From 535fb378702f8954794849e323a7d969625d9e00 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 13 Jan 2021 18:59:46 +0100 Subject: [PATCH] SSL test programs: abstract CTR_DRBG away In ssl_client2 and ssl_server2, to generate random data, go through a level of indirection provided by ssl_test_lib. This way the programs don't depend on a particular choice of RNG implementation, and only ssl_test_lib.{h,c} explicitly reference CTR_DRBG. Signed-off-by: Gilles Peskine --- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 10 +++++----- programs/ssl/ssl_test_lib.c | 6 ++++++ programs/ssl/ssl_test_lib.h | 15 +++++++++++++++ 4 files changed, 27 insertions(+), 6 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 70beb9dc5..ff0a34986 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1880,7 +1880,7 @@ int main( int argc, char *argv[] ) #endif #endif } - mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &rng.drbg ); + mbedtls_ssl_conf_rng( &conf, rng_get, &rng ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index ba4dabc3b..d95b1b7e3 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2682,7 +2682,7 @@ int main( int argc, char *argv[] ) #endif #endif } - mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &rng.drbg ); + mbedtls_ssl_conf_rng( &conf, rng_get, &rng ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); #if defined(MBEDTLS_SSL_CACHE_C) @@ -2701,7 +2701,7 @@ int main( int argc, char *argv[] ) if( opt.tickets == MBEDTLS_SSL_SESSION_TICKETS_ENABLED ) { if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx, - mbedtls_ctr_drbg_random, &rng.drbg, + rng_get, &rng, MBEDTLS_CIPHER_AES_256_GCM, opt.ticket_timeout ) ) != 0 ) { @@ -2723,7 +2723,7 @@ int main( int argc, char *argv[] ) if( opt.cookies > 0 ) { if( ( ret = mbedtls_ssl_cookie_setup( &cookie_ctx, - mbedtls_ctr_drbg_random, &rng.drbg ) ) != 0 ) + rng_get, &rng ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret ); goto exit; @@ -2875,8 +2875,8 @@ int main( int argc, char *argv[] ) ssl_async_keys.inject_error = ( opt.async_private_error < 0 ? - opt.async_private_error : opt.async_private_error ); - ssl_async_keys.f_rng = mbedtls_ctr_drbg_random; - ssl_async_keys.p_rng = &rng.drbg; + ssl_async_keys.f_rng = rng_get; + ssl_async_keys.p_rng = &rng; mbedtls_ssl_conf_async_private_cb( &conf, sign, decrypt, diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index e3c95ccf7..84553df71 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -95,6 +95,12 @@ void rng_free( rng_context_t *rng ) mbedtls_entropy_free( &rng->entropy ); } +int rng_get( void *p_rng, unsigned char *output, size_t output_len ) +{ + rng_context_t *rng = p_rng; + return( mbedtls_ctr_drbg_random( &rng->drbg, output, output_len ) ); +} + #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback( void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates ) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index e1948a2ea..344cd28fd 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -164,6 +164,21 @@ int rng_seed( rng_context_t *rng, int reproducible, const char *pers ); */ void rng_free( rng_context_t *rng ); +/** Generate random data. + * + * This function is suitable for use as the \c f_rng argument to Mbed TLS + * library functions. + * + * \param p_rng The CTR_DRBG context. This must be a pointer to a + * #rng_context_t structure. + * \param output The buffer to fill. + * \param output_len The length of the buffer in bytes. + * + * \return \c 0 on success. + * \return An Mbed TLS error code on error. + */ +int rng_get( void *p_rng, unsigned char *output, size_t output_len ); + #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback( void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates );