TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 19:21:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10551 from bjwtaylor/remove-drbg-modules

Browse Source 
Remove use of DRBG modules from sample programs
This commit is contained in:
Gilles Peskine
2026-01-15 12:14:24 +00:00
committed by GitHub
parent 6370f1c59c fe3f378eec
commit d49372176f
35 changed files with 44 additions and 577 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
programs/fuzz/fuzz_client.c
View File

@@ -1,8 +1,4 @@
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/ssl.h"
#include "mbedtls/private/entropy.h"
#include "mbedtls/private/ctr_drbg.h"
#include "test/certs.h"
#include "fuzz_common.h"
#include <string.h>
@@ -10,9 +6,7 @@
#include <stdint.h>
#if defined(MBEDTLS_SSL_CLI_C) && \
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C)
#if defined(MBEDTLS_SSL_CLI_C)
static int initialized = 0;
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
static mbedtls_x509_crt cacert;
@@ -29,20 +23,16 @@ const char psk_id[] = "Client_identity";
#endif
const char *pers = "fuzz_client";
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
#endif /* MBEDTLS_SSL_CLI_C */
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
#if defined(MBEDTLS_SSL_CLI_C) && \
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C)
#if defined(MBEDTLS_SSL_CLI_C)
int ret;
size_t len;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_context entropy;
unsigned char buf[4096];
fuzzBufferOffset_t biomemfuzz;
uint16_t options;
@@ -75,19 +65,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
goto exit;
}
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
goto exit;
}
if (mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
@@ -173,8 +156,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
}
exit:
mbedtls_entropy_free(&entropy);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ssl_config_free(&conf);
mbedtls_ssl_free(&ssl);
mbedtls_psa_crypto_free();
@@ -182,7 +163,7 @@ exit:
#else
(void) Data;
(void) Size;
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
#endif /* MBEDTLS_SSL_CLI_C */
return 0;
}

19
programs/fuzz/fuzz_dtlsclient.c
View File

@@ -1,19 +1,13 @@
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
#include "fuzz_common.h"
#include "mbedtls/ssl.h"
#if defined(MBEDTLS_SSL_PROTO_DTLS)
#include "mbedtls/private/entropy.h"
#include "mbedtls/private/ctr_drbg.h"
#include "mbedtls/timing.h"
#include "test/certs.h"
#if defined(MBEDTLS_SSL_CLI_C) && \
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C) && \
defined(MBEDTLS_TIMING_C)
static int initialized = 0;
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
@@ -30,15 +24,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
defined(MBEDTLS_SSL_CLI_C) && \
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C) && \
defined(MBEDTLS_TIMING_C)
int ret;
size_t len;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_context entropy;
mbedtls_timing_delay_context timer;
unsigned char buf[4096];
fuzzBufferOffset_t biomemfuzz;
@@ -58,19 +48,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
goto exit;
}
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
goto exit;
}
if (mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
@@ -118,8 +101,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
}
exit:
mbedtls_entropy_free(&entropy);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ssl_config_free(&conf);
mbedtls_ssl_free(&ssl);
mbedtls_psa_crypto_free();

19
programs/fuzz/fuzz_dtlsserver.c
View File

@@ -1,5 +1,3 @@
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
@@ -7,14 +5,10 @@
#include "mbedtls/ssl.h"
#include "test/certs.h"
#if defined(MBEDTLS_SSL_PROTO_DTLS)
#include "mbedtls/private/entropy.h"
#include "mbedtls/private/ctr_drbg.h"
#include "mbedtls/timing.h"
#include "mbedtls/ssl_cookie.h"
#if defined(MBEDTLS_SSL_SRV_C) && \
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C) && \
defined(MBEDTLS_TIMING_C) && \
(defined(PSA_WANT_ALG_SHA_384) || \
defined(PSA_WANT_ALG_SHA_256))
@@ -32,8 +26,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
defined(MBEDTLS_SSL_SRV_C) && \
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C) && \
defined(MBEDTLS_TIMING_C) && \
(defined(PSA_WANT_ALG_SHA_384) || \
defined(PSA_WANT_ALG_SHA_256))
@@ -41,15 +33,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
size_t len;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_context entropy;
mbedtls_timing_delay_context timer;
mbedtls_ssl_cookie_ctx cookie_ctx;
unsigned char buf[4096];
fuzzBufferOffset_t biomemfuzz;
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_x509_crt_init(&srvcert);
mbedtls_pk_init(&pkey);
@@ -63,11 +51,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
goto exit;
}
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
goto exit;
}
if (initialized == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
@@ -156,12 +139,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
exit:
mbedtls_ssl_cookie_free(&cookie_ctx);
mbedtls_entropy_free(&entropy);
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_pk_free(&pkey);
mbedtls_x509_crt_free(&srvcert);
#endif
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ssl_config_free(&conf);
mbedtls_ssl_free(&ssl);
mbedtls_psa_crypto_free();

