calc_secret:
|
|||
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
|
||||
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
|
||||
&ssl->out_msg[i], n,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
mbedtls_ssl_conf_get_frng( ssl->conf ),
|
||||
ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
|
||||
|
@ -3334,7 +3349,8 @@ ecdh_calc_secret:
|
|||
*/
|
||||
ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n,
|
||||
&ssl->out_msg[i], MBEDTLS_SSL_OUT_CONTENT_LEN - i,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
mbedtls_ssl_conf_get_frng( ssl->conf ),
|
||||
ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
|
||||
|
@ -3376,7 +3392,8 @@ ecdh_calc_secret:
|
|||
|
||||
ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx,
|
||||
ssl->out_msg + i, MBEDTLS_SSL_OUT_CONTENT_LEN - i, &n,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
mbedtls_ssl_conf_get_frng( ssl->conf ),
|
||||
ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret );
|
||||
|
@ -3385,7 +3402,8 @@ ecdh_calc_secret:
|
|||
|
||||
ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx,
|
||||
ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
mbedtls_ssl_conf_get_frng( ssl->conf ),
|
||||
ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret );
|
||||
|
@ -3583,7 +3601,8 @@ sign:
|
|||
if( ( ret = mbedtls_pk_sign_restartable( mbedtls_ssl_own_key( ssl ),
|
||||
md_alg, hash_start, hashlen,
|
||||
ssl->out_msg + 6 + offset, &n,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx ) ) != 0 )
|
||||
mbedtls_ssl_conf_get_frng( ssl->conf ),
|
||||
ssl->conf->p_rng, rs_ctx ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
|
|
|
@ -2493,7 +2493,8 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
|
||||
p + 2, end - p - 2, &kkpp_len,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
mbedtls_ssl_conf_get_frng( ssl->conf ),
|
||||
ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret );
|
||||
|
@ -2637,7 +2638,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
|
||||
|
||||
if( ssl->conf->f_rng == NULL )
|
||||
if( mbedtls_ssl_conf_get_frng( ssl->conf ) == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided") );
|
||||
return( MBEDTLS_ERR_SSL_NO_RNG );
|
||||
|
@ -2669,14 +2670,20 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) );
|
||||
#else
|
||||
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf )
|
||||
( ssl->conf->p_rng, p, 4 ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
p += 4;
|
||||
#endif /* MBEDTLS_HAVE_TIME */
|
||||
|
||||
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 28 ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf )
|
||||
( ssl->conf->p_rng, p, 28 ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
p += 28;
|
||||
|
||||
|
@ -2739,9 +2746,11 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
{
|
||||
ssl->session_negotiate->id_len = n = 32;
|
||||
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id,
|
||||
n ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf )
|
||||
( ssl->conf->p_rng, ssl->session_negotiate->id, n ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -3145,7 +3154,8 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
|
|||
&ssl->handshake->ecjpake_ctx,
|
||||
ssl->out_msg + ssl->out_msglen,
|
||||
MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, &len,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
mbedtls_ssl_conf_get_frng( ssl->conf ),
|
||||
ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret );
|
||||
|
@ -3208,7 +3218,8 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
|
|||
&ssl->handshake->dhm_ctx,
|
||||
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
|
||||
ssl->out_msg + ssl->out_msglen, &len,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
mbedtls_ssl_conf_get_frng( ssl->conf ),
|
||||
ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_params", ret );
|
||||
return( ret );
|
||||
|
@ -3272,7 +3283,8 @@ curve_matching_done:
|
|||
&ssl->handshake->ecdh_ctx, &len,
|
||||
ssl->out_msg + ssl->out_msglen,
|
||||
MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
mbedtls_ssl_conf_get_frng( ssl->conf ),
|
||||
ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_params", ret );
|
||||
return( ret );
|
||||
|
@ -3456,7 +3468,7 @@ curve_matching_done:
|
|||
md_alg, hash, hashlen,
|
||||
ssl->out_msg + ssl->out_msglen + 2,
|
||||
signature_len,
|
||||
ssl->conf->f_rng,
|
||||
mbedtls_ssl_conf_get_frng( ssl->conf ),
|
||||
ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
|
||||
|
@ -3753,7 +3765,8 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
|
|||
|
||||
ret = mbedtls_pk_decrypt( private_key, p, len,
|
||||
peer_pms, peer_pmslen, peer_pmssize,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
mbedtls_ssl_conf_get_frng( ssl->conf ),
|
||||
ssl->conf->p_rng );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
|
@ -3822,7 +3835,8 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
|
|||
* successful. In particular, always generate the fake premaster secret,
|
||||
* regardless of whether it will ultimately influence the output or not.
