Add RNG params to private key parsing

This is necessary for the case where the public part of an EC keypair
needs to be computed from the private part - either because it was not
included (it's an optional component) or because it was compressed (a
format we can't parse).

This changes the API of two public functions: mbedtls_pk_parse_key() and
mbedtls_pk_parse_keyfile().

Tests and programs have been adapted. Some programs use a non-secure RNG
(from the test library) just to get things to compile and run; in a
future commit this should be improved in order to demonstrate best
practice.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2021-06-15 11:29:26 +02:00
parent 39be1410fd
commit 84dea01f36
25 changed files with 175 additions and 121 deletions

View file

@ -667,6 +667,8 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
* The empty password is not supported. * The empty password is not supported.
* \param pwdlen Size of the password in bytes. * \param pwdlen Size of the password in bytes.
* Ignored if \p pwd is \c NULL. * Ignored if \p pwd is \c NULL.
* \param f_rng RNG function, must not be \c NULL. Used for blinding.
* \param p_rng RNG parameter
* *
* \note On entry, ctx must be empty, either freshly initialised * \note On entry, ctx must be empty, either freshly initialised
* with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
@ -678,7 +680,8 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
*/ */
int mbedtls_pk_parse_key( mbedtls_pk_context *ctx, int mbedtls_pk_parse_key( mbedtls_pk_context *ctx,
const unsigned char *key, size_t keylen, const unsigned char *key, size_t keylen,
const unsigned char *pwd, size_t pwdlen ); const unsigned char *pwd, size_t pwdlen,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
/** \ingroup pk_module */ /** \ingroup pk_module */
/** /**
@ -718,6 +721,8 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
* Pass a null-terminated string if expecting an encrypted * Pass a null-terminated string if expecting an encrypted
* key; a non-encrypted key will also be accepted. * key; a non-encrypted key will also be accepted.
* The empty password is not supported. * The empty password is not supported.
* \param f_rng RNG function, must not be \c NULL. Used for blinding.
* \param p_rng RNG parameter
* *
* \note On entry, ctx must be empty, either freshly initialised * \note On entry, ctx must be empty, either freshly initialised
* with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
@ -728,7 +733,8 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
* \return 0 if successful, or a specific PK or PEM error code * \return 0 if successful, or a specific PK or PEM error code
*/ */
int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
const char *path, const char *password ); const char *path, const char *password,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
/** \ingroup pk_module */ /** \ingroup pk_module */
/** /**