2
programs/fuzz/fuzz_pkcs7.c
View File

@@ -1,5 +1,3 @@
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include <stdint.h>
#include "mbedtls/pkcs7.h"
#include "fuzz_common.h"

29
programs/fuzz/fuzz_server.c
View File

@@ -1,8 +1,4 @@
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/ssl.h"
#include "mbedtls/private/entropy.h"
#include "mbedtls/private/ctr_drbg.h"
#include "mbedtls/ssl_ticket.h"
#include "test/certs.h"
#include "fuzz_common.h"
@@ -11,9 +7,7 @@
#include <stdint.h>
#if defined(MBEDTLS_SSL_SRV_C) && \
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C)
#if defined(MBEDTLS_SSL_SRV_C)
const char *pers = "fuzz_server";
static int initialized = 0;
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
@@ -29,20 +23,16 @@ const unsigned char psk[] = {
};
const char psk_id[] = "Client_identity";
#endif
#endif // MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C
#endif // MBEDTLS_SSL_SRV_C
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
#if defined(MBEDTLS_SSL_SRV_C) && \
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C)
#if defined(MBEDTLS_SSL_SRV_C)
int ret;
size_t len;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_context entropy;
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
mbedtls_ssl_ticket_context ticket_ctx;
#endif
@@ -56,8 +46,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
}
options = Data[Size - 1];
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_x509_crt_init(&srvcert);
mbedtls_pk_init(&pkey);
@@ -72,11 +60,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
goto exit;
}
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
return 1;
}
if (initialized == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
@@ -193,8 +176,6 @@ exit:
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
mbedtls_ssl_ticket_free(&ticket_ctx);
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */
mbedtls_entropy_free(&entropy);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ssl_config_free(&conf);
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_x509_crt_free(&srvcert);
@@ -202,10 +183,10 @@ exit:
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_PEM_PARSE_C */
mbedtls_ssl_free(&ssl);
mbedtls_psa_crypto_free();
#else /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
#else /* MBEDTLS_SSL_SRV_C */
(void) Data;
(void) Size;
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
#endif /* MBEDTLS_SSL_SRV_C */
return 0;
}

2
programs/fuzz/fuzz_x509crl.c
View File

@@ -1,5 +1,3 @@
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include <stdint.h>
#include "mbedtls/x509_crl.h"
#include "fuzz_common.h"

2
programs/fuzz/fuzz_x509crt.c
View File

@@ -1,5 +1,3 @@
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include <stdint.h>
#include "mbedtls/x509_crt.h"
#include "fuzz_common.h"

2
programs/fuzz/fuzz_x509csr.c
View File

@@ -1,5 +1,3 @@
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include <stdint.h>
#include "mbedtls/x509_csr.h"
#include "fuzz_common.h"

24
programs/ssl/dtls_client.c
View File

@@ -5,20 +5,16 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \
#if !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \
!defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
!defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
int main(void)
{
mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or "
mbedtls_printf("MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or "
"MBEDTLS_TIMING_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
"MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
"not defined.\n");
@@ -31,8 +27,6 @@ int main(void)
#include "mbedtls/net_sockets.h"
#include "mbedtls/debug.h"
#include "mbedtls/ssl.h"
#include "mbedtls/private/entropy.h"
#include "mbedtls/private/ctr_drbg.h"
#include "mbedtls/error.h"
#include "mbedtls/timing.h"
#include "test/certs.h"
@@ -73,11 +67,8 @@ int main(int argc, char *argv[])
mbedtls_net_context server_fd;
uint32_t flags;
unsigned char buf[1024];
const char *pers = "dtls_client";
int retry_left = MAX_RETRY;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_x509_crt cacert;
@@ -97,8 +88,6 @@ int main(int argc, char *argv[])
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_x509_crt_init(&cacert);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
@@ -111,13 +100,6 @@ int main(int argc, char *argv[])
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
mbedtls_printf(" ok\n");
/*
@@ -322,8 +304,6 @@ exit:
mbedtls_x509_crt_free(&cacert);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_psa_crypto_free();
/* Shell can not handle large exit numbers -> 1 for errors */

