From fe978ac1f3e6cb8bf9abd16fde4ff3932b168a45 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 2 Jan 2026 09:13:28 +0000 Subject: [PATCH] Remove Deprecated Items From Sample Programs Remove the drbg module and entropy functions from the sample programs as these are now handled by their PSA equivalents Signed-off-by: Ben Taylor --- programs/fuzz/fuzz_client.c | 27 +---- programs/fuzz/fuzz_dtlsclient.c | 19 --- programs/fuzz/fuzz_dtlsserver.c | 19 --- programs/fuzz/fuzz_pkcs7.c | 2 - programs/fuzz/fuzz_server.c | 29 +---- programs/fuzz/fuzz_x509crl.c | 2 - programs/fuzz/fuzz_x509crt.c | 2 - programs/fuzz/fuzz_x509csr.c | 2 - programs/ssl/dtls_client.c | 24 +--- programs/ssl/dtls_server.c | 24 +--- programs/ssl/mini_client.c | 23 +--- programs/ssl/ssl_client1.c | 18 --- programs/ssl/ssl_client2.c | 8 +- programs/ssl/ssl_context_info.c | 2 - programs/ssl/ssl_fork_server.c | 44 +------ programs/ssl/ssl_mail_client.c | 24 +--- programs/ssl/ssl_pthread_server.c | 29 +---- programs/ssl/ssl_server.c | 24 +--- programs/ssl/ssl_server2.c | 9 +- programs/ssl/ssl_test_lib.c | 109 ------------------ programs/ssl/ssl_test_lib.h | 27 ----- programs/test/cmake_package/cmake_package.c | 2 - .../cmake_package_install.c | 2 - .../test/cmake_subproject/cmake_subproject.c | 2 - programs/test/dlopen.c | 2 - programs/test/selftest.c | 54 --------- programs/test/udp_proxy.c | 3 - programs/util/pem2der.c | 2 - programs/util/strerror.c | 2 - programs/x509/cert_app.c | 30 +---- programs/x509/cert_req.c | 22 +--- programs/x509/cert_write.c | 22 +--- programs/x509/crl_app.c | 2 - programs/x509/load_roots.c | 2 - programs/x509/req_app.c | 2 - 35 files changed, 37 insertions(+), 579 deletions(-) diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 70eb656487..8c99f2dddd 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -1,8 +1,4 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/ssl.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "test/certs.h" #include "fuzz_common.h" #include @@ -10,9 +6,7 @@ #include -#if defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) +#if defined(MBEDTLS_SSL_CLI_C) static int initialized = 0; #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) static mbedtls_x509_crt cacert; @@ -29,20 +23,16 @@ const char psk_id[] = "Client_identity"; #endif const char *pers = "fuzz_client"; -#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ +#endif /* MBEDTLS_SSL_CLI_C */ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -#if defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) +#if defined(MBEDTLS_SSL_CLI_C) int ret; size_t len; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; unsigned char buf[4096]; fuzzBufferOffset_t biomemfuzz; uint16_t options; @@ -75,19 +65,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } - if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen(pers)) != 0) { - goto exit; - } - if (mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, @@ -173,8 +156,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) } exit: - mbedtls_entropy_free(&entropy); - mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); mbedtls_psa_crypto_free(); @@ -182,7 +163,7 @@ exit: #else (void) Data; (void) Size; -#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ +#endif /* MBEDTLS_SSL_CLI_C */ return 0; } diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index c83f314138..508b796e8b 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -1,19 +1,13 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include #include #include #include "fuzz_common.h" #include "mbedtls/ssl.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/timing.h" #include "test/certs.h" #if defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) && \ defined(MBEDTLS_TIMING_C) static int initialized = 0; #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) @@ -30,15 +24,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { #if defined(MBEDTLS_SSL_PROTO_DTLS) && \ defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) && \ defined(MBEDTLS_TIMING_C) int ret; size_t len; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; mbedtls_timing_delay_context timer; unsigned char buf[4096]; fuzzBufferOffset_t biomemfuzz; @@ -58,19 +48,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } - if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen(pers)) != 0) { - goto exit; - } - if (mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_DATAGRAM, @@ -118,8 +101,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) } exit: - mbedtls_entropy_free(&entropy); - mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); mbedtls_psa_crypto_free(); diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index dd2a8b644b..746810bd7e 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -1,5 +1,3 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include #include #include @@ -7,14 +5,10 @@ #include "mbedtls/ssl.h" #include "test/certs.