View file

@ -123,7 +123,8 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
* Load and parse a private key * Load and parse a private key
*/ */
int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
const char *path, const char *pwd ) const char *path, const char *pwd,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n; size_t n;
@ -136,10 +137,10 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
return( ret ); return( ret );
if( pwd == NULL ) if( pwd == NULL )
ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 ); ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0, f_rng, p_rng );
else else
ret = mbedtls_pk_parse_key( ctx, buf, n, ret = mbedtls_pk_parse_key( ctx, buf, n,
(const unsigned char *) pwd, strlen( pwd ) ); (const unsigned char *) pwd, strlen( pwd ), f_rng, p_rng );
mbedtls_platform_zeroize( buf, n ); mbedtls_platform_zeroize( buf, n );
mbedtls_free( buf ); mbedtls_free( buf );
@ -859,8 +860,8 @@ cleanup:
* Parse a SEC1 encoded private EC key * Parse a SEC1 encoded private EC key
*/ */
static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
const unsigned char *key, const unsigned char *key, size_t keylen,
size_t keylen ) int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int version, pubkey_done; int version, pubkey_done;
@ -967,7 +968,7 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
if( ! pubkey_done && if( ! pubkey_done &&
( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G, ( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G,
NULL, NULL ) ) != 0 ) f_rng, p_rng ) ) != 0 )
{ {
mbedtls_ecp_keypair_free( eck ); mbedtls_ecp_keypair_free( eck );
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
@ -998,8 +999,8 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
*/ */
static int pk_parse_key_pkcs8_unencrypted_der( static int pk_parse_key_pkcs8_unencrypted_der(
mbedtls_pk_context *pk, mbedtls_pk_context *pk,
const unsigned char* key, const unsigned char* key, size_t keylen,
size_t keylen ) int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{ {
int ret, version; int ret, version;
size_t len; size_t len;
@ -1071,7 +1072,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH ) if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH )
{ {
if( ( ret = pk_use_ecparams( &params, &mbedtls_pk_ec( *pk )->grp ) ) != 0 || if( ( ret = pk_use_ecparams( &params, &mbedtls_pk_ec( *pk )->grp ) ) != 0 ||
( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len ) ) != 0 ) ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len, f_rng, p_rng ) ) != 0 )
{ {
mbedtls_pk_free( pk ); mbedtls_pk_free( pk );
return( ret ); return( ret );
@ -1096,7 +1097,8 @@ static int pk_parse_key_pkcs8_unencrypted_der(
static int pk_parse_key_pkcs8_encrypted_der( static int pk_parse_key_pkcs8_encrypted_der(
mbedtls_pk_context *pk, mbedtls_pk_context *pk,
unsigned char *key, size_t keylen, unsigned char *key, size_t keylen,
const unsigned char *pwd, size_t pwdlen ) const unsigned char *pwd, size_t pwdlen,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{ {
int ret, decrypted = 0; int ret, decrypted = 0;
size_t len; size_t len;
@ -1206,7 +1208,7 @@ static int pk_parse_key_pkcs8_encrypted_der(
if( decrypted == 0 ) if( decrypted == 0 )
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) ); return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len, f_rng, p_rng ) );
} }
#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
@ -1215,7 +1217,8 @@ static int pk_parse_key_pkcs8_encrypted_der(
*/ */
int mbedtls_pk_parse_key( mbedtls_pk_context *pk, int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
const unsigned char *key, size_t keylen, const unsigned char *key, size_t keylen,
const unsigned char *pwd, size_t pwdlen ) const unsigned char *pwd, size_t pwdlen,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_pk_info_t *pk_info; const mbedtls_pk_info_t *pk_info;
@ -1278,7 +1281,8 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
pem.buf, pem.buflen ) ) != 0 ) pem.buf, pem.buflen,
f_rng, p_rng ) ) != 0 )
{ {
mbedtls_pk_free( pk ); mbedtls_pk_free( pk );
} }
@ -1305,7 +1309,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
if( ret == 0 ) if( ret == 0 )
{ {
if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
pem.buf, pem.buflen ) ) != 0 ) pem.buf, pem.buflen, f_rng, p_rng ) ) != 0 )
{ {
mbedtls_pk_free( pk ); mbedtls_pk_free( pk );
} }
@ -1327,9 +1331,8 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
key, NULL, 0, &len ); key, NULL, 0, &len );
if( ret == 0 ) if( ret == 0 )
{ {
if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, pem.buf, pem.buflen,
pem.buf, pem.buflen, pwd, pwdlen, f_rng, p_rng ) ) != 0 )
pwd, pwdlen ) ) != 0 )
{ {
mbedtls_pk_free( pk ); mbedtls_pk_free( pk );
} }
@ -1362,7 +1365,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
memcpy( key_copy, key, keylen ); memcpy( key_copy, key, keylen );
ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen, ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen,
pwd, pwdlen ); pwd, pwdlen, f_rng, p_rng );
mbedtls_platform_zeroize( key_copy, keylen ); mbedtls_platform_zeroize( key_copy, keylen );
mbedtls_free( key_copy ); mbedtls_free( key_copy );
@ -1380,8 +1383,11 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
} }
#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 ) if( ( ret = pk_parse_key_pkcs8_unencrypted_der(
pk, key, keylen, f_rng, p_rng ) ) == 0 )
{
return( 0 ); return( 0 );
}
mbedtls_pk_free( pk ); mbedtls_pk_free( pk );
mbedtls_pk_init( pk ); mbedtls_pk_init( pk );
@ -1403,7 +1409,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ); pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
if( mbedtls_pk_setup( pk, pk_info ) == 0 && if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
key, keylen ) == 0 ) key, keylen, f_rng, p_rng ) == 0 )
{ {
return( 0 ); return( 0 );
} }