24
programs/ssl/dtls_server.c
View File

@@ -5,8 +5,6 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
@@ -20,15 +18,13 @@
#define BIND_IP "::"
#endif
#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \
#if !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \
!defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
!defined(MBEDTLS_SSL_COOKIE_C) || \
!defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
int main(void)
{
mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
mbedtls_printf("MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_TIMING_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
"MBEDTLS_SSL_COOKIE_C and/or "
"MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
@@ -45,8 +41,6 @@ int main(void)
#include <stdlib.h>
#include <stdio.h>
#include "mbedtls/private/entropy.h"
#include "mbedtls/private/ctr_drbg.h"
#include "mbedtls/x509.h"
#include "mbedtls/ssl.h"
#include "mbedtls/ssl_cookie.h"
@@ -80,13 +74,10 @@ int main(void)
int ret, len;
mbedtls_net_context listen_fd, client_fd;
unsigned char buf[1024];
const char *pers = "dtls_server";
unsigned char client_ip[16] = { 0 };
size_t cliip_len;
mbedtls_ssl_cookie_ctx cookie_ctx;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_x509_crt srvcert;
@@ -106,8 +97,6 @@ int main(void)
#endif
mbedtls_x509_crt_init(&srvcert);
mbedtls_pk_init(&pkey);
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
@@ -127,13 +116,6 @@ int main(void)
printf(" . Seeding the random number generator...");
fflush(stdout);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
printf(" ok\n");
/*
@@ -392,8 +374,6 @@ exit:
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_free(&cache);
#endif
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_psa_crypto_free();
/* Shell can not handle large exit numbers -> 1 for errors */

23
programs/ssl/mini_client.c
View File

@@ -6,8 +6,6 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
@@ -26,14 +24,12 @@
#define UNIX
#endif
#if !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \
#if !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \
!defined(UNIX)
int main(void)
{
mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX "
mbedtls_printf("MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX "
"not defined.\n");
mbedtls_exit(0);
}
@@ -43,8 +39,6 @@ int main(void)
#include "mbedtls/net_sockets.h"
#include "mbedtls/ssl.h"
#include "mbedtls/private/entropy.h"
#include "mbedtls/private/ctr_drbg.h"
#include <sys/socket.h>
#include <netinet/in.h>
@@ -129,7 +123,6 @@ const unsigned char ca_cert[] = {
enum exit_codes {
exit_ok = 0,
ctr_drbg_seed_failed,
ssl_config_defaults_failed,
ssl_setup_failed,
hostname_failed,
@@ -150,11 +143,8 @@ int main(void)
mbedtls_x509_crt ca;
#endif
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_ctr_drbg_init(&ctr_drbg);
/*
* 0. Initialize and setup stuff
@@ -165,7 +155,6 @@ int main(void)
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_init(&ca);
#endif
mbedtls_entropy_init(&entropy);
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
@@ -173,12 +162,6 @@ int main(void)
goto exit;
}
if (mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
ret = ctr_drbg_seed_failed;
goto exit;
}
if (mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
@@ -258,8 +241,6 @@ exit:
mbedtls_net_free(&server_fd);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_free(&ca);
#endif

18
programs/ssl/ssl_client1.c
View File

@@ -5,8 +5,6 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
@@ -27,8 +25,6 @@ int main(void)
#include "mbedtls/net_sockets.h"
#include "mbedtls/debug.h"
#include "mbedtls/ssl.h"
#include "mbedtls/private/entropy.h"
#include "mbedtls/private/ctr_drbg.h"
#include "mbedtls/error.h"
#include "test/certs.h"
@@ -58,10 +54,7 @@ int main(void)
mbedtls_net_context server_fd;
uint32_t flags;
unsigned char buf[1024];
const char *pers = "ssl_client1";
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_x509_crt cacert;
@@ -77,8 +70,6 @@ int main(void)
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_x509_crt_init(&cacert);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
@@ -91,13 +82,6 @@ int main(void)
fflush(stdout);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
mbedtls_printf(" ok\n");
/*
@@ -276,8 +260,6 @@ exit:
mbedtls_x509_crt_free(&cacert);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_psa_crypto_free();
mbedtls_exit(exit_code);

10
programs/ssl/ssl_client2.c
View File

@@ -818,7 +818,6 @@ int main(int argc, char *argv[])
#endif
psa_status_t status;
rng_context_t rng;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_ssl_session saved_session;
@@ -877,7 +876,6 @@ int main(int argc, char *argv[])
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_ssl_session_init(&saved_session);
rng_init(&rng);
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
mbedtls_x509_crt_init(&cacert);
mbedtls_x509_crt_init(&clicert);
@@ -1653,7 +1651,7 @@ usage:
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
ret = rng_seed(&rng, opt.reproducible, pers);
ret = rng_seed(opt.reproducible, pers);
if (ret != 0) {
goto exit;
}
@@ -3213,13 +3211,7 @@ exit:
mbedtls_printf("PSA memory leak detected: %s\n", message);
}
/* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
* resources are freed by rng_free(). */
#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
mbedtls_psa_crypto_free();
#endif
rng_free(&rng);
#if defined(MBEDTLS_TEST_HOOKS)
if (test_hooks_failure_detected()) {