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/timing.h" #include "mbedtls/ssl_cookie.h" #if defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) && \ defined(MBEDTLS_TIMING_C) && \ (defined(PSA_WANT_ALG_SHA_384) || \ defined(PSA_WANT_ALG_SHA_256)) @@ -32,8 +26,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { #if defined(MBEDTLS_SSL_PROTO_DTLS) && \ defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) && \ defined(MBEDTLS_TIMING_C) && \ (defined(PSA_WANT_ALG_SHA_384) || \ defined(PSA_WANT_ALG_SHA_256)) @@ -41,15 +33,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) size_t len; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; mbedtls_timing_delay_context timer; mbedtls_ssl_cookie_ctx cookie_ctx; unsigned char buf[4096]; fuzzBufferOffset_t biomemfuzz; - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_x509_crt_init(&srvcert); mbedtls_pk_init(&pkey); @@ -63,11 +51,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) goto exit; } - if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen(pers)) != 0) { - goto exit; - } - if (initialized == 0) { #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) @@ -156,12 +139,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) exit: mbedtls_ssl_cookie_free(&cookie_ctx); - mbedtls_entropy_free(&entropy); #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_pk_free(&pkey); mbedtls_x509_crt_free(&srvcert); #endif - mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); mbedtls_psa_crypto_free(); diff --git a/programs/fuzz/fuzz_pkcs7.c b/programs/fuzz/fuzz_pkcs7.c index f236190c2c..5764c5f312 100644 --- a/programs/fuzz/fuzz_pkcs7.c +++ b/programs/fuzz/fuzz_pkcs7.c @@ -1,5 +1,3 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include #include "mbedtls/pkcs7.h" #include "fuzz_common.h" diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 3b1054e16a..6aa6236cee 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -1,8 +1,4 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/ssl.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/ssl_ticket.h" #include "test/certs.h" #include "fuzz_common.h" @@ -11,9 +7,7 @@ #include -#if defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) +#if defined(MBEDTLS_SSL_SRV_C) const char *pers = "fuzz_server"; static int initialized = 0; #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) @@ -29,20 +23,16 @@ const unsigned char psk[] = { }; const char psk_id[] = "Client_identity"; #endif -#endif // MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C +#endif // MBEDTLS_SSL_SRV_C int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -#if defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) +#if defined(MBEDTLS_SSL_SRV_C) int ret; size_t len; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) mbedtls_ssl_ticket_context ticket_ctx; #endif @@ -56,8 +46,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) } options = Data[Size - 1]; - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_x509_crt_init(&srvcert); mbedtls_pk_init(&pkey); @@ -72,11 +60,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) goto exit; } - if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen(pers)) != 0) { - return 1; - } - if (initialized == 0) { #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) @@ -193,8 +176,6 @@ exit: #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) mbedtls_ssl_ticket_free(&ticket_ctx); #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */ - mbedtls_entropy_free(&entropy); - mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_x509_crt_free(&srvcert); @@ -202,10 +183,10 @@ exit: #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_PEM_PARSE_C */ mbedtls_ssl_free(&ssl); mbedtls_psa_crypto_free(); -#else /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ +#else /* MBEDTLS_SSL_SRV_C */ (void) Data; (void) Size; -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ +#endif /* MBEDTLS_SSL_SRV_C */ return 0; } diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index af50e25f13..00ad0bb454 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -1,5 +1,3 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include #include "mbedtls/x509_crl.h" #include "fuzz_common.h" diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index 709fd200f9..ad071422f9 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -1,5 +1,3 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include #include "mbedtls/x509_crt.h" #include "fuzz_common.h" diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index 1c26e6f082..502673a70d 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -1,5 +1,3 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include #include "mbedtls/x509_csr.h" #include "fuzz_common.h" diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index bb1d5af2e3..9044616fd5 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -5,20 +5,16 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \ +#if !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \ !defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) int main(void) { - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or " + mbedtls_printf("MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or " "MBEDTLS_TIMING_C and/or MBEDTLS_SSL_PROTO_DTLS and/or " "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C " "not defined.\n"); @@ -31,8 +27,6 @@ int main(void) #include "mbedtls/net_sockets.h" #include "mbedtls/debug.h" #include "mbedtls/ssl.