View file

@ -108,7 +108,8 @@ psa_status_t mbedtls_psa_rsa_load_representation(
/* Parse the data. */ /* Parse the data. */
if( PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) if( PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
status = mbedtls_to_psa_error( status = mbedtls_to_psa_error(
mbedtls_pk_parse_key( &ctx, data, data_length, NULL, 0 ) ); mbedtls_pk_parse_key( &ctx, data, data_length, NULL, 0,
mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ) );
else else
status = mbedtls_to_psa_error( status = mbedtls_to_psa_error(
mbedtls_pk_parse_public_key( &ctx, data, data_length ) ); mbedtls_pk_parse_public_key( &ctx, data, data_length ) );

View file

@ -6,6 +6,7 @@
#include "common.h" #include "common.h"
#include "mbedtls/ssl.h" #include "mbedtls/ssl.h"
#include "test/certs.h" #include "test/certs.h"
#include "test/random.h"
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
#include "mbedtls/entropy.h" #include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h" #include "mbedtls/ctr_drbg.h"
@ -55,7 +56,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
mbedtls_test_cas_pem_len ) != 0) mbedtls_test_cas_pem_len ) != 0)
return 1; return 1;
if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 ) != 0) mbedtls_test_srv_key_len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL ) != 0)
return 1; return 1;
#endif #endif
dummy_init(); dummy_init();

View file

@ -3,6 +3,7 @@
#include <stdint.h> #include <stdint.h>
#include <stdlib.h> #include <stdlib.h>
#include "mbedtls/pk.h" #include "mbedtls/pk.h"
#include "test/random.h"
//4 Kb should be enough for every bug ;-) //4 Kb should be enough for every bug ;-)
#define MAX_LEN 0x1000 #define MAX_LEN 0x1000
@ -19,7 +20,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
} }
mbedtls_pk_init( &pk ); mbedtls_pk_init( &pk );
ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0 ); ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0,
mbedtls_test_rnd_std_rand, NULL );
if (ret == 0) { if (ret == 0) {
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA ) if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )

View file

@ -66,7 +66,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
mbedtls_test_cas_pem_len ) != 0) mbedtls_test_cas_pem_len ) != 0)
return 1; return 1;
if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 ) != 0) mbedtls_test_srv_key_len, NULL, 0,
mbedtls_ctr_drbg_random, &ctr_drbg ) != 0)
return 1; return 1;
#endif #endif

View file

@ -40,6 +40,8 @@
#include "mbedtls/rsa.h" #include "mbedtls/rsa.h"
#include "mbedtls/pk.h" #include "mbedtls/pk.h"
#include "test/random.h"
#include <string.h> #include <string.h>
#endif #endif
@ -181,7 +183,8 @@ int main( int argc, char *argv[] )
mbedtls_printf( "\n . Loading the private key ..." ); mbedtls_printf( "\n . Loading the private key ..." );
fflush( stdout ); fflush( stdout );
ret = mbedtls_pk_parse_keyfile( &pk, opt.filename, opt.password ); ret = mbedtls_pk_parse_keyfile( &pk, opt.filename, opt.password,
mbedtls_test_rnd_std_rand, NULL );
if( ret != 0 ) if( ret != 0 )
{ {

View file

@ -39,6 +39,8 @@
#include "mbedtls/pk.h" #include "mbedtls/pk.h"
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "test/random.h"
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#endif #endif
@ -292,8 +294,8 @@ int main( int argc, char *argv[] )
mbedtls_printf( "\n . Loading the private key ..." ); mbedtls_printf( "\n . Loading the private key ..." );
fflush( stdout ); fflush( stdout );
ret = mbedtls_pk_parse_keyfile( &key, opt.filename, NULL ); ret = mbedtls_pk_parse_keyfile( &key, opt.filename, NULL,
mbedtls_test_rnd_std_rand, NULL );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_strerror( ret, (char *) buf, sizeof(buf) ); mbedtls_strerror( ret, (char *) buf, sizeof(buf) );

View file

@ -106,7 +106,8 @@ int main( int argc, char *argv[] )
mbedtls_printf( "\n . Reading private key from '%s'", argv[1] ); mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout ); fflush( stdout );
if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "",
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", (unsigned int) -ret ); mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", (unsigned int) -ret );
goto exit; goto exit;

View file

@ -101,7 +101,8 @@ int main( int argc, char *argv[] )
mbedtls_printf( "\n . Reading private key from '%s'", argv[1] ); mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout ); fflush( stdout );
if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "",
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! Could not parse '%s'\n", argv[1] ); mbedtls_printf( " failed\n ! Could not parse '%s'\n", argv[1] );
goto exit; goto exit;

