From 47111a1cb1efe636d22bcdb6c3105a2a8e1a5d21 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 6 Mar 2025 11:35:00 +0000 Subject: [PATCH 01/16] initial remove of mbedtls_ssl_conf_rng Signed-off-by: Ben Taylor --- include/mbedtls/ssl.h | 11 ----------- library/ssl_tls.c | 8 -------- programs/fuzz/fuzz_client.c | 1 - programs/fuzz/fuzz_dtlsclient.c | 1 - programs/fuzz/fuzz_dtlsserver.c | 1 - programs/fuzz/fuzz_server.c | 1 - programs/ssl/dtls_client.c | 1 - programs/ssl/dtls_server.c | 1 - programs/ssl/mini_client.c | 2 -- programs/ssl/ssl_client1.c | 1 - programs/ssl/ssl_client2.c | 1 - programs/ssl/ssl_fork_server.c | 1 - programs/ssl/ssl_mail_client.c | 1 - programs/ssl/ssl_pthread_server.c | 1 - programs/ssl/ssl_server.c | 1 - programs/ssl/ssl_server2.c | 1 - programs/x509/cert_app.c | 1 - tests/src/test_helpers/ssl_helpers.c | 1 - tests/suites/test_suite_debug.function | 5 ----- tests/suites/test_suite_ssl.function | 6 ------ 20 files changed, 47 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 6c37fc3703..fa382253ca 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2060,17 +2060,6 @@ void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf, void *p_vrfy); #endif /* MBEDTLS_X509_CRT_PARSE_C */ -/** - * \brief Set the random number generator callback - * - * \param conf SSL configuration - * \param f_rng RNG function (mandatory) - * \param p_rng RNG parameter - */ -void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); - /** * \brief Set the debug callback * diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7eb181e373..8f90fa1b98 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1526,14 +1526,6 @@ void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf, } #endif /* MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) -{ - conf->f_rng = f_rng; - conf->p_rng = p_rng; -} - void mbedtls_ssl_conf_dbg(mbedtls_ssl_config *conf, void (*f_dbg)(void *, int, const char *, int, const char *), void *p_dbg) diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 209422399f..03a6337d48 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -142,7 +142,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) // mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes srand(1); - mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg); if (mbedtls_ssl_setup(&ssl, &conf) != 0) { goto exit; diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index e667d8b3d0..31c6c9bdd6 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -85,7 +85,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); #endif mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE); - mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg); if (mbedtls_ssl_setup(&ssl, &conf) != 0) { goto exit; diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 740dea5aaf..2228d070aa 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -100,7 +100,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) srand(1); - mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg); #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 857b1b64f9..a1e03d4502 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -113,7 +113,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) } srand(1); - mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg); #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 3277e525f8..26eb20d49f 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -169,7 +169,6 @@ int main(int argc, char *argv[]) * Production code should set a proper ca chain and use REQUIRED. */ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL); mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS); diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index a10a6e6bb2..0e155fd0d2 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -200,7 +200,6 @@ int main(void) goto exit; } - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS); diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 39d07ab378..e3adb3cf8a 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -187,8 +187,6 @@ int main(void) goto exit; } - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); - #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk), (const unsigned char *) psk_id, sizeof(psk_id) - 1); diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index bd2572bc21..dba8aab658 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -150,7 +150,6 @@ int main(void) * but makes interop easier in this simplified example */ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL); mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index e4efadc0d1..6a5fca57de 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1906,7 +1906,6 @@ usage: #endif #endif /* MBEDTLS_HAVE_TIME */ } - mbedtls_ssl_conf_rng(&conf, rng_get, &rng); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); mbedtls_ssl_conf_read_timeout(&conf, opt.read_timeout); diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index f1eb21f3d9..f8752bb604 