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/error.h" #include "mbedtls/timing.h" #include "test/certs.h" @@ -73,11 +67,8 @@ int main(int argc, char *argv[]) mbedtls_net_context server_fd; uint32_t flags; unsigned char buf[1024]; - const char *pers = "dtls_client"; int retry_left = MAX_RETRY; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_x509_crt cacert; @@ -97,8 +88,6 @@ int main(int argc, char *argv[]) mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); mbedtls_x509_crt_init(&cacert); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -111,13 +100,6 @@ int main(int argc, char *argv[]) mbedtls_printf("\n . Seeding the random number generator..."); fflush(stdout); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - mbedtls_printf(" ok\n"); /* @@ -322,8 +304,6 @@ exit: mbedtls_x509_crt_free(&cacert); mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); mbedtls_psa_crypto_free(); /* Shell can not handle large exit numbers -> 1 for errors */ diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 479b5430f9..637e45156b 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" @@ -20,15 +18,13 @@ #define BIND_IP "::" #endif -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \ +#if !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \ !defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \ !defined(MBEDTLS_SSL_COOKIE_C) || \ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) int main(void) { - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or " + mbedtls_printf("MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or " "MBEDTLS_TIMING_C and/or MBEDTLS_SSL_PROTO_DTLS and/or " "MBEDTLS_SSL_COOKIE_C and/or " "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C " @@ -45,8 +41,6 @@ int main(void) #include #include -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_cookie.h" @@ -80,13 +74,10 @@ int main(void) int ret, len; mbedtls_net_context listen_fd, client_fd; unsigned char buf[1024]; - const char *pers = "dtls_server"; unsigned char client_ip[16] = { 0 }; size_t cliip_len; mbedtls_ssl_cookie_ctx cookie_ctx; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_x509_crt srvcert; @@ -106,8 +97,6 @@ int main(void) #endif mbedtls_x509_crt_init(&srvcert); mbedtls_pk_init(&pkey); - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&ctr_drbg); psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -127,13 +116,6 @@ int main(void) printf(" . Seeding the random number generator..."); fflush(stdout); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - printf(" ok\n"); /* @@ -392,8 +374,6 @@ exit: #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_free(&cache); #endif - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); mbedtls_psa_crypto_free(); /* Shell can not handle large exit numbers -> 1 for errors */ diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 96d41b35ba..6f8db9e4e0 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -6,8 +6,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" @@ -26,14 +24,12 @@ #define UNIX #endif -#if !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \ +#if !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \ !defined(UNIX) int main(void) { - mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX " + mbedtls_printf("MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX " "not defined.\n"); mbedtls_exit(0); } @@ -43,8 +39,6 @@ int main(void) #include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include #include @@ -129,7 +123,6 @@ const unsigned char ca_cert[] = { enum exit_codes { exit_ok = 0, - ctr_drbg_seed_failed, ssl_config_defaults_failed, ssl_setup_failed, hostname_failed, @@ -150,11 +143,8 @@ int main(void) mbedtls_x509_crt ca; #endif - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; - mbedtls_ctr_drbg_init(&ctr_drbg); /* * 0. Initialize and setup stuff @@ -165,7 +155,6 @@ int main(void) #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_init(&ca); #endif - mbedtls_entropy_init(&entropy); psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -173,12 +162,6 @@ int main(void) goto exit; } - if (mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, strlen(pers)) != 0) { - ret = ctr_drbg_seed_failed; - goto exit; - } - if (mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, @@ -258,8 +241,6 @@ exit: mbedtls_net_free(&server_fd); mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_free(&ca); #endif diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index c56ff0702f..2cc47147fa 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" @@ -27,8 +25,6 @@ int main(void) #include "mbedtls/net_sockets.h" #include "mbedtls/debug.h" #include "mbedtls/ssl.