View file

@ -102,7 +102,8 @@ int main( int argc, char *argv[] )
mbedtls_printf( "\n . Reading private key from '%s'", argv[1] ); mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout ); fflush( stdout );
if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "",
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! Could not read key from '%s'\n", argv[1] ); mbedtls_printf( " failed\n ! Could not read key from '%s'\n", argv[1] );
mbedtls_printf( " ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret ); mbedtls_printf( " ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret );

View file

@ -79,7 +79,9 @@ int main( void )
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "mbedtls/debug.h" #include "mbedtls/debug.h"
#include "mbedtls/timing.h" #include "mbedtls/timing.h"
#include "test/certs.h" #include "test/certs.h"
#include "test/random.h"
#if defined(MBEDTLS_SSL_CACHE_C) #if defined(MBEDTLS_SSL_CACHE_C)
#include "mbedtls/ssl_cache.h" #include "mbedtls/ssl_cache.h"
@ -138,7 +140,23 @@ int main( void )
#endif #endif
/* /*
* 1. Load the certificates and private RSA key * 1. Seed the RNG
*/
printf( " . Seeding the random number generator..." );
fflush( stdout );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
goto exit;
}
printf( " ok\n" );
/*
* 2. Load the certificates and private RSA key
*/ */
printf( "\n . Loading the server cert. and key..." ); printf( "\n . Loading the server cert. and key..." );
fflush( stdout ); fflush( stdout );
@ -165,7 +183,7 @@ int main( void )
} }
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 ); mbedtls_test_srv_key_len, NULL, 0, mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 ) if( ret != 0 )
{ {
printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret ); printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
@ -175,7 +193,7 @@ int main( void )
printf( " ok\n" ); printf( " ok\n" );
/* /*
* 2. Setup the "listening" UDP socket * 3. Setup the "listening" UDP socket
*/ */
printf( " . Bind on udp/*/4433 ..." ); printf( " . Bind on udp/*/4433 ..." );
fflush( stdout ); fflush( stdout );
@ -188,22 +206,6 @@ int main( void )
printf( " ok\n" ); printf( " ok\n" );
/*
* 3. Seed the RNG
*/
printf( " . Seeding the random number generator..." );
fflush( stdout );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
goto exit;
}
printf( " ok\n" );
/* /*
* 4. Setup stuff * 4. Setup stuff
*/ */

View file

@ -1548,12 +1548,12 @@ int main( int argc, char *argv[] )
else else
#if defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_FS_IO)
if( strlen( opt.key_file ) ) if( strlen( opt.key_file ) )
ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, opt.key_pwd ); ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, opt.key_pwd, rng_get, &rng );
else else
#endif #endif
ret = mbedtls_pk_parse_key( &pkey, ret = mbedtls_pk_parse_key( &pkey,
(const unsigned char *) mbedtls_test_cli_key, (const unsigned char *) mbedtls_test_cli_key,
mbedtls_test_cli_key_len, NULL, 0 ); mbedtls_test_cli_key_len, NULL, 0, rng_get, &rng );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",

View file

@ -166,7 +166,8 @@ int main( void )
} }
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 ); mbedtls_test_srv_key_len, NULL, 0,
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed! mbedtls_pk_parse_key returned %d\n\n", ret ); mbedtls_printf( " failed! mbedtls_pk_parse_key returned %d\n\n", ret );

View file

@ -556,12 +556,17 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_FS_IO)
if( strlen( opt.key_file ) ) if( strlen( opt.key_file ) )
ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" ); {
ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "",
mbedtls_ctr_drbg_random, &ctr_drbg );
}
else else
#endif #endif
#if defined(MBEDTLS_PEM_PARSE_C) #if defined(MBEDTLS_PEM_PARSE_C)
{
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_cli_key, ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_cli_key,
mbedtls_test_cli_key_len, NULL, 0 ); mbedtls_test_cli_key_len, NULL, 0, mbedtls_ctr_drbg_random, &ctr_drbg );
}
#else #else
{ {
mbedtls_printf("MBEDTLS_PEM_PARSE_C not defined."); mbedtls_printf("MBEDTLS_PEM_PARSE_C not defined.");