2
programs/ssl/ssl_context_info.c
View File

@@ -5,8 +5,6 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/debug.h"
#include "mbedtls/platform.h"

44
programs/ssl/ssl_fork_server.c
View File

@@ -5,19 +5,15 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \
#if !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \
!defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
int main(void)
{
mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
mbedtls_printf("MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
"not defined.\n");
mbedtls_exit(0);
@@ -31,8 +27,6 @@ int main(void)
}
#else
#include "mbedtls/private/entropy.h"
#include "mbedtls/private/ctr_drbg.h"
#include "test/certs.h"
#include "mbedtls/x509.h"
#include "mbedtls/ssl.h"
@@ -70,10 +64,7 @@ int main(void)
int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_net_context listen_fd, client_fd;
unsigned char buf[1024];
const char *pers = "ssl_fork_server";
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_x509_crt srvcert;
@@ -83,10 +74,8 @@ int main(void)
mbedtls_net_init(&client_fd);
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_entropy_init(&entropy);
mbedtls_pk_init(&pkey);
mbedtls_x509_crt_init(&srvcert);
mbedtls_ctr_drbg_init(&ctr_drbg);
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
@@ -103,13 +92,6 @@ int main(void)
mbedtls_printf("\n . Initial seeding of the random generator...");
fflush(stdout);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed! mbedtls_ctr_drbg_seed returned %d\n\n", ret);
goto exit;
}
mbedtls_printf(" ok\n");
/*
@@ -218,13 +200,6 @@ int main(void)
mbedtls_net_close(&client_fd);
fflush(stdout);
if ((ret = mbedtls_ctr_drbg_reseed(&ctr_drbg,
(const unsigned char *) "parent",
6)) != 0) {
mbedtls_printf(" failed! mbedtls_ctr_drbg_reseed returned %d\n\n", ret);
goto exit;
}
continue;
}
@@ -238,15 +213,6 @@ int main(void)
mbedtls_printf("pid %d: Setting up the SSL data.\n", pid);
fflush(stdout);
if ((ret = mbedtls_ctr_drbg_reseed(&ctr_drbg,
(const unsigned char *) "child",
5)) != 0) {
mbedtls_printf(
"pid %d: SSL setup failed! mbedtls_ctr_drbg_reseed returned %d\n\n",
pid, ret);
goto exit;
}
if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
mbedtls_printf(
"pid %d: SSL setup failed! mbedtls_ssl_setup returned %d\n\n",
@@ -364,13 +330,11 @@ exit:
mbedtls_pk_free(&pkey);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_psa_crypto_free();
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
#endif /* MBEDTLS_BIGNUM_C &&
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_PARSE_C &&
MBEDTLS_RSA_C && MBEDTLS_PEM_PARSE_C &&
! _WIN32 */

24
programs/ssl/ssl_mail_client.c
View File

@@ -11,7 +11,6 @@
#define _POSIX_C_SOURCE 200112L
#define _XOPEN_SOURCE 600
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
@@ -21,14 +20,14 @@
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || \
!defined(MBEDTLS_FS_IO)
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
"and/or MBEDTLS_X509_CRT_PARSE_C "
"not defined.\n");
mbedtls_exit(0);
}
@@ -38,8 +37,6 @@ int main(void)
#include "mbedtls/error.h"
#include "mbedtls/net_sockets.h"
#include "mbedtls/ssl.h"
#include "mbedtls/private/entropy.h"
#include "mbedtls/private/ctr_drbg.h"
#include "test/certs.h"
#include "mbedtls/x509.h"
@@ -334,10 +331,7 @@ int main(int argc, char *argv[])
unsigned char buf[1024];
#endif
char hostname[32];
const char *pers = "ssl_mail_client";
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_x509_crt cacert;
@@ -358,8 +352,6 @@ int main(int argc, char *argv[])
mbedtls_x509_crt_init(&cacert);
mbedtls_x509_crt_init(&clicert);
mbedtls_pk_init(&pkey);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
@@ -456,13 +448,6 @@ usage:
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
mbedtls_printf(" ok\n");
/*
@@ -800,12 +785,9 @@ exit:
mbedtls_pk_free(&pkey);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_psa_crypto_free();
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C **
MBEDTLS_CTR_DRBG_C */
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C */