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/error.h" #include "test/certs.h" @@ -58,10 +54,7 @@ int main(void) mbedtls_net_context server_fd; uint32_t flags; unsigned char buf[1024]; - const char *pers = "ssl_client1"; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_x509_crt cacert; @@ -77,8 +70,6 @@ int main(void) mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); mbedtls_x509_crt_init(&cacert); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -91,13 +82,6 @@ int main(void) fflush(stdout); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - mbedtls_printf(" ok\n"); /* @@ -276,8 +260,6 @@ exit: mbedtls_x509_crt_free(&cacert); mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); mbedtls_psa_crypto_free(); mbedtls_exit(exit_code); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index a7ef41aa15..15fe49fcfc 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -877,7 +877,7 @@ int main(int argc, char *argv[]) mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); mbedtls_ssl_session_init(&saved_session); - rng_init(&rng); + psa_crypto_init(); #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) mbedtls_x509_crt_init(&cacert); mbedtls_x509_crt_init(&clicert); @@ -3213,13 +3213,7 @@ exit: mbedtls_printf("PSA memory leak detected: %s\n", message); } - /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto - * resources are freed by rng_free(). */ -#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) mbedtls_psa_crypto_free(); -#endif - - rng_free(&rng); #if defined(MBEDTLS_TEST_HOOKS) if (test_hooks_failure_detected()) { diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 7bcd50fe65..8310bd21f3 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/debug.h" #include "mbedtls/platform.h" diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index ff1c877ee2..f1f1f748a9 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -5,19 +5,15 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \ +#if !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) int main(void) { - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or " + mbedtls_printf("MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or " "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C " "not defined.\n"); mbedtls_exit(0); @@ -31,8 +27,6 @@ int main(void) } #else -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "test/certs.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" @@ -70,10 +64,7 @@ int main(void) int exit_code = MBEDTLS_EXIT_FAILURE; mbedtls_net_context listen_fd, client_fd; unsigned char buf[1024]; - const char *pers = "ssl_fork_server"; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_x509_crt srvcert; @@ -83,10 +74,8 @@ int main(void) mbedtls_net_init(&client_fd); mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); - mbedtls_entropy_init(&entropy); mbedtls_pk_init(&pkey); mbedtls_x509_crt_init(&srvcert); - mbedtls_ctr_drbg_init(&ctr_drbg); psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -103,13 +92,6 @@ int main(void) mbedtls_printf("\n . Initial seeding of the random generator..."); fflush(stdout); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed! mbedtls_ctr_drbg_seed returned %d\n\n", ret); - goto exit; - } - mbedtls_printf(" ok\n"); /* @@ -218,13 +200,6 @@ int main(void) mbedtls_net_close(&client_fd); fflush(stdout); - if ((ret = mbedtls_ctr_drbg_reseed(&ctr_drbg, - (const unsigned char *) "parent", - 6)) != 0) { - mbedtls_printf(" failed! mbedtls_ctr_drbg_reseed returned %d\n\n", ret); - goto exit; - } - continue; } @@ -238,15 +213,6 @@ int main(void) mbedtls_printf("pid %d: Setting up the SSL data.\n", pid); fflush(stdout); - if ((ret = mbedtls_ctr_drbg_reseed(&ctr_drbg, - (const unsigned char *) "child", - 5)) != 0) { - mbedtls_printf( - "pid %d: SSL setup failed! mbedtls_ctr_drbg_reseed returned %d\n\n", - pid, ret); - goto exit; - } - if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { mbedtls_printf( "pid %d: SSL setup failed! mbedtls_ssl_setup returned %d\n\n", @@ -364,13 +330,11 @@ exit: mbedtls_pk_free(&pkey); mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); mbedtls_psa_crypto_free(); mbedtls_exit(exit_code); } -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && - MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_PARSE_C && + MBEDTLS_RSA_C && MBEDTLS_PEM_PARSE_C && ! _WIN32 */ diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 0c2822cb30..5830a28b3d 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -11,7 +11,6 @@ #define _POSIX_C_SOURCE 200112L #define _XOPEN_SOURCE 600 -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "mbedtls/build_info.h" @@ -21,14 +20,14 @@ #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \ + !defined(MBEDTLS_X509_CRT_PARSE_C) || \ !defined(MBEDTLS_FS_IO) int main(void) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or " "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C " + "and/or MBEDTLS_X509_CRT_PARSE_C " "not defined.\n"); mbedtls_exit(0); } @@ -38,8 +37,6 @@ int main(void) #include "mbedtls/error.h" #include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "test/certs.h" #include "mbedtls/x509.h" @@ -334,10 +331,7 @@ int main(int argc, char *argv[]) unsigned char buf[1024]; #endif char hostname[32]; - const char *pers = "ssl_mail_client"; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_x509_crt cacert; @@ -358,8 +352,6 @@ int main(int argc, char *argv[]) mbedtls_x509_crt_init(&cacert); mbedtls_x509_crt_init(&clicert); mbedtls_pk_init(&pkey); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -456,13 +448,6 @@ usage: mbedtls_printf("\n . Seeding the random number generator..."); fflush(stdout); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - mbedtls_printf(" ok\n"); /* @@ -800,12 +785,9 @@ exit: mbedtls_pk_free(&pkey); mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); mbedtls_psa_crypto_free(); mbedtls_exit(exit_code); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && - MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C ** - MBEDTLS_CTR_DRBG_C */ + MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C */ diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 867926d98c..3c46efe609 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -6,19 +6,15 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \ +#if !