View file

@ -360,7 +360,23 @@ int main( void )
mbedtls_entropy_init( &entropy ); mbedtls_entropy_init( &entropy );
/* /*
* 1. Load the certificates and private RSA key * 1a. Seed the random number generator
*/
mbedtls_printf( " . Seeding the random number generator..." );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
( unsigned int ) -ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/*
* 1b. Load the certificates and private RSA key
*/ */
mbedtls_printf( "\n . Loading the server cert. and key..." ); mbedtls_printf( "\n . Loading the server cert. and key..." );
fflush( stdout ); fflush( stdout );
@ -388,7 +404,8 @@ int main( void )
mbedtls_pk_init( &pkey ); mbedtls_pk_init( &pkey );
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 ); mbedtls_test_srv_key_len, NULL, 0,
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
@ -397,22 +414,6 @@ int main( void )
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
/*
* 1b. Seed the random number generator
*/
mbedtls_printf( " . Seeding the random number generator..." );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
( unsigned int ) -ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/* /*
* 1c. Prepare SSL configuration * 1c. Prepare SSL configuration
*/ */

View file

@ -125,7 +125,23 @@ int main( void )
#endif #endif
/* /*
* 1. Load the certificates and private RSA key * 1. Seed the RNG
*/
mbedtls_printf( " . Seeding the random number generator..." );
fflush( stdout );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/*
* 2. Load the certificates and private RSA key
*/ */
mbedtls_printf( "\n . Loading the server cert. and key..." ); mbedtls_printf( "\n . Loading the server cert. and key..." );
fflush( stdout ); fflush( stdout );
@ -152,7 +168,8 @@ int main( void )
} }
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 ); mbedtls_test_srv_key_len, NULL, 0,
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
@ -162,7 +179,7 @@ int main( void )
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
/* /*
* 2. Setup the listening TCP socket * 3. Setup the listening TCP socket
*/ */
mbedtls_printf( " . Bind on https://localhost:4433/ ..." ); mbedtls_printf( " . Bind on https://localhost:4433/ ..." );
fflush( stdout ); fflush( stdout );
@ -175,22 +192,6 @@ int main( void )
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
/*
* 3. Seed the RNG
*/
mbedtls_printf( " . Seeding the random number generator..." );
fflush( stdout );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/* /*
* 4. Setup stuff * 4. Setup stuff
*/ */

View file

@ -20,6 +20,7 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS #define MBEDTLS_ALLOW_PRIVATE_ACCESS
#include "ssl_test_lib.h" #include "ssl_test_lib.h"
#include "test/random.h"
#if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
int main( void ) int main( void )
@ -727,7 +728,8 @@ sni_entry *sni_parse( char *sni_string )
mbedtls_pk_init( new->key ); mbedtls_pk_init( new->key );
if( mbedtls_x509_crt_parse_file( new->cert, crt_file ) != 0 || if( mbedtls_x509_crt_parse_file( new->cert, crt_file ) != 0 ||
mbedtls_pk_parse_keyfile( new->key, key_file, "" ) != 0 ) mbedtls_pk_parse_keyfile( new->key, key_file, "",
mbedtls_test_rnd_std_rand, NULL ) != 0 )
goto error; goto error;
if( strcmp( ca_file, "-" ) != 0 ) if( strcmp( ca_file, "-" ) != 0 )
@ -2257,7 +2259,7 @@ int main( int argc, char *argv[] )
{ {
key_cert_init++; key_cert_init++;
if( ( ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, if( ( ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file,
opt.key_pwd ) ) != 0 ) opt.key_pwd, rng_get, &rng ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", (unsigned int) -ret ); mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
@ -2283,7 +2285,7 @@ int main( int argc, char *argv[] )
{ {
key_cert_init2++; key_cert_init2++;
if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2, if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2,
opt.key_pwd2 ) ) != 0 ) opt.key_pwd2, rng_get, &rng ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n",
(unsigned int) -ret ); (unsigned int) -ret );
@ -2314,7 +2316,8 @@ int main( int argc, char *argv[] )
} }
if( ( ret = mbedtls_pk_parse_key( &pkey, if( ( ret = mbedtls_pk_parse_key( &pkey,
(const unsigned char *) mbedtls_test_srv_key_rsa, (const unsigned char *) mbedtls_test_srv_key_rsa,
mbedtls_test_srv_key_rsa_len, NULL, 0 ) ) != 0 ) mbedtls_test_srv_key_rsa_len, NULL, 0,
rng_get, &rng ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
(unsigned int) -ret ); (unsigned int) -ret );
@ -2333,7 +2336,8 @@ int main( int argc, char *argv[] )
} }
if( ( ret = mbedtls_pk_parse_key( &pkey2, if( ( ret = mbedtls_pk_parse_key( &pkey2,
(const unsigned char *) mbedtls_test_srv_key_ec, (const unsigned char *) mbedtls_test_srv_key_ec,
mbedtls_test_srv_key_ec_len, NULL, 0 ) ) != 0 ) mbedtls_test_srv_key_ec_len, NULL, 0,
rng_get, &rng ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", mbedtls_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n",
(unsigned int) -ret ); (unsigned int) -ret );