29
programs/ssl/ssl_pthread_server.c
View File

@@ -6,19 +6,15 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \
#if !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \
!defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
int main(void)
{
mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
mbedtls_printf("MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
"not defined.\n");
mbedtls_exit(0);
@@ -38,8 +34,6 @@ int main(void)
#include <windows.h>
#endif
#include "mbedtls/private/entropy.h"
#include "mbedtls/private/ctr_drbg.h"
#include "mbedtls/x509.h"
#include "mbedtls/ssl.h"
#include "mbedtls/net_sockets.h"
@@ -288,10 +282,7 @@ int main(void)
{
int ret;
mbedtls_net_context listen_fd, client_fd;
const char pers[] = "ssl_pthread_server";
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_config conf;
mbedtls_x509_crt srvcert;
mbedtls_x509_crt cachain;
@@ -315,7 +306,6 @@ int main(void)
mbedtls_x509_crt_init(&cachain);
mbedtls_ssl_config_init(&conf);
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(threads, 0, sizeof(threads));
mbedtls_net_init(&listen_fd);
mbedtls_net_init(&client_fd);
@@ -324,11 +314,6 @@ int main(void)
base_info.config = &conf;
/*
* We use only a single entropy source that is used in all the threads.
*/
mbedtls_entropy_init(&entropy);
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
@@ -342,14 +327,6 @@ int main(void)
*/
mbedtls_printf(" . Seeding the random number generator...");
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
}
mbedtls_printf(" ok\n");
/*
@@ -474,8 +451,6 @@ exit:
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_free(&cache);
#endif
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_ssl_config_free(&conf);
mbedtls_net_free(&listen_fd);
mbedtls_mutex_free(&debug_mutex);

24
programs/ssl/ssl_server.c
View File

@@ -5,19 +5,15 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \
#if !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \
!defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
int main(void)
{
mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
mbedtls_printf("MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
"not defined.\n");
mbedtls_exit(0);
@@ -31,8 +27,6 @@ int main(void)
#include <windows.h>
#endif
#include "mbedtls/private/entropy.h"
#include "mbedtls/private/ctr_drbg.h"
#include "mbedtls/x509.h"
#include "mbedtls/ssl.h"
#include "mbedtls/net_sockets.h"
@@ -67,10 +61,7 @@ int main(void)
int ret, len;
mbedtls_net_context listen_fd, client_fd;
unsigned char buf[1024];
const char *pers = "ssl_server";
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_x509_crt srvcert;
@@ -88,8 +79,6 @@ int main(void)
#endif
mbedtls_x509_crt_init(&srvcert);
mbedtls_pk_init(&pkey);
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
@@ -109,13 +98,6 @@ int main(void)
mbedtls_printf(" . Seeding the random number generator...");
fflush(stdout);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
mbedtls_printf(" ok\n");
/*
@@ -346,8 +328,6 @@ exit:
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_free(&cache);
#endif
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_psa_crypto_free();
mbedtls_exit(ret);

19
programs/ssl/ssl_server2.c
View File

@@ -600,9 +600,6 @@ int main(void)
(out_be)[(i) + 7] = (unsigned char) (((in_le) >> 0) & 0xFF); \
}
/* This is global so it can be easily accessed by callback functions */
rng_context_t rng;
/*
* global options
*/
@@ -1631,7 +1628,6 @@ int main(int argc, char *argv[])
mbedtls_net_init(&listen_fd);
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
rng_init(&rng);
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
mbedtls_x509_crt_init(&cacert);
mbedtls_x509_crt_init(&srvcert);
@@ -2539,7 +2535,7 @@ usage:
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
ret = rng_seed(&rng, opt.reproducible, pers);
ret = rng_seed(opt.reproducible, pers);
if (ret != 0) {
goto exit;
}
@@ -2949,8 +2945,8 @@ usage:
if (opt.ticket_rotate) {
unsigned char kbuf[MBEDTLS_SSL_TICKET_MAX_KEY_BYTES];
unsigned char name[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES];
if ((ret = rng_get(&rng, name, sizeof(name))) != 0 ||
(ret = rng_get(&rng, kbuf, sizeof(kbuf))) != 0 ||
if ((ret = psa_generate_random(name, sizeof(name))) != 0 ||
(ret = psa_generate_random(kbuf, sizeof(kbuf))) != 0 ||
(ret = mbedtls_ssl_ticket_rotate(&ticket_ctx,
name, sizeof(name), kbuf, sizeof(kbuf),
opt.ticket_timeout)) != 0) {
@@ -3082,8 +3078,6 @@ usage:
ssl_async_keys.inject_error = (opt.async_private_error < 0 ?
-opt.async_private_error :
opt.async_private_error);
ssl_async_keys.f_rng = rng_get;
ssl_async_keys.p_rng = &rng;
mbedtls_ssl_conf_async_private_cb(&conf,
sign,
ssl_async_resume,
@@ -4257,14 +4251,7 @@ exit:
mbedtls_printf("PSA memory leak detected: %s\n", message);
}
/* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
* resources are freed by rng_free(). */
#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
mbedtls_psa_crypto_free();
#endif
rng_free(&rng);
mbedtls_free(buf);
#if defined(MBEDTLS_TEST_HOOKS)