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) int main(void) { - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or " + mbedtls_printf("MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or " "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C " "not defined.\n"); mbedtls_exit(0); @@ -38,8 +34,6 @@ int main(void) #include #endif -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" #include "mbedtls/net_sockets.h" @@ -288,10 +282,7 @@ int main(void) { int ret; mbedtls_net_context listen_fd, client_fd; - const char pers[] = "ssl_pthread_server"; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_config conf; mbedtls_x509_crt srvcert; mbedtls_x509_crt cachain; @@ -315,7 +306,6 @@ int main(void) mbedtls_x509_crt_init(&cachain); mbedtls_ssl_config_init(&conf); - mbedtls_ctr_drbg_init(&ctr_drbg); memset(threads, 0, sizeof(threads)); mbedtls_net_init(&listen_fd); mbedtls_net_init(&client_fd); @@ -324,11 +314,6 @@ int main(void) base_info.config = &conf; - /* - * We use only a single entropy source that is used in all the threads. - */ - mbedtls_entropy_init(&entropy); - psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", @@ -342,14 +327,6 @@ int main(void) */ mbedtls_printf(" . Seeding the random number generator..."); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed: mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - mbedtls_printf(" ok\n"); /* @@ -474,8 +451,6 @@ exit: #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_free(&cache); #endif - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); mbedtls_ssl_config_free(&conf); mbedtls_net_free(&listen_fd); mbedtls_mutex_free(&debug_mutex); diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index fd9da18490..9f9cc6d1b6 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -5,19 +5,15 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \ +#if !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) int main(void) { - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or " + mbedtls_printf("MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or " "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C " "not defined.\n"); mbedtls_exit(0); @@ -31,8 +27,6 @@ int main(void) #include #endif -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" #include "mbedtls/net_sockets.h" @@ -67,10 +61,7 @@ int main(void) int ret, len; mbedtls_net_context listen_fd, client_fd; unsigned char buf[1024]; - const char *pers = "ssl_server"; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_x509_crt srvcert; @@ -88,8 +79,6 @@ int main(void) #endif mbedtls_x509_crt_init(&srvcert); mbedtls_pk_init(&pkey); - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&ctr_drbg); psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -109,13 +98,6 @@ int main(void) mbedtls_printf(" . Seeding the random number generator..."); fflush(stdout); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - mbedtls_printf(" ok\n"); /* @@ -346,8 +328,6 @@ exit: #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_free(&cache); #endif - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); mbedtls_psa_crypto_free(); mbedtls_exit(ret); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 805b4ef1c8..2548f43206 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1631,7 +1631,7 @@ int main(int argc, char *argv[]) mbedtls_net_init(&listen_fd); mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); - rng_init(&rng); + psa_crypto_init(); #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) mbedtls_x509_crt_init(&cacert); mbedtls_x509_crt_init(&srvcert); @@ -4257,14 +4257,7 @@ exit: mbedtls_printf("PSA memory leak detected: %s\n", message); } - /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto - * resources are freed by rng_free(). */ -#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) mbedtls_psa_crypto_free(); -#endif - - rng_free(&rng); - mbedtls_free(buf); #if defined(MBEDTLS_TEST_HOOKS) diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 9d47e5249a..200558d8a0 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -46,41 +46,6 @@ mbedtls_time_t dummy_constant_time(mbedtls_time_t *time) } #endif -#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) -static int dummy_entropy(void *data, unsigned char *output, size_t len) -{ - size_t i; - int ret; - (void) data; - - ret = mbedtls_entropy_func(data, output, len); - for (i = 0; i < len; i++) { - //replace result with pseudo random - output[i] = (unsigned char) rand(); - } - return ret; -} -#endif - -void rng_init(rng_context_t *rng) -{ -#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) - (void) rng; - psa_crypto_init(); -#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ - -#if defined(MBEDTLS_CTR_DRBG_C) - mbedtls_ctr_drbg_init(&rng->drbg); -#elif defined(MBEDTLS_HMAC_DRBG_C) - mbedtls_hmac_drbg_init(&rng->drbg); -#else -#error "No DRBG available" -#endif - - mbedtls_entropy_init(&rng->entropy); -#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ -} - int rng_seed(rng_context_t *rng, int reproducible, const char *pers) { if (reproducible) { @@ -88,7 +53,6 @@ int rng_seed(rng_context_t *rng, int reproducible, const char *pers) "reproducible mode is not supported.