View file

@ -346,7 +346,8 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Loading the private key ..." ); mbedtls_printf( " . Loading the private key ..." );
fflush( stdout ); fflush( stdout );
ret = mbedtls_pk_parse_keyfile( &key, opt.filename, opt.password ); ret = mbedtls_pk_parse_keyfile( &key, opt.filename, opt.password,
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 ) if( ret != 0 )
{ {

View file

@ -577,7 +577,7 @@ int main( int argc, char *argv[] )
fflush( stdout ); fflush( stdout );
ret = mbedtls_pk_parse_keyfile( &loaded_subject_key, opt.subject_key, ret = mbedtls_pk_parse_keyfile( &loaded_subject_key, opt.subject_key,
opt.subject_pwd ); opt.subject_pwd, mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
@ -593,7 +593,7 @@ int main( int argc, char *argv[] )
fflush( stdout ); fflush( stdout );
ret = mbedtls_pk_parse_keyfile( &loaded_issuer_key, opt.issuer_key, ret = mbedtls_pk_parse_keyfile( &loaded_issuer_key, opt.issuer_key,
opt.issuer_pwd ); opt.issuer_pwd, mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );

View file

@ -279,7 +279,8 @@ void valid_parameters( )
MBEDTLS_ERR_PK_BAD_INPUT_DATA ); MBEDTLS_ERR_PK_BAD_INPUT_DATA );
#if defined(MBEDTLS_PK_PARSE_C) #if defined(MBEDTLS_PK_PARSE_C)
TEST_ASSERT( mbedtls_pk_parse_key( &pk, NULL, 0, NULL, 1 ) == TEST_ASSERT( mbedtls_pk_parse_key( &pk, NULL, 0, NULL, 1,
mbedtls_test_rnd_std_rand, NULL ) ==
MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, NULL, 0 ) == TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, NULL, 0 ) ==
@ -296,8 +297,8 @@ void valid_parameters_pkwrite( data_t *key_data )
/* For the write tests to be effective, we need a valid key pair. */ /* For the write tests to be effective, we need a valid key pair. */
mbedtls_pk_init( &pk ); mbedtls_pk_init( &pk );
TEST_ASSERT( mbedtls_pk_parse_key( &pk, TEST_ASSERT( mbedtls_pk_parse_key( &pk,
key_data->x, key_data->len, key_data->x, key_data->len, NULL, 0,
NULL, 0 ) == 0 ); mbedtls_test_rnd_std_rand, NULL ) == 0 );
TEST_ASSERT( mbedtls_pk_write_key_der( &pk, NULL, 0 ) == TEST_ASSERT( mbedtls_pk_write_key_der( &pk, NULL, 0 ) ==
MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
@ -349,7 +350,9 @@ void mbedtls_pk_check_pair( char * pub_file, char * prv_file, int ret )
mbedtls_pk_init( &alt ); mbedtls_pk_init( &alt );
TEST_ASSERT( mbedtls_pk_parse_public_keyfile( &pub, pub_file ) == 0 ); TEST_ASSERT( mbedtls_pk_parse_public_keyfile( &pub, pub_file ) == 0 );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &prv, prv_file, NULL ) == 0 ); TEST_ASSERT( mbedtls_pk_parse_keyfile( &prv, prv_file, NULL,
mbedtls_test_rnd_std_rand, NULL )
== 0 );
TEST_ASSERT( mbedtls_pk_check_pair( &pub, &prv, TEST_ASSERT( mbedtls_pk_check_pair( &pub, &prv,
mbedtls_test_rnd_std_rand, NULL ) mbedtls_test_rnd_std_rand, NULL )