124
programs/ssl/ssl_test_lib.c
View File

@@ -46,51 +46,9 @@ mbedtls_time_t dummy_constant_time(mbedtls_time_t *time)
}
#endif
#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
static int dummy_entropy(void *data, unsigned char *output, size_t len)
int rng_seed(int reproducible, const char *pers)
{
size_t i;
int ret;
(void) data;
ret = mbedtls_entropy_func(data, output, len);
for (i = 0; i < len; i++) {
//replace result with pseudo random
output[i] = (unsigned char) rand();
}
return ret;
}
#endif
void rng_init(rng_context_t *rng)
{
#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
(void) rng;
psa_crypto_init();
#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_init(&rng->drbg);
#elif defined(MBEDTLS_HMAC_DRBG_C)
mbedtls_hmac_drbg_init(&rng->drbg);
#else
#error "No DRBG available"
#endif
mbedtls_entropy_init(&rng->entropy);
#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
}
int rng_seed(rng_context_t *rng, int reproducible, const char *pers)
{
if (reproducible) {
mbedtls_fprintf(stderr,
"reproducible mode is not supported.\n");
return -1;
}
#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
/* The PSA crypto RNG does its own seeding. */
(void) rng;
(void) pers;
if (reproducible) {
mbedtls_fprintf(stderr,
@@ -98,86 +56,6 @@ int rng_seed(rng_context_t *rng, int reproducible, const char *pers)
return -1;
}
return 0;
#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
int (*f_entropy)(void *, unsigned char *, size_t) =
(reproducible ? dummy_entropy : mbedtls_entropy_func);
if (reproducible) {
srand(1);
}
#if defined(MBEDTLS_CTR_DRBG_C)
int ret = mbedtls_ctr_drbg_seed(&rng->drbg,
f_entropy, &rng->entropy,
(const unsigned char *) pers,
strlen(pers));
#elif defined(MBEDTLS_HMAC_DRBG_C)
#if defined(PSA_WANT_ALG_SHA_256)
const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA256;
#elif defined(PSA_WANT_ALG_SHA_512)
const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA512;
#else
#error "No message digest available for HMAC_DRBG"
#endif
int ret = mbedtls_hmac_drbg_seed(&rng->drbg,
mbedtls_md_info_from_type(md_type),
f_entropy, &rng->entropy,
(const unsigned char *) pers,
strlen(pers));
#else /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */
#error "No DRBG available"
#endif /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
(unsigned int) -ret);
return ret;
}
#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
return 0;
}
void rng_free(rng_context_t *rng)
{
#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
(void) rng;
/* Deinitialize the PSA crypto subsystem. This deactivates all PSA APIs.
* This is ok because none of our applications try to do any crypto after
* deinitializing the RNG. */
mbedtls_psa_crypto_free();
#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_free(&rng->drbg);
#elif defined(MBEDTLS_HMAC_DRBG_C)
mbedtls_hmac_drbg_free(&rng->drbg);
#else
#error "No DRBG available"
#endif
mbedtls_entropy_free(&rng->entropy);
#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
}
int rng_get(void *p_rng, unsigned char *output, size_t output_len)
{
#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
(void) p_rng;
return mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
output, output_len);
#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
rng_context_t *rng = p_rng;
#if defined(MBEDTLS_CTR_DRBG_C)
return mbedtls_ctr_drbg_random(&rng->drbg, output, output_len);
#elif defined(MBEDTLS_HMAC_DRBG_C)
return mbedtls_hmac_drbg_random(&rng->drbg, output, output_len);
#else
#error "No DRBG available"
#endif
#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
}
int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2)