\n"); return -1; } -#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) /* The PSA crypto RNG does its own seeding. */ (void) rng; (void) pers; @@ -98,86 +62,13 @@ int rng_seed(rng_context_t *rng, int reproducible, const char *pers) return -1; } return 0; -#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ - int (*f_entropy)(void *, unsigned char *, size_t) = - (reproducible ? dummy_entropy : mbedtls_entropy_func); - - if (reproducible) { - srand(1); - } - -#if defined(MBEDTLS_CTR_DRBG_C) - int ret = mbedtls_ctr_drbg_seed(&rng->drbg, - f_entropy, &rng->entropy, - (const unsigned char *) pers, - strlen(pers)); -#elif defined(MBEDTLS_HMAC_DRBG_C) -#if defined(PSA_WANT_ALG_SHA_256) - const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA256; -#elif defined(PSA_WANT_ALG_SHA_512) - const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA512; -#else -#error "No message digest available for HMAC_DRBG" -#endif - int ret = mbedtls_hmac_drbg_seed(&rng->drbg, - mbedtls_md_info_from_type(md_type), - f_entropy, &rng->entropy, - (const unsigned char *) pers, - strlen(pers)); -#else /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */ -#error "No DRBG available" -#endif /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */ - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", - (unsigned int) -ret); - return ret; - } -#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ - - return 0; -} - -void rng_free(rng_context_t *rng) -{ -#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) - (void) rng; - /* Deinitialize the PSA crypto subsystem. This deactivates all PSA APIs. - * This is ok because none of our applications try to do any crypto after - * deinitializing the RNG. */ - mbedtls_psa_crypto_free(); -#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ - -#if defined(MBEDTLS_CTR_DRBG_C) - mbedtls_ctr_drbg_free(&rng->drbg); -#elif defined(MBEDTLS_HMAC_DRBG_C) - mbedtls_hmac_drbg_free(&rng->drbg); -#else -#error "No DRBG available" -#endif - - mbedtls_entropy_free(&rng->entropy); -#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ } int rng_get(void *p_rng, unsigned char *output, size_t output_len) { -#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) (void) p_rng; return mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, output, output_len); -#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ - rng_context_t *rng = p_rng; - -#if defined(MBEDTLS_CTR_DRBG_C) - return mbedtls_ctr_drbg_random(&rng->drbg, output, output_len); -#elif defined(MBEDTLS_HMAC_DRBG_C) - return mbedtls_hmac_drbg_random(&rng->drbg, output, output_len); -#else -#error "No DRBG available" -#endif - -#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ } int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index 6602b1ae21..f5238ff4f6 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -106,32 +106,12 @@ void my_debug(void *ctx, int level, mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); #endif -#define MBEDTLS_TEST_USE_PSA_CRYPTO_RNG - /** A context for random number generation (RNG). */ typedef struct { -#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) unsigned char dummy; -#else /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ - mbedtls_entropy_context entropy; -#if defined(MBEDTLS_CTR_DRBG_C) - mbedtls_ctr_drbg_context drbg; -#elif defined(MBEDTLS_HMAC_DRBG_C) - mbedtls_hmac_drbg_context drbg; -#else -#error "No DRBG available" -#endif -#endif /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ } rng_context_t; -/** Initialize the RNG. - * - * This function only initializes the memory used by the RNG context. - * Before using the RNG, it must be seeded with rng_seed(). - */ -void rng_init(rng_context_t *rng); - /* Seed the random number generator. * * \param rng The RNG context to use. It must have been initialized @@ -148,13 +128,6 @@ void rng_init(rng_context_t *rng); */ int rng_seed(rng_context_t *rng, int reproducible, const char *pers); -/** Deinitialize the RNG. Free any embedded resource. - * - * \param rng The RNG context to deinitialize. It must have been - * initialized with rng_init(). - */ -void rng_free(rng_context_t *rng); - /** Generate random data. * * This function is suitable for use as the \c f_rng argument to Mbed TLS diff --git a/programs/test/cmake_package/cmake_package.c b/programs/test/cmake_package/cmake_package.c index cd050e97bc..5db8005133 100644 --- a/programs/test/cmake_package/cmake_package.c +++ b/programs/test/cmake_package/cmake_package.