TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 11:11:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10042 from bjwtaylor/remove-ssl-conf

Browse Source 
Remove mbedtls_ssl_conf_rng()
This commit is contained in:
Manuel Pégourié-Gonnard
2025-03-27 14:05:42 +00:00
committed by GitHub
parent 06bdb16719 7a84f0f3a9
commit e57ea21a1c
25 changed files with 24 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
include/mbedtls/ssl.h
View File

@@ -1405,10 +1405,6 @@ struct mbedtls_ssl_config {
void(*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *); void(*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *);
void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function */ void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function */
/** Callback for getting (pseudo-)random numbers */
int(*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
/** Callback to retrieve a session from the cache */ /** Callback to retrieve a session from the cache */
mbedtls_ssl_cache_get_t *MBEDTLS_PRIVATE(f_get_cache); mbedtls_ssl_cache_get_t *MBEDTLS_PRIVATE(f_get_cache);
/** Callback to store a session into the cache */ /** Callback to store a session into the cache */
@@ -2060,17 +2056,6 @@ void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf,
void *p_vrfy); void *p_vrfy);
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
/**
* \brief Set the random number generator callback
*
* \param conf SSL configuration
* \param f_rng RNG function (mandatory)
* \param p_rng RNG parameter
*/
void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
/** /**
* \brief Set the debug callback * \brief Set the debug callback
* *

11
library/ssl_client.c
View File

@@ -725,9 +725,8 @@ static int ssl_generate_random(mbedtls_ssl_context *ssl)
#endif /* MBEDTLS_HAVE_TIME */ #endif /* MBEDTLS_HAVE_TIME */
} }
ret = ssl->conf->f_rng(ssl->conf->p_rng, ret = psa_generate_random(randbytes + gmt_unix_time_len,
randbytes + gmt_unix_time_len, MBEDTLS_CLIENT_HELLO_RANDOM_LEN - gmt_unix_time_len);
MBEDTLS_CLIENT_HELLO_RANDOM_LEN - gmt_unix_time_len);
return ret; return ret;
} }
@@ -867,9 +866,9 @@ static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl)
if (session_id_len != session_negotiate->id_len) { if (session_id_len != session_negotiate->id_len) {
session_negotiate->id_len = session_id_len; session_negotiate->id_len = session_id_len;
if (session_id_len > 0) { if (session_id_len > 0) {
ret = ssl->conf->f_rng(ssl->conf->p_rng,
session_negotiate->id, ret = psa_generate_random(session_negotiate->id,
session_id_len); session_id_len);
if (ret != 0) { if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "creating session id failed", ret); MBEDTLS_SSL_DEBUG_RET(1, "creating session id failed", ret);
return ret; return ret;

4
library/ssl_misc.h
View File

@@ -1721,9 +1721,7 @@ void mbedtls_ssl_transform_init(mbedtls_ssl_transform *transform);
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform, mbedtls_ssl_transform *transform,
mbedtls_record *rec, mbedtls_record *rec);
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl,
mbedtls_ssl_transform *transform, mbedtls_ssl_transform *transform,

21
library/ssl_msg.c
View File

@@ -801,9 +801,7 @@ static void ssl_build_record_nonce(unsigned char *dst_iv,
int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform, mbedtls_ssl_transform *transform,
mbedtls_record *rec, mbedtls_record *rec)
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
{ {
mbedtls_ssl_mode_t ssl_mode; mbedtls_ssl_mode_t ssl_mode;
int auth_done = 0; int auth_done = 0;
@@ -825,14 +823,6 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
((void) ssl); ((void) ssl);
#endif #endif
/* The PRNG is used for dynamic IV generation that's used
* for CBC transformations in TLS 1.2. */
#if !(defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
defined(MBEDTLS_SSL_PROTO_TLS1_2))
((void) f_rng);
((void) p_rng);
#endif
MBEDTLS_SSL_DEBUG_MSG(2, ("=> encrypt buf")); MBEDTLS_SSL_DEBUG_MSG(2, ("=> encrypt buf"));
if (transform == NULL) { if (transform == NULL) {
@@ -1140,10 +1130,6 @@ hmac_failed_etm_disabled:
* Prepend per-record IV for block cipher in TLS v1.2 as per * Prepend per-record IV for block cipher in TLS v1.2 as per
* Method 1 (6.2.3.2. in RFC4346 and RFC5246) * Method 1 (6.2.3.2. in RFC4346 and RFC5246)
*/ */
if (f_rng == NULL) {
MBEDTLS_SSL_DEBUG_MSG(1, ("No PRNG provided to encrypt_record routine"));
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
if (rec->data_offset < transform->ivlen) { if (rec->data_offset < transform->ivlen) {
MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough"));
@@ -1153,7 +1139,7 @@ hmac_failed_etm_disabled:
/* /*
* Generate IV * Generate IV
*/ */
ret = f_rng(p_rng, transform->iv_enc, transform->ivlen); ret = psa_generate_random(transform->iv_enc, transform->ivlen);
if (ret != 0) { if (ret != 0) {
return ret; return ret;
} }
@@ -2725,8 +2711,7 @@ int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, int force_flush)
rec.cid_len = 0; rec.cid_len = 0;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
if ((ret = mbedtls_ssl_encrypt_buf(ssl, ssl->transform_out, &rec, if ((ret = mbedtls_ssl_encrypt_buf(ssl, ssl->transform_out, &rec)) != 0) {
ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "ssl_encrypt_buf", ret); MBEDTLS_SSL_DEBUG_RET(1, "ssl_encrypt_buf", ret);
return ret; return ret;
} }