53
programs/ssl/ssl_test_lib.h
View File

@@ -45,9 +45,6 @@
#include "mbedtls/net_sockets.h"
#include "mbedtls/ssl.h"
#include "mbedtls/ssl_ciphersuites.h"
#include "mbedtls/private/entropy.h"
#include "mbedtls/private/ctr_drbg.h"
#include "mbedtls/private/hmac_drbg.h"
#include "mbedtls/x509.h"
#include "mbedtls/error.h"
#include "mbedtls/debug.h"
@@ -106,32 +103,6 @@ void my_debug(void *ctx, int level,
mbedtls_time_t dummy_constant_time(mbedtls_time_t *time);
#endif
#define MBEDTLS_TEST_USE_PSA_CRYPTO_RNG
/** A context for random number generation (RNG).
*/
typedef struct {
#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
unsigned char dummy;
#else /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
mbedtls_entropy_context entropy;
#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_context drbg;
#elif defined(MBEDTLS_HMAC_DRBG_C)
mbedtls_hmac_drbg_context drbg;
#else
#error "No DRBG available"
#endif
#endif /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
} rng_context_t;
/** Initialize the RNG.
*
* This function only initializes the memory used by the RNG context.
* Before using the RNG, it must be seeded with rng_seed().
*/
void rng_init(rng_context_t *rng);
/* Seed the random number generator.
*
* \param rng The RNG context to use. It must have been initialized
@@ -146,29 +117,7 @@ void rng_init(rng_context_t *rng);
*
* return 0 on success, a negative value on error.
*/
int rng_seed(rng_context_t *rng, int reproducible, const char *pers);
/** Deinitialize the RNG. Free any embedded resource.
*
* \param rng The RNG context to deinitialize. It must have been
* initialized with rng_init().
*/
void rng_free(rng_context_t *rng);
/** Generate random data.
*
* This function is suitable for use as the \c f_rng argument to Mbed TLS
* library functions.
*
* \param p_rng The random generator context. This must be a pointer to
* a #rng_context_t structure.
* \param output The buffer to fill.
* \param output_len The length of the buffer in bytes.
*
* \return \c 0 on success.
* \return An Mbed TLS error code on error.
*/
int rng_get(void *p_rng, unsigned char *output, size_t output_len);
int rng_seed(int reproducible, const char *pers);
/** Parse command-line option: key_opaque_algs
*

2
programs/test/cmake_package/cmake_package.c
View File

@@ -5,8 +5,6 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"

2
programs/test/cmake_package_install/cmake_package_install.c
View File

@@ -6,8 +6,6 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"

2
programs/test/cmake_subproject/cmake_subproject.c
View File

@@ -6,8 +6,6 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"

2
programs/test/dlopen.c
View File

@@ -5,8 +5,6 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"

6
programs/test/selftest.c
View File

@@ -9,7 +9,6 @@
#include "mbedtls/build_info.h"
#include "mbedtls/private/entropy.h"
#include "mbedtls/private/hmac_drbg.h"
#include "mbedtls/private/ctr_drbg.h"
#include "mbedtls/private/gcm.h"
@@ -235,18 +234,19 @@ static void create_entropy_seed_file(void)
dummy_entropy(seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE);
mbedtls_platform_std_nv_seed_write(seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE);
}
#endif
#endif /* defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_ENTROPY_C) */
static int mbedtls_entropy_self_test_wrapper(int verbose)
{
#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PSA_DRIVER_GET_ENTROPY)
create_entropy_seed_file();
#endif
#endif /* defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PSA_DRIVER_GET_ENTROPY) */
return mbedtls_entropy_self_test(verbose);
}
#endif
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
static int mbedtls_memory_buffer_alloc_free_and_self_test(int verbose)
{

3
programs/test/udp_proxy.c
View File

@@ -11,9 +11,6 @@
* example of good general usage.
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include <limits.h>

2
programs/util/pem2der.c
View File

@@ -5,8 +5,6 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"

2
programs/util/strerror.c
View File

@@ -5,8 +5,6 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"

30
programs/x509/cert_app.c
View File

@@ -5,30 +5,26 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
#if !defined(MBEDTLS_BIGNUM_C) || \
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_CTR_DRBG_C) || defined(MBEDTLS_X509_REMOVE_INFO)
defined(MBEDTLS_X509_REMOVE_INFO)
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
mbedtls_printf("MBEDTLS_BIGNUM_C and/or "
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined and/or MBEDTLS_X509_REMOVE_INFO defined.\n");
"and/or MBEDTLS_X509_REMOVE_INFO defined.\n");
mbedtls_exit(0);
}
#else
#include "mbedtls/private/entropy.h"
#include "mbedtls/private/ctr_drbg.h"
#include "mbedtls/net_sockets.h"
#include "mbedtls/ssl.h"
#include "mbedtls/x509.h"
@@ -123,8 +119,6 @@ int main(int argc, char *argv[])
int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_net_context server_fd;
unsigned char buf[1024];
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_x509_crt cacert;
@@ -133,17 +127,14 @@ int main(int argc, char *argv[])
uint32_t flags;
int verify = 0;
char *p, *q;
const char *pers = "cert_app";
/*
* Set to sane values
*/
mbedtls_net_init(&server_fd);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_x509_crt_init(&cacert);
mbedtls_entropy_init(&entropy);
#if defined(MBEDTLS_X509_CRL_PARSE_C)
mbedtls_x509_crl_init(&cacrl);
#else
@@ -336,13 +327,6 @@ usage:
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto ssl_exit;
}
mbedtls_printf(" ok\n");
#if defined(MBEDTLS_DEBUG_C)
@@ -442,12 +426,10 @@ exit:
#if defined(MBEDTLS_X509_CRL_PARSE_C)
mbedtls_x509_crl_free(&cacrl);
#endif
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_psa_crypto_free();
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */

22
programs/x509/cert_req.c
View File

@@ -15,22 +15,18 @@
#if !defined(MBEDTLS_X509_CSR_WRITE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
!defined(MBEDTLS_PK_PARSE_C) || !defined(PSA_WANT_ALG_SHA_256) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_MD_C)
int main(void)
{
mbedtls_printf("MBEDTLS_X509_CSR_WRITE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_PK_PARSE_C and/or PSA_WANT_ALG_SHA_256 and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
"MBEDTLS_PK_PARSE_C and/or PSA_WANT_ALG_SHA_256 "
"not defined.\n");
mbedtls_exit(0);
}
#else
#include "mbedtls/x509_csr.h"
#include "mbedtls/private/entropy.h"
#include "mbedtls/private/ctr_drbg.h"
#include "mbedtls/error.h"
#include <stdio.h>
@@ -146,9 +142,6 @@ int main(int argc, char *argv[])
int i;
char *p, *q, *r;
mbedtls_x509write_csr req;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "csr example app";
mbedtls_x509_san_list *cur, *prev;
#if defined(MBEDTLS_X509_CRT_PARSE_C)
uint8_t ip[4] = { 0 };
@@ -158,9 +151,7 @@ int main(int argc, char *argv[])
*/
mbedtls_x509write_csr_init(&req);
mbedtls_pk_init(&key);
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(buf, 0, sizeof(buf));
mbedtls_entropy_init(&entropy);
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
@@ -431,13 +422,6 @@ usage:
mbedtls_printf(" . Seeding the random number generator...");
fflush(stdout);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d", ret);
goto exit;
}
mbedtls_printf(" ok\n");
/*
@@ -498,8 +482,6 @@ exit:
mbedtls_x509write_csr_free(&req);
mbedtls_pk_free(&key);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_psa_crypto_free();
cur = opt.san_list;
@@ -522,4 +504,4 @@ exit:
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_WRITE_C */
MBEDTLS_PEM_WRITE_C */

22
programs/x509/cert_write.c
View File

@@ -15,14 +15,12 @@
#if !defined(MBEDTLS_X509_CRT_WRITE_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_ERROR_C) || !defined(PSA_WANT_ALG_SHA_256) || \
!defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_MD_C)
int main(void)
{
mbedtls_printf("MBEDTLS_X509_CRT_WRITE_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
"MBEDTLS_FS_IO and/or PSA_WANT_ALG_SHA_256 and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_ERROR_C not defined.\n");
mbedtls_exit(0);
}
@@ -31,8 +29,6 @@ int main(void)
#include "mbedtls/x509_crt.h"
#include "mbedtls/x509_csr.h"
#include "mbedtls/oid.h"
#include "mbedtls/private/entropy.h"
#include "mbedtls/private/ctr_drbg.h"
#include "mbedtls/error.h"
#include "test/helpers.h"
@@ -306,9 +302,6 @@ int main(int argc, char *argv[])
unsigned char serial[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN];
size_t serial_len;
mbedtls_asn1_sequence *ext_key_usage;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "crt example app";
mbedtls_x509_san_list *cur, *prev;
uint8_t ip[4] = { 0 };
/*
@@ -317,8 +310,6 @@ int main(int argc, char *argv[])
mbedtls_x509write_crt_init(&crt);
mbedtls_pk_init(&loaded_issuer_key);
mbedtls_pk_init(&loaded_subject_key);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
#if defined(MBEDTLS_X509_CSR_PARSE_C)
mbedtls_x509_csr_init(&csr);
#endif
@@ -681,15 +672,6 @@ usage:
mbedtls_printf(" . Seeding the random number generator...");
fflush(stdout);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d - %s\n",
ret, buf);
goto exit;
}
mbedtls_printf(" ok\n");
// Parse serial to MPI
@@ -1022,12 +1004,10 @@ exit:
mbedtls_x509write_crt_free(&crt);
mbedtls_pk_free(&loaded_subject_key);
mbedtls_pk_free(&loaded_issuer_key);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_psa_crypto_free();
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C &&
MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
MBEDTLS_FS_IO
MBEDTLS_ERROR_C && MBEDTLS_PEM_WRITE_C */

2
programs/x509/crl_app.c
View File

@@ -5,8 +5,6 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"

2
programs/x509/load_roots.c
View File

@@ -5,8 +5,6 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"

2
programs/x509/req_app.c
View File

@@ -5,8 +5,6 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"