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -160,7 +160,6 @@ int main(void) goto exit; } - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 69aefef7db..521bc5418a 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -571,7 +571,6 @@ usage: * but makes interop easier in this simplified example */ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL); - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) { diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 1214eb83fa..5701a7b838 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -401,7 +401,6 @@ int main(void) goto exit; } - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_mutexed_debug, stdout); /* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 0f27b8227d..2f26ca4801 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -179,7 +179,6 @@ int main(void) goto exit; } - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); #if defined(MBEDTLS_SSL_CACHE_C) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 556e906498..633822297e 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2925,7 +2925,6 @@ usage: #endif #endif /* MBEDTLS_HAVE_TIME */ } - mbedtls_ssl_conf_rng(&conf, rng_get, &rng); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); #if defined(MBEDTLS_SSL_CACHE_C) diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 1de439ce8b..d9d5bb60ac 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -383,7 +383,6 @@ usage: mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE); } - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 1ebd5a6fa7..bffb35372b 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -767,7 +767,6 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_ssl_init(&(ep->ssl)); mbedtls_ssl_config_init(&(ep->conf)); - mbedtls_ssl_conf_rng(&(ep->conf), mbedtls_test_random, NULL); TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL); TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0); diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index f3c8ff6196..57b8f4e175 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -156,7 +156,6 @@ void debug_print_msg_threshold(int threshold, int level, char *file, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -194,7 +193,6 @@ void mbedtls_debug_print_ret(char *file, int line, char *text, int value, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -229,7 +227,6 @@ void mbedtls_debug_print_buf(char *file, int line, char *text, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -267,7 +264,6 @@ void mbedtls_debug_print_crt(char *crt_file, char *file, int line, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -306,7 +302,6 @@ void mbedtls_debug_print_mpi(char *value, char *file, int line, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 3f84458797..25aa44fc09 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1219,7 +1219,6 @@ void ssl_dtls_replay(data_t *prevs, data_t *new, int ret) MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_PRESET_DEFAULT) == 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -3033,7 +3032,6 @@ void conf_version(int endpoint, int transport, mbedtls_ssl_conf_transport(&conf, transport); mbedtls_ssl_conf_min_tls_version(&conf, min_tls_version); mbedtls_ssl_conf_max_tls_version(&conf, max_tls_version); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == expected_ssl_setup_result); TEST_EQUAL(mbedtls_ssl_conf_get_endpoint( @@ -3058,7 +3056,6 @@ void conf_group() mbedtls_ssl_config conf; mbedtls_ssl_config_init(&conf); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); @@ -3168,7 +3165,6 @@ void cookie_parsing(data_t *cookie, int exp_ret) MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); TEST_EQUAL(mbedtls_ssl_check_dtls_clihlo_cookie(&ssl, ssl.cli_id, @@ -3223,7 +3219,6 @@ void cid_sanity() MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT) == 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -3482,7 +3477,6 @@ void ssl_ecjpake_set_password(int use_opaque_arg) MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); From 602b2968caa8c38277eeaf86b55ab22510a28c43 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 7 Mar 2025 15:52:50 +0000 Subject: [PATCH 02/16] pre-test version of the mbedtls_ssl_conf_rng removal Signed-off-by: Ben Taylor --- library/ssl_client.c | 7 +++---- library/ssl_misc.h | 4 +--- library/ssl_msg.c | 13 +++---------- library/ssl_tls.c | 10 +++++----- library/ssl_tls12_server.c | 9 +++++---- library/ssl_tls13_server.c | 7 +++---- tests/suites/test_suite_ssl.function | 9 +++------ 7 files changed, 23 insertions(+), 36 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index be4d621d6c..f8abfde377 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -725,8 +725,7 @@ static int ssl_generate_random(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_HAVE_TIME */ } - ret = ssl->conf->f_rng(ssl->conf->p_rng, - randbytes + gmt_unix_time_len, + ret = psa_generate_random(randbytes + gmt_unix_time_len, MBEDTLS_CLIENT_HELLO_RANDOM_LEN - gmt_unix_time_len); return ret; } @@ -867,8 +866,8 @@ static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl) if (session_id_len != session_negotiate->id_len) { session_negotiate->id_len = session_id_len; if (session_id_len > 0) { - ret = ssl->conf->f_rng(ssl->conf->p_rng, - session_negotiate->id, + + ret = psa_generate_random(session_negotiate->id, session_id_len); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, "creating session id failed", ret); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index d12cee3ceb..e51a3df5ed 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1721,9 +1721,7 @@ void mbedtls_ssl_transform_init(mbedtls_ssl_transform *transform); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform, - mbedtls_record *rec, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); + mbedtls_record *rec); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, mbedtls_ssl_transform *transform, diff --git a/library/ssl_msg.c b/library/ssl_msg.c index f5ea8dd277..96c1a7c96e 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -801,9 +801,7 @@ static void ssl_build_record_nonce(unsigned char *dst_iv, int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform, - mbedtls_record *rec, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) + mbedtls_record *rec) { mbedtls_ssl_mode_t ssl_mode; int auth_done = 0; @@ -1140,10 +1138,6 @@ hmac_failed_etm_disabled: * Prepend per-record IV for block cipher in TLS v1.2 as per * Method 1 (6.2.3.2. in RFC4346 and RFC5246) */ - if (f_rng == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("No PRNG provided to encrypt_record routine")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } if (rec->data_offset < transform->ivlen) { MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); @@ -1153,7 +1147,7 @@ hmac_failed_etm_disabled: /* * Generate IV */ - ret = f_rng(p_rng, transform->iv_enc, transform->ivlen); + ret = psa_generate_random(transform->iv_enc, transform->ivlen); if (ret != 0) { return ret; } @@ -2725,8 +2719,7 @@ int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, int force_flush) rec.cid_len = 0; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - if ((ret = mbedtls_ssl_encrypt_buf(ssl, ssl->transform_out, &rec, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + if ((ret = mbedtls_ssl_encrypt_buf(ssl, ssl->transform_out, &rec)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "ssl_encrypt_buf", ret); return ret; } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8f90fa1b98..20a2538290 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1223,11 +1223,6 @@ static int ssl_conf_check(const mbedtls_ssl_context *ssl) return ret; } - if (ssl->conf->f_rng == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided")); - return MBEDTLS_ERR_SSL_NO_RNG; - } - /* Space for further checks */ return 0; @@ -1249,6 +1244,7 @@ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, if ((ret = ssl_conf_check(ssl)) != 0) { return ret; } + ssl->tls_version = ssl->conf->max_tls_version; /* @@ -1289,6 +1285,10 @@ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, goto error; } + if((ret = psa_crypto_init()) != 0) { + goto error; + } + return 0; error: diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 84d5994ca0..d3c422369a 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2133,14 +2133,14 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, current time: %" MBEDTLS_PRINTF_LONGLONG, (long long) t)); #else - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 4)) != 0) { + if ((ret = psa_generate_random(ssl->conf->p_rng, p, 4)) != 0) { return ret; } p += 4; #endif /* MBEDTLS_HAVE_TIME */ - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 20)) != 0) { + if ((ret = psa_generate_random(p, 20)) != 0) { return ret; } p += 20; @@ -2166,7 +2166,8 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) } else #endif { - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 8)) != 0) { + + if ((ret = psa_generate_random(p, 8)) != 0) { return ret; } } @@ -2197,7 +2198,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_SESSION_TICKETS */ { ssl->session_negotiate->id_len = n = 32; - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, ssl->session_negotiate->id, + if ((ret = psa_generate_random(ssl->session_negotiate->id, n)) != 0) { return ret; } diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 1dde4ab3c9..4ef23f8fc2 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1996,7 +1996,7 @@ static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl) unsigned char *server_randbytes = ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN; - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, server_randbytes, + if ((ret = psa_generate_random(server_randbytes, MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret); return ret; @@ -3172,8 +3172,7 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, #endif /* Generate