14
library/ssl_tls.c
View File

@@ -1223,11 +1223,6 @@ static int ssl_conf_check(const mbedtls_ssl_context *ssl)
return ret; return ret;
} }
if (ssl->conf->f_rng == NULL) {
MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided"));
return MBEDTLS_ERR_SSL_NO_RNG;
}
/* Space for further checks */ /* Space for further checks */
return 0; return 0;
@@ -1526,14 +1521,6 @@ void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf,
} }
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
{
conf->f_rng = f_rng;
conf->p_rng = p_rng;
}
void mbedtls_ssl_conf_dbg(mbedtls_ssl_config *conf, void mbedtls_ssl_conf_dbg(mbedtls_ssl_config *conf,
void (*f_dbg)(void *, int, const char *, int, const char *), void (*f_dbg)(void *, int, const char *, int, const char *),
void *p_dbg) void *p_dbg)
@@ -4479,6 +4466,7 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl)
ssl->conf->f_async_cancel(ssl); ssl->conf->f_async_cancel(ssl);
handshake->async_in_progress = 0; handshake->async_in_progress = 0;
} }
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(PSA_WANT_ALG_SHA_256) #if defined(PSA_WANT_ALG_SHA_256)

10
library/ssl_tls12_server.c
View File

@@ -2133,14 +2133,14 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl)
MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, current time: %" MBEDTLS_PRINTF_LONGLONG, MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
(long long) t)); (long long) t));
#else #else
if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 4)) != 0) { if ((ret = psa_generate_random(p, 4)) != 0) {
return ret; return ret;
} }
p += 4; p += 4;
#endif /* MBEDTLS_HAVE_TIME */ #endif /* MBEDTLS_HAVE_TIME */
if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 20)) != 0) { if ((ret = psa_generate_random(p, 20)) != 0) {
return ret; return ret;
} }
p += 20; p += 20;
@@ -2166,7 +2166,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl)
} else } else
#endif #endif
{ {
if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 8)) != 0) { if ((ret = psa_generate_random(p, 8)) != 0) {
return ret; return ret;
} }
} }
@@ -2197,8 +2197,8 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl)
#endif /* MBEDTLS_SSL_SESSION_TICKETS */ #endif /* MBEDTLS_SSL_SESSION_TICKETS */
{ {
ssl->session_negotiate->id_len = n = 32; ssl->session_negotiate->id_len = n = 32;
if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, ssl->session_negotiate->id, if ((ret = psa_generate_random(ssl->session_negotiate->id,
n)) != 0) { n)) != 0) {
return ret; return ret;
} }
} }

13
library/ssl_tls13_server.c
View File

@@ -1996,9 +1996,9 @@ static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl)
unsigned char *server_randbytes = unsigned char *server_randbytes =
ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN; ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, server_randbytes, if ((ret = psa_generate_random(server_randbytes,
MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) { MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret); MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_random", ret);
return ret; return ret;
} }
@@ -3172,9 +3172,8 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl,
#endif #endif
/* Generate ticket_age_add */ /* Generate ticket_age_add */
if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, if ((ret = psa_generate_random((unsigned char *) &session->ticket_age_add,
(unsigned char *) &session->ticket_age_add, sizeof(session->ticket_age_add)) != 0)) {
sizeof(session->ticket_age_add)) != 0)) {
MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_age_add", ret); MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_age_add", ret);
return ret; return ret;
} }
@@ -3182,7 +3181,7 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl,
(unsigned int) session->ticket_age_add)); (unsigned int) session->ticket_age_add));
/* Generate ticket_nonce */ /* Generate ticket_nonce */
ret = ssl->conf->f_rng(ssl->conf->p_rng, ticket_nonce, ticket_nonce_size); ret = psa_generate_random(ticket_nonce, ticket_nonce_size);
if (ret != 0) { if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_nonce", ret); MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_nonce", ret);
return ret; return ret;