|
||||
*/
|
||||
ret = ssl->conf->f_rng( ssl->conf->p_rng, fake_pms, sizeof( fake_pms ) );
|
||||
ret = mbedtls_ssl_conf_get_frng( ssl->conf )
|
||||
( ssl->conf->p_rng, fake_pms, sizeof( fake_pms ) );
|
||||
if( ret != 0 )
|
||||
{
|
||||
/* It's ok to abort on an RNG failure, since this does not reveal
|
||||
|
@ -3980,7 +3994,8 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
ssl->handshake->premaster,
|
||||
MBEDTLS_PREMASTER_SIZE,
|
||||
&ssl->handshake->pmslen,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
mbedtls_ssl_conf_get_frng( ssl->conf ),
|
||||
ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS );
|
||||
|
@ -4013,7 +4028,8 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
&ssl->handshake->pmslen,
|
||||
ssl->handshake->premaster,
|
||||
MBEDTLS_MPI_MAX_SIZE,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
mbedtls_ssl_conf_get_frng( ssl->conf ),
|
||||
ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS );
|
||||
|
@ -4169,7 +4185,8 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
|
||||
ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx,
|
||||
ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
mbedtls_ssl_conf_get_frng( ssl->conf ),
|
||||
ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret );
|
||||
|
|
|
@ -1623,7 +1623,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
|
|||
/* Write length only when we know the actual value */
|
||||
if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
|
||||
p + 2, end - ( p + 2 ), &len,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
mbedtls_ssl_conf_get_frng( ssl->conf ),
|
||||
ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
|
||||
return( ret );
|
||||
|
@ -1644,7 +1645,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
|
|||
|
||||
if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen,
|
||||
p + 2, end - ( p + 2 ),
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
mbedtls_ssl_conf_get_frng( ssl->conf ),
|
||||
ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
|
||||
return( ret );
|
||||
|
@ -3941,7 +3943,8 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
|
|||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
|
||||
if( ( ret = mbedtls_ssl_encrypt_buf( ssl, ssl->transform_out, &rec,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
mbedtls_ssl_conf_get_frng( ssl->conf ),
|
||||
ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret );
|
||||
return( ret );
|
||||
|
@ -8185,6 +8188,7 @@ void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
|
|||
}
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_RNG)
|
||||
void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng )
|
||||
|
@ -8192,6 +8196,13 @@ void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
|
|||
conf->f_rng = f_rng;
|
||||
conf->p_rng = p_rng;
|
||||
}
|
||||
#else
|
||||
void mbedtls_ssl_conf_rng_ctx( mbedtls_ssl_config *conf,
|
||||
void *p_rng )
|
||||
{
|
||||
conf->p_rng = p_rng;
|
||||
}
|
||||
#endif
|
||||
|
||||
void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
|
||||
void (*f_dbg)(void *, int, const char *, int, const char *),
|
||||
|
|
|
@ -209,7 +209,11 @@ int main( void )
|
|||
goto exit;
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_RNG)
|
||||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
#else
|
||||
mbedtls_ssl_conf_rng_ctx( &conf, &ctr_drbg );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ),
|
||||
|
|
|
@ -2706,6 +2706,14 @@ int query_config( const char *config )
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID */
|
||||
|
||||
#if defined(MBEDTLS_SSL_CONF_RNG)
|
||||
if( strcmp( "MBEDTLS_SSL_CONF_RNG", config ) == 0 )
|
||||
{
|
||||
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_RNG );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_CONF_RNG */
|
||||
|
||||
#if defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET)
|
||||
if( strcmp( "MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET", config ) == 0 )
|
||||
{
|
||||
|
|
|
@ -1764,7 +1764,12 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_RNG)
|
||||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
#else
|
||||
mbedtls_ssl_conf_rng_ctx( &conf, &ctr_drbg );
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT)
|
||||
|
|
|
@ -2570,7 +2570,12 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_RNG)
|
||||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
#else
|
||||
mbedtls_ssl_conf_rng_ctx( &conf, &ctr_drbg );
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
|
||||
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
|
|
Loading…
Reference in a new issue