ticket_age_add */ - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, - (unsigned char *) &session->ticket_age_add, + if ((ret = psa_generate_random((unsigned char *) &session->ticket_age_add, sizeof(session->ticket_age_add)) != 0)) { MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_age_add", ret); return ret; @@ -3182,7 +3181,7 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, (unsigned int) session->ticket_age_add)); /* Generate ticket_nonce */ - ret = ssl->conf->f_rng(ssl->conf->p_rng, ticket_nonce, ticket_nonce_size); + ret = psa_generate_random(ticket_nonce, ticket_nonce_size); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_nonce", ret); return ret; diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 25aa44fc09..743b53c007 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1340,8 +1340,7 @@ void ssl_crypt_record(int cipher_type, int hash_id, rec_backup = rec; /* Encrypt record */ - ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec, - mbedtls_test_rnd_std_rand, NULL); + ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec); TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); if (ret != 0) { continue; @@ -1494,8 +1493,7 @@ void ssl_crypt_record_small(int cipher_type, int hash_id, rec_backup = rec; /* Encrypt record */ - ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec, - mbedtls_test_rnd_std_rand, NULL); + ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec); if (ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) { /* It's ok if the output buffer is too small. We do insist @@ -1948,8 +1946,7 @@ void ssl_tls13_record_protection(int ciphersuite, memset(&rec.ctr[0], 0, 8); rec.ctr[7] = ctr; - TEST_ASSERT(mbedtls_ssl_encrypt_buf(NULL, &transform_send, &rec, - NULL, NULL) == 0); + TEST_ASSERT(mbedtls_ssl_encrypt_buf(NULL, &transform_send, &rec) == 0); if (padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) { TEST_MEMORY_COMPARE(rec.buf + rec.data_offset, rec.data_len, From fd52984896a4cb6359987e227b914a42901e7384 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 10 Mar 2025 08:27:42 +0000 Subject: [PATCH 03/16] resolved ci failures Signed-off-by: Ben Taylor --- library/ssl_msg.c | 2 -- library/ssl_tls12_server.c | 3 +-- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 96c1a7c96e..847b1daf2a 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -827,8 +827,6 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, * for CBC transformations in TLS 1.2. */ #if !(defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \ defined(MBEDTLS_SSL_PROTO_TLS1_2)) - ((void) f_rng); - ((void) p_rng); #endif MBEDTLS_SSL_DEBUG_MSG(2, ("=> encrypt buf")); diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index d3c422369a..055e75ad8b 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2133,7 +2133,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, current time: %" MBEDTLS_PRINTF_LONGLONG, (long long) t)); #else - if ((ret = psa_generate_random(ssl->conf->p_rng, p, 4)) != 0) { + if ((ret = psa_generate_random(p, 4)) != 0) { return ret; } @@ -2166,7 +2166,6 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) } else #endif { - if ((ret = psa_generate_random(p, 8)) != 0) { return ret; } From 6ff2da196a3d6ab2f93409ba7a915031d16d0e29 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 17 Mar 2025 09:26:20 +0000 Subject: [PATCH 04/16] added further debug Signed-off-by: Ben Taylor --- library/ssl_tls.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 20a2538290..1656f83336 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4467,10 +4467,13 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { + if (ssl->conf != NULL) { + if (ssl->conf->f_async_cancel != NULL) { + if(handshake->async_in_progress != 0) { ssl->conf->f_async_cancel(ssl); handshake->async_in_progress = 0; - } + }}} + #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #if defined(PSA_WANT_ALG_SHA_256) From d5d707842ce6fba99af8e72947f464d7faf58de3 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 18 Mar 2025 09:16:14 +0000 Subject: [PATCH 05/16] removed NR psa-init Signed-off-by: Ben Taylor --- library/ssl_tls.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1656f83336..3b62df4ca9 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1285,10 +1285,6 @@ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, goto error; } - if((ret = psa_crypto_init()) != 0) { - goto error; - } - return 0; error: From 0deda0e34ca23ff36fa6904d4ba681931863e0c4 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 18 Mar 2025 11:27:37 +0000 Subject: [PATCH 06/16] Update debug Signed-off-by: Ben Taylor --- library/ssl_tls13_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 4ef23f8fc2..6fa90d444f 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1998,7 +1998,7 @@ static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl) if ((ret = psa_generate_random(server_randbytes, MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret); + MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_random", ret); return ret; } From 1cd1e01897a2c8b1a10654852bfcee51d19f7fc3 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 18 Mar 2025 11:50:39 +0000 Subject: [PATCH 07/16] Correct code style Signed-off-by: Ben Taylor --- library/ssl_client.c | 4 ++-- library/ssl_tls.c | 12 +++++++----- library/ssl_tls12_server.c | 2 +- library/ssl_tls13_server.c | 4 ++-- 4 files changed, 12 insertions(+), 10 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index f8abfde377..cb57a97669 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -726,7 +726,7 @@ static int ssl_generate_random(mbedtls_ssl_context *ssl) } ret = psa_generate_random(randbytes + gmt_unix_time_len, - MBEDTLS_CLIENT_HELLO_RANDOM_LEN - gmt_unix_time_len); + MBEDTLS_CLIENT_HELLO_RANDOM_LEN - gmt_unix_time_len); return ret; } @@ -868,7 +868,7 @@ static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl) if (session_id_len > 0) { ret = psa_generate_random(session_negotiate->id, - session_id_len); + session_id_len); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, "creating session id failed", ret); return ret; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3b62df4ca9..2a759832bf 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4464,11 +4464,13 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if (ssl->conf != NULL) { - if (ssl->conf->f_async_cancel != NULL) { - if(handshake->async_in_progress != 0) { - ssl->conf->f_async_cancel(ssl); - handshake->async_in_progress = 0; - }}} + if (ssl->conf->f_async_cancel != NULL) { + if (handshake->async_in_progress != 0) { + ssl->conf->f_async_cancel(ssl); + handshake->async_in_progress = 0; + } + } + } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 055e75ad8b..e1785504b6 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2198,7 +2198,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) { ssl->session_negotiate->id_len = n = 32; if ((ret = psa_generate_random(ssl->session_negotiate->id, - n)) != 0) { + n)) != 0) { return ret; } } diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 6fa90d444f..dc50bee868 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1997,7 +1997,7 @@ static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl) ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN; if ((ret = psa_generate_random(server_randbytes, - MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) { + MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_random", ret); return ret; } @@ -3173,7 +3173,7 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, /* Generate ticket_age_add */ if ((ret = psa_generate_random((unsigned char *) &session->ticket_age_add, - sizeof(session->ticket_age_add)) != 0)) { + sizeof(session->ticket_age_add)) != 0)) { MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_age_add", ret); return ret; } From 1f091466c153739923180dbbf6179674fa65d290 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 19 Mar 2025 08:00:14 +0000 Subject: [PATCH 08/16] tidy up syntax Signed-off-by: Ben Taylor --- library/ssl_tls.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2a759832bf..f0da0ddce7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4464,11 +4464,9 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if (ssl->conf != NULL) { - if (ssl->conf->f_async_cancel != NULL) { - if (handshake->async_in_progress != 0) { + if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { ssl->conf->f_async_cancel(ssl); handshake->async_in_progress = 0; - } } } From 9774e9a176c26c15447f3032c7ea9a67a6429e4f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 19 Mar 2025 11:45:38 +0000 Subject: [PATCH 09/16] corrected code style Signed-off-by: Ben Taylor --- library/ssl_tls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f0da0ddce7..776b8da337 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4465,8 +4465,8 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if (ssl->conf != NULL) { if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { - ssl->conf->f_async_cancel(ssl); - handshake->async_in_progress = 0; + ssl->conf->f_async_cancel(ssl); + handshake->async_in_progress = 0; } } From fb68b8cf57e865e7175af74ed069384bae093f35 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 19 Mar 2025 13:35:56 +0000 Subject: [PATCH 10/16] Remove empty ifdef Signed-off-by: Ben Taylor --- library/ssl_msg.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 847b1daf2a..be0dc92720 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -823,12 +823,6 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, ((void) ssl); #endif - /* The PRNG is used for dynamic IV generation that's used - * for CBC transformations in TLS 1.2. */ -#if !(defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_2)) -#endif - MBEDTLS_SSL_DEBUG_MSG(2, ("=> encrypt buf")); if (transform == NULL) { From 03c05c336ef035251dd170120b8bad1ca8f882c3 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 19 Mar 2025 13:36:13 +0000 Subject: [PATCH 11/16] Remove additional line Signed-off-by: Ben Taylor --- library/ssl_tls.c | 1 - 1 file changed, 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 776b8da337..619e8db311 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1244,7 +1244,6 @@ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, if ((ret = ssl_conf_check(ssl)) != 0) { return ret; } - ssl->tls_version = ssl->conf->max_tls_version; /* From b9f83b3d07f9bc397ec4e60c2410a05064823b31 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 19 Mar 2025 13:51:42 +0000 Subject: [PATCH 12/16] Remove srand from fuzz Signed-off-by: Ben Taylor --- programs/fuzz/fuzz_client.c | 2 -- programs/fuzz/fuzz_dtlsclient.c | 1 - programs/fuzz/fuzz_dtlsserver.c | 3 --- programs/fuzz/fuzz_server.c | 2 -- 4 files changed, 8 deletions(-) diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 03a6337d48..6d3b73fa93 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -141,8 +141,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) //There may be other options to add : // mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes - srand(1); - if (mbedtls_ssl_setup(&ssl, &conf) != 0) { goto exit; } diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index 31c6c9bdd6..efe1362275 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -68,7 +68,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - srand(1); if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { goto exit; diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 2228d070aa..31eb514275 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -98,9 +98,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) goto exit; } - - srand(1); - #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) { diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index a1e03d4502..bb9dd0a58c 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -112,8 +112,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) goto exit; } - srand(1); - #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) { From c12152e53e430b9c76917144e258f4ac59761d62 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 21 Mar 2025 11:03:04 +0000 Subject: [PATCH 13/16] corrected style Signed-off-by: Ben Taylor --- library/ssl_tls.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 619e8db311..7fbb0b5b50 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4462,11 +4462,9 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (ssl->conf != NULL) { - if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { - ssl->conf->f_async_cancel(ssl); - handshake->async_in_progress = 0; - } + if (ssl->conf != NULL && ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { + ssl->conf->f_async_cancel(ssl); + handshake->async_in_progress = 0; } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ From 8224e7126220b05291bfbec4a4986a812a7b7211 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 21 Mar 2025 12:02:16 +0000 Subject: [PATCH 14/16] remove NULL guard Signed-off-by: Ben Taylor --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7fbb0b5b50..4635a85913 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4462,7 +4462,7 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (ssl->conf != NULL && ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { + if(ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { ssl->conf->f_async_cancel(ssl); handshake->async_in_progress = 0; } From cd2660fb0efbdd3525141a0578ccd1d2de24d87d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 21 Mar 2025 13:13:29 +0000 Subject: [PATCH 15/16] fixed code style Signed-off-by: Ben Taylor --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4635a85913..94de3430cc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4462,7 +4462,7 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if(ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { + if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { ssl->conf->f_async_cancel(ssl); handshake->async_in_progress = 0; } From 7a84f0f3a950bafbf35f0deba70d6a53eefd6286 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 27 Mar 2025 09:34:21 +0000 Subject: [PATCH 16/16] removed rng parameters from struct mbedtls_ssl_config Signed-off-by: Ben Taylor --- include/mbedtls/ssl.h | 4 ---- 1 file changed, 4 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index fa382253ca..9a02a6a8c2 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1405,10 +1405,6 @@ struct mbedtls_ssl_config { void(*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *); void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function */ - /** Callback for getting (pseudo-)random numbers */ - int(*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t); - void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */ - /** Callback to retrieve a session from the cache */ mbedtls_ssl_cache_get_t *MBEDTLS_PRIVATE(f_get_cache); /** Callback to store a session into the cache */