SSL test programs: abstract CTR_DRBG away
In ssl_client2 and ssl_server2, to generate random data, go through a level of indirection provided by ssl_test_lib. This way the programs don't depend on a particular choice of RNG implementation, and only ssl_test_lib.{h,c} explicitly reference CTR_DRBG. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
f1cb75fe13
commit
535fb37870
4 changed files with 27 additions and 6 deletions
|
@ -1880,7 +1880,7 @@ int main( int argc, char *argv[] )
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &rng.drbg );
|
mbedtls_ssl_conf_rng( &conf, rng_get, &rng );
|
||||||
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
|
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
|
||||||
|
|
||||||
mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout );
|
mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout );
|
||||||
|
|
|
@ -2682,7 +2682,7 @@ int main( int argc, char *argv[] )
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &rng.drbg );
|
mbedtls_ssl_conf_rng( &conf, rng_get, &rng );
|
||||||
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
|
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||||
|
@ -2701,7 +2701,7 @@ int main( int argc, char *argv[] )
|
||||||
if( opt.tickets == MBEDTLS_SSL_SESSION_TICKETS_ENABLED )
|
if( opt.tickets == MBEDTLS_SSL_SESSION_TICKETS_ENABLED )
|
||||||
{
|
{
|
||||||
if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx,
|
if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx,
|
||||||
mbedtls_ctr_drbg_random, &rng.drbg,
|
rng_get, &rng,
|
||||||
MBEDTLS_CIPHER_AES_256_GCM,
|
MBEDTLS_CIPHER_AES_256_GCM,
|
||||||
opt.ticket_timeout ) ) != 0 )
|
opt.ticket_timeout ) ) != 0 )
|
||||||
{
|
{
|
||||||
|
@ -2723,7 +2723,7 @@ int main( int argc, char *argv[] )
|
||||||
if( opt.cookies > 0 )
|
if( opt.cookies > 0 )
|
||||||
{
|
{
|
||||||
if( ( ret = mbedtls_ssl_cookie_setup( &cookie_ctx,
|
if( ( ret = mbedtls_ssl_cookie_setup( &cookie_ctx,
|
||||||
mbedtls_ctr_drbg_random, &rng.drbg ) ) != 0 )
|
rng_get, &rng ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret );
|
mbedtls_printf( " failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret );
|
||||||
goto exit;
|
goto exit;
|
||||||
|
@ -2875,8 +2875,8 @@ int main( int argc, char *argv[] )
|
||||||
ssl_async_keys.inject_error = ( opt.async_private_error < 0 ?
|
ssl_async_keys.inject_error = ( opt.async_private_error < 0 ?
|
||||||
- opt.async_private_error :
|
- opt.async_private_error :
|
||||||
opt.async_private_error );
|
opt.async_private_error );
|
||||||
ssl_async_keys.f_rng = mbedtls_ctr_drbg_random;
|
ssl_async_keys.f_rng = rng_get;
|
||||||
ssl_async_keys.p_rng = &rng.drbg;
|
ssl_async_keys.p_rng = &rng;
|
||||||
mbedtls_ssl_conf_async_private_cb( &conf,
|
mbedtls_ssl_conf_async_private_cb( &conf,
|
||||||
sign,
|
sign,
|
||||||
decrypt,
|
decrypt,
|
||||||
|
|
|
@ -95,6 +95,12 @@ void rng_free( rng_context_t *rng )
|
||||||
mbedtls_entropy_free( &rng->entropy );
|
mbedtls_entropy_free( &rng->entropy );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int rng_get( void *p_rng, unsigned char *output, size_t output_len )
|
||||||
|
{
|
||||||
|
rng_context_t *rng = p_rng;
|
||||||
|
return( mbedtls_ctr_drbg_random( &rng->drbg, output, output_len ) );
|
||||||
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||||
int ca_callback( void *data, mbedtls_x509_crt const *child,
|
int ca_callback( void *data, mbedtls_x509_crt const *child,
|
||||||
mbedtls_x509_crt **candidates )
|
mbedtls_x509_crt **candidates )
|
||||||
|
|
|
@ -164,6 +164,21 @@ int rng_seed( rng_context_t *rng, int reproducible, const char *pers );
|
||||||
*/
|
*/
|
||||||
void rng_free( rng_context_t *rng );
|
void rng_free( rng_context_t *rng );
|
||||||
|
|
||||||
|
/** Generate random data.
|
||||||
|
*
|
||||||
|
* This function is suitable for use as the \c f_rng argument to Mbed TLS
|
||||||
|
* library functions.
|
||||||
|
*
|
||||||
|
* \param p_rng The CTR_DRBG context. This must be a pointer to a
|
||||||
|
* #rng_context_t structure.
|
||||||
|
* \param output The buffer to fill.
|
||||||
|
* \param output_len The length of the buffer in bytes.
|
||||||
|
*
|
||||||
|
* \return \c 0 on success.
|
||||||
|
* \return An Mbed TLS error code on error.
|
||||||
|
*/
|
||||||
|
int rng_get( void *p_rng, unsigned char *output, size_t output_len );
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||||
int ca_callback( void *data, mbedtls_x509_crt const *child,
|
int ca_callback( void *data, mbedtls_x509_crt const *child,
|
||||||
mbedtls_x509_crt **candidates );
|
mbedtls_x509_crt **candidates );
|
||||||
|
|
Loading…
Reference in a new issue