3
programs/fuzz/fuzz_client.c
View File

@@ -141,9 +141,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
//There may be other options to add : //There may be other options to add :
// mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes // mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes
srand(1);
mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
if (mbedtls_ssl_setup(&ssl, &conf) != 0) { if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
goto exit; goto exit;
} }

2
programs/fuzz/fuzz_dtlsclient.c
View File

@@ -68,7 +68,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
} }
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
srand(1);
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) { (const unsigned char *) pers, strlen(pers)) != 0) {
goto exit; goto exit;
@@ -85,7 +84,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
#endif #endif
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE); mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
if (mbedtls_ssl_setup(&ssl, &conf) != 0) { if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
goto exit; goto exit;

4
programs/fuzz/fuzz_dtlsserver.c
View File

@@ -98,10 +98,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
goto exit; goto exit;
} }
srand(1);
mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) { if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) {

3
programs/fuzz/fuzz_server.c
View File

@@ -112,9 +112,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
goto exit; goto exit;
} }
srand(1);
mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) { if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) {

1
programs/ssl/dtls_client.c
View File

@@ -169,7 +169,6 @@ int main(int argc, char *argv[])
* Production code should set a proper ca chain and use REQUIRED. */ * Production code should set a proper ca chain and use REQUIRED. */
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL); mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS); mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS);

1
programs/ssl/dtls_server.c
View File

@@ -200,7 +200,6 @@ int main(void)
goto exit; goto exit;
} }
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS); mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS);

2
programs/ssl/mini_client.c
View File

@@ -187,8 +187,6 @@ int main(void)
goto exit; goto exit;
} }
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk), mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk),
(const unsigned char *) psk_id, sizeof(psk_id) - 1); (const unsigned char *) psk_id, sizeof(psk_id) - 1);

1
programs/ssl/ssl_client1.c
View File

@@ -150,7 +150,6 @@ int main(void)
* but makes interop easier in this simplified example */ * but makes interop easier in this simplified example */
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL); mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {

1
programs/ssl/ssl_client2.c
View File

@@ -1906,7 +1906,6 @@ usage:
#endif #endif
#endif /* MBEDTLS_HAVE_TIME */ #endif /* MBEDTLS_HAVE_TIME */
} }
mbedtls_ssl_conf_rng(&conf, rng_get, &rng);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
mbedtls_ssl_conf_read_timeout(&conf, opt.read_timeout); mbedtls_ssl_conf_read_timeout(&conf, opt.read_timeout);

1
programs/ssl/ssl_fork_server.c
View File

@@ -160,7 +160,6 @@ int main(void)
goto exit; goto exit;
} }
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);

1
programs/ssl/ssl_mail_client.c
View File

@@ -571,7 +571,6 @@ usage:
* but makes interop easier in this simplified example */ * but makes interop easier in this simplified example */
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL); mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) { if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) {

1
programs/ssl/ssl_pthread_server.c
View File

@@ -401,7 +401,6 @@ int main(void)
goto exit; goto exit;
} }
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_mutexed_debug, stdout); mbedtls_ssl_conf_dbg(&conf, my_mutexed_debug, stdout);
/* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if /* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if

1
programs/ssl/ssl_server.c
View File

@@ -179,7 +179,6 @@ int main(void)
goto exit; goto exit;
} }
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
#if defined(MBEDTLS_SSL_CACHE_C) #if defined(MBEDTLS_SSL_CACHE_C)

1
programs/ssl/ssl_server2.c
View File

@@ -2925,7 +2925,6 @@ usage:
#endif #endif
#endif /* MBEDTLS_HAVE_TIME */ #endif /* MBEDTLS_HAVE_TIME */
} }
mbedtls_ssl_conf_rng(&conf, rng_get, &rng);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
#if defined(MBEDTLS_SSL_CACHE_C) #if defined(MBEDTLS_SSL_CACHE_C)

1
programs/x509/cert_app.c
View File

@@ -383,7 +383,6 @@ usage:
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE); mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
} }
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {

1
tests/src/test_helpers/ssl_helpers.c
View File

@@ -767,7 +767,6 @@ int mbedtls_test_ssl_endpoint_init(
mbedtls_ssl_init(&(ep->ssl)); mbedtls_ssl_init(&(ep->ssl));
mbedtls_ssl_config_init(&(ep->conf)); mbedtls_ssl_config_init(&(ep->conf));
mbedtls_ssl_conf_rng(&(ep->conf), mbedtls_test_random, NULL);
TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL); TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL);
TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0); TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0);