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/test/cmake_package_install/cmake_package_install.c b/programs/test/cmake_package_install/cmake_package_install.c index a63f7dbb0f..a34e312759 100644 --- a/programs/test/cmake_package_install/cmake_package_install.c +++ b/programs/test/cmake_package_install/cmake_package_install.c @@ -6,8 +6,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/test/cmake_subproject/cmake_subproject.c b/programs/test/cmake_subproject/cmake_subproject.c index 69b5d0b819..f34ddd6c3c 100644 --- a/programs/test/cmake_subproject/cmake_subproject.c +++ b/programs/test/cmake_subproject/cmake_subproject.c @@ -6,8 +6,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c index 2a67635f0d..0c8828ac82 100644 --- a/programs/test/dlopen.c +++ b/programs/test/dlopen.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 04d35cd8ed..205a0a29a3 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -9,9 +9,6 @@ #include "mbedtls/build_info.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/hmac_drbg.h" -#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/private/gcm.h" #include "mbedtls/private/ccm.h" #include "mbedtls/private/cmac.h" @@ -204,48 +201,6 @@ static int run_test_snprintf(void) test_snprintf(5, "123", 3) != 0; } -/* - * Check if a seed file is present, and if not create one for the entropy - * self-test. If this fails, we attempt the test anyway, so no error is passed - * back. - */ -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_ENTROPY_C) -#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PSA_DRIVER_GET_ENTROPY) -static void dummy_entropy(unsigned char *output, size_t output_size) -{ - srand(1); - for (size_t i = 0; i < output_size; i++) { - output[i] = rand(); - } -} - -static void create_entropy_seed_file(void) -{ - int result; - unsigned char seed_value[MBEDTLS_ENTROPY_BLOCK_SIZE]; - - /* Attempt to read the entropy seed file. If this fails - attempt to write - * to the file to ensure one is present. */ - result = mbedtls_platform_std_nv_seed_read(seed_value, - MBEDTLS_ENTROPY_BLOCK_SIZE); - if (0 == result) { - return; - } - - dummy_entropy(seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE); - mbedtls_platform_std_nv_seed_write(seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE); -} -#endif - -static int mbedtls_entropy_self_test_wrapper(int verbose) -{ -#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PSA_DRIVER_GET_ENTROPY) - create_entropy_seed_file(); -#endif - return mbedtls_entropy_self_test(verbose); -} -#endif - #if defined(MBEDTLS_SELF_TEST) #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) static int mbedtls_memory_buffer_alloc_free_and_self_test(int verbose) @@ -328,21 +283,12 @@ const selftest_t selftests[] = #if defined(MBEDTLS_ARIA_C) { "aria", mbedtls_aria_self_test }, #endif -#if defined(MBEDTLS_CTR_DRBG_C) - { "ctr_drbg", mbedtls_ctr_drbg_self_test }, -#endif -#if defined(MBEDTLS_HMAC_DRBG_C) - { "hmac_drbg", mbedtls_hmac_drbg_self_test }, -#endif #if defined(MBEDTLS_ECP_C) { "ecp", mbedtls_ecp_self_test }, #endif #if defined(MBEDTLS_ECJPAKE_C) { "ecjpake", mbedtls_ecjpake_self_test }, #endif -#if defined(MBEDTLS_ENTROPY_C) - { "entropy", mbedtls_entropy_self_test_wrapper }, -#endif #if defined(MBEDTLS_PKCS5_C) { "pkcs5", mbedtls_pkcs5_self_test }, #endif diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index efa003da0d..81de042a50 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -11,9 +11,6 @@ * example of good general usage. */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c index 9515ed43d2..177365b87c 100644 --- a/programs/util/pem2der.c +++ b/programs/util/pem2der.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/util/strerror.c b/programs/util/strerror.c index e20bed6e8f..316f28614b 100644 --- a/programs/util/strerror.c +++ b/programs/util/strerror.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 2f31a8e3ae..9b0c5e367c 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -5,30 +5,26 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ +#if !defined(MBEDTLS_BIGNUM_C) || \ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) || defined(MBEDTLS_X509_REMOVE_INFO) + defined(MBEDTLS_X509_REMOVE_INFO) int main(void) { - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " + mbedtls_printf("MBEDTLS_BIGNUM_C and/or " "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or " "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined and/or MBEDTLS_X509_REMOVE_INFO defined.\n"); + "and/or MBEDTLS_X509_REMOVE_INFO defined.\n"); mbedtls_exit(0); } #else -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" #include "mbedtls/x509.h" @@ -123,8 +119,6 @@ int main(int argc, char *argv[]) int exit_code = MBEDTLS_EXIT_FAILURE; mbedtls_net_context server_fd; unsigned char buf[1024]; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_x509_crt cacert; @@ -133,17 +127,14 @@ int main(int argc, char *argv[]) uint32_t flags; int verify = 0; char *p, *q; - const char *pers = "cert_app"; /* * Set to sane values */ mbedtls_net_init(&server_fd); - mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); mbedtls_x509_crt_init(&cacert); - mbedtls_entropy_init(&entropy); #if defined(MBEDTLS_X509_CRL_PARSE_C) mbedtls_x509_crl_init(&cacrl); #else @@ -336,13 +327,6 @@ usage: mbedtls_printf("\n . Seeding the random number generator..."); fflush(stdout); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto ssl_exit; - } - mbedtls_printf(" ok\n"); #if defined(MBEDTLS_DEBUG_C) @@ -442,12 +426,10 @@ exit: #if defined(MBEDTLS_X509_CRL_PARSE_C) mbedtls_x509_crl_free(&cacrl); #endif - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); mbedtls_psa_crypto_free(); mbedtls_exit(exit_code); } -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && - MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ + MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */ diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index c20f08d569..0d7b5a1e6e 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -15,22 +15,18 @@ #if !defined(MBEDTLS_X509_CSR_WRITE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \ !defined(MBEDTLS_PK_PARSE_C) || !defined(PSA_WANT_ALG_SHA_256) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ !defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_FS_IO) || \ !defined(MBEDTLS_MD_C) int main(void) { mbedtls_printf("MBEDTLS_X509_CSR_WRITE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_PK_PARSE_C and/or PSA_WANT_ALG_SHA_256 and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C " + "MBEDTLS_PK_PARSE_C and/or PSA_WANT_ALG_SHA_256 " "not defined.\n"); mbedtls_exit(0); } #else #include "mbedtls/x509_csr.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/error.h" #include @@ -146,9 +142,6 @@ int main(int argc, char *argv[]) int i; char *p, *q, *r; mbedtls_x509write_csr req; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - const char *pers = "csr example app"; mbedtls_x509_san_list *cur, *prev; #if defined(MBEDTLS_X509_CRT_PARSE_C) uint8_t ip[4] = { 0 }; @@ -158,9 +151,7 @@ int main(int argc, char *argv[]) */ mbedtls_x509write_csr_init(&req); mbedtls_pk_init(&key); - mbedtls_ctr_drbg_init(&ctr_drbg); memset(buf, 0, sizeof(buf)); - mbedtls_entropy_init(&entropy); psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -431,13 +422,6 @@ usage: mbedtls_printf(" . Seeding the random number generator..."); fflush(stdout); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d", ret); - goto exit; - } - mbedtls_printf(" ok\n"); /* @@ -498,8 +482,6 @@ exit: mbedtls_x509write_csr_free(&req); mbedtls_pk_free(&key); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); mbedtls_psa_crypto_free(); cur = opt.san_list; @@ -522,4 +504,4 @@ exit: mbedtls_exit(exit_code); } #endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && - MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_WRITE_C */ + MBEDTLS_PEM_WRITE_C */ diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 2ed63f08de..eb090fd051 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -15,14 +15,12 @@ #if !defined(MBEDTLS_X509_CRT_WRITE_C) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ !defined(MBEDTLS_ERROR_C) || !defined(PSA_WANT_ALG_SHA_256) || \ !defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_MD_C) int main(void) { mbedtls_printf("MBEDTLS_X509_CRT_WRITE_C and/or MBEDTLS_X509_CRT_PARSE_C and/or " "MBEDTLS_FS_IO and/or PSA_WANT_ALG_SHA_256 and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " "MBEDTLS_ERROR_C not defined.\n"); mbedtls_exit(0); } @@ -31,8 +29,6 @@ int main(void) #include "mbedtls/x509_crt.h" #include "mbedtls/x509_csr.h" #include "mbedtls/oid.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/error.h" #include "test/helpers.h" @@ -306,9 +302,6 @@ int main(int argc, char *argv[]) unsigned char serial[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN]; size_t serial_len; mbedtls_asn1_sequence *ext_key_usage; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - const char *pers = "crt example app"; mbedtls_x509_san_list *cur, *prev; uint8_t ip[4] = { 0 }; /* @@ -317,8 +310,6 @@ int main(int argc, char *argv[]) mbedtls_x509write_crt_init(&crt); mbedtls_pk_init(&loaded_issuer_key); mbedtls_pk_init(&loaded_subject_key); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); #if defined(MBEDTLS_X509_CSR_PARSE_C) mbedtls_x509_csr_init(&csr); #endif @@ -681,15 +672,6 @@ usage: mbedtls_printf(" . Seeding the random number generator..."); fflush(stdout); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d - %s\n", - ret, buf); - goto exit; - } - mbedtls_printf(" ok\n"); // Parse serial to MPI @@ -1022,12 +1004,10 @@ exit: mbedtls_x509write_crt_free(&crt); mbedtls_pk_free(&loaded_subject_key); mbedtls_pk_free(&loaded_issuer_key); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); mbedtls_psa_crypto_free(); mbedtls_exit(exit_code); } #endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C && - MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && + MBEDTLS_FS_IO MBEDTLS_ERROR_C && MBEDTLS_PEM_WRITE_C */ diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index bb518adeef..6e20e341f0 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index 34d3508459..0222d0f795 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index b960818a09..e4e432fc9a 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h"