5
tests/suites/test_suite_debug.function
View File

@@ -156,7 +156,6 @@ void debug_print_msg_threshold(int threshold, int level, char *file,
MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT), MBEDTLS_SSL_PRESET_DEFAULT),
0); 0);
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
@@ -194,7 +193,6 @@ void mbedtls_debug_print_ret(char *file, int line, char *text, int value,
MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT), MBEDTLS_SSL_PRESET_DEFAULT),
0); 0);
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
@@ -229,7 +227,6 @@ void mbedtls_debug_print_buf(char *file, int line, char *text,
MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT), MBEDTLS_SSL_PRESET_DEFAULT),
0); 0);
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
@@ -267,7 +264,6 @@ void mbedtls_debug_print_crt(char *crt_file, char *file, int line,
MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT), MBEDTLS_SSL_PRESET_DEFAULT),
0); 0);
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
@@ -306,7 +302,6 @@ void mbedtls_debug_print_mpi(char *value, char *file, int line,
MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT), MBEDTLS_SSL_PRESET_DEFAULT),
0); 0);
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);

15
tests/suites/test_suite_ssl.function
View File

@@ -1219,7 +1219,6 @@ void ssl_dtls_replay(data_t *prevs, data_t *new, int ret)
MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_TRANSPORT_DATAGRAM,
MBEDTLS_SSL_PRESET_DEFAULT) == 0); MBEDTLS_SSL_PRESET_DEFAULT) == 0);
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
@@ -1341,8 +1340,7 @@ void ssl_crypt_record(int cipher_type, int hash_id,
rec_backup = rec; rec_backup = rec;
/* Encrypt record */ /* Encrypt record */
ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec, ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec);
mbedtls_test_rnd_std_rand, NULL);
TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
if (ret != 0) { if (ret != 0) {
continue; continue;
@@ -1495,8 +1493,7 @@ void ssl_crypt_record_small(int cipher_type, int hash_id,
rec_backup = rec; rec_backup = rec;
/* Encrypt record */ /* Encrypt record */
ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec, ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec);
mbedtls_test_rnd_std_rand, NULL);
if (ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) { if (ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
/* It's ok if the output buffer is too small. We do insist /* It's ok if the output buffer is too small. We do insist
@@ -1949,8 +1946,7 @@ void ssl_tls13_record_protection(int ciphersuite,
memset(&rec.ctr[0], 0, 8); memset(&rec.ctr[0], 0, 8);
rec.ctr[7] = ctr; rec.ctr[7] = ctr;
TEST_ASSERT(mbedtls_ssl_encrypt_buf(NULL, &transform_send, &rec, TEST_ASSERT(mbedtls_ssl_encrypt_buf(NULL, &transform_send, &rec) == 0);
NULL, NULL) == 0);
if (padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) { if (padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) {
TEST_MEMORY_COMPARE(rec.buf + rec.data_offset, rec.data_len, TEST_MEMORY_COMPARE(rec.buf + rec.data_offset, rec.data_len,
@@ -3033,7 +3029,6 @@ void conf_version(int endpoint, int transport,
mbedtls_ssl_conf_transport(&conf, transport); mbedtls_ssl_conf_transport(&conf, transport);
mbedtls_ssl_conf_min_tls_version(&conf, min_tls_version); mbedtls_ssl_conf_min_tls_version(&conf, min_tls_version);
mbedtls_ssl_conf_max_tls_version(&conf, max_tls_version); mbedtls_ssl_conf_max_tls_version(&conf, max_tls_version);
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == expected_ssl_setup_result); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == expected_ssl_setup_result);
TEST_EQUAL(mbedtls_ssl_conf_get_endpoint( TEST_EQUAL(mbedtls_ssl_conf_get_endpoint(
@@ -3058,7 +3053,6 @@ void conf_group()
mbedtls_ssl_config conf; mbedtls_ssl_config conf;
mbedtls_ssl_config_init(&conf); mbedtls_ssl_config_init(&conf);
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT); MBEDTLS_SSL_PRESET_DEFAULT);
@@ -3168,7 +3162,6 @@ void cookie_parsing(data_t *cookie, int exp_ret)
MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_TRANSPORT_DATAGRAM,
MBEDTLS_SSL_PRESET_DEFAULT), MBEDTLS_SSL_PRESET_DEFAULT),
0); 0);
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0);
TEST_EQUAL(mbedtls_ssl_check_dtls_clihlo_cookie(&ssl, ssl.cli_id, TEST_EQUAL(mbedtls_ssl_check_dtls_clihlo_cookie(&ssl, ssl.cli_id,
@@ -3223,7 +3216,6 @@ void cid_sanity()
MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT) MBEDTLS_SSL_PRESET_DEFAULT)
== 0); == 0);
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
@@ -3482,7 +3474,6 @@ void ssl_ecjpake_set_password(int use_opaque_arg)
MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT), 0); MBEDTLS_SSL_PRESET_DEFAULT), 0);
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0);