View file

@ -21,7 +21,8 @@ void pk_parse_keyfile_rsa( char * key_file, char * password, int result )
if( strcmp( pwd, "NULL" ) == 0 ) if( strcmp( pwd, "NULL" ) == 0 )
pwd = NULL; pwd = NULL;
res = mbedtls_pk_parse_keyfile( &ctx, key_file, pwd ); res = mbedtls_pk_parse_keyfile( &ctx, key_file, pwd,
mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( res == result ); TEST_ASSERT( res == result );
@ -96,7 +97,8 @@ void pk_parse_keyfile_ec( char * key_file, char * password, int result )
mbedtls_pk_init( &ctx ); mbedtls_pk_init( &ctx );
res = mbedtls_pk_parse_keyfile( &ctx, key_file, password ); res = mbedtls_pk_parse_keyfile( &ctx, key_file, password,
mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( res == result ); TEST_ASSERT( res == result );
@ -120,7 +122,8 @@ void pk_parse_key( data_t * buf, int result )
mbedtls_pk_init( &pk ); mbedtls_pk_init( &pk );
TEST_ASSERT( mbedtls_pk_parse_key( &pk, buf->x, buf->len, NULL, 0 ) == result ); TEST_ASSERT( mbedtls_pk_parse_key( &pk, buf->x, buf->len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL ) == result );
exit: exit:
mbedtls_pk_free( &pk ); mbedtls_pk_free( &pk );

View file

@ -63,7 +63,8 @@ void pk_write_key_check( char * key_file )
memset( check_buf, 0, sizeof( check_buf ) ); memset( check_buf, 0, sizeof( check_buf ) );
mbedtls_pk_init( &key ); mbedtls_pk_init( &key );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 ); TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL,
mbedtls_test_rnd_std_rand, NULL ) == 0 );
ret = mbedtls_pk_write_key_pem( &key, buf, sizeof( buf )); ret = mbedtls_pk_write_key_pem( &key, buf, sizeof( buf ));
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );

View file

@ -800,7 +800,8 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
ret = mbedtls_pk_parse_key( &( cert->pkey ), ret = mbedtls_pk_parse_key( &( cert->pkey ),
(const unsigned char*) mbedtls_test_srv_key_rsa_der, (const unsigned char*) mbedtls_test_srv_key_rsa_der,
mbedtls_test_srv_key_rsa_der_len, NULL, 0 ); mbedtls_test_srv_key_rsa_der_len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );
} }
else else
@ -812,7 +813,8 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
ret = mbedtls_pk_parse_key( &( cert->pkey ), ret = mbedtls_pk_parse_key( &( cert->pkey ),
(const unsigned char*) mbedtls_test_srv_key_ec_der, (const unsigned char*) mbedtls_test_srv_key_ec_der,
mbedtls_test_srv_key_ec_der_len, NULL, 0 ); mbedtls_test_srv_key_ec_der_len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );
} }
} }
@ -827,7 +829,8 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
ret = mbedtls_pk_parse_key( &( cert->pkey ), ret = mbedtls_pk_parse_key( &( cert->pkey ),
(const unsigned char *) mbedtls_test_cli_key_rsa_der, (const unsigned char *) mbedtls_test_cli_key_rsa_der,
mbedtls_test_cli_key_rsa_der_len, NULL, 0 ); mbedtls_test_cli_key_rsa_der_len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );
} }
else else
@ -839,7 +842,8 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
ret = mbedtls_pk_parse_key( &( cert->pkey ), ret = mbedtls_pk_parse_key( &( cert->pkey ),
(const unsigned char *) mbedtls_test_cli_key_ec_der, (const unsigned char *) mbedtls_test_cli_key_ec_der,
mbedtls_test_cli_key_ec_der_len, NULL, 0 ); mbedtls_test_cli_key_ec_der_len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );
} }
} }

View file

@ -94,7 +94,8 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type,
memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) ); memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
mbedtls_pk_init( &key ); mbedtls_pk_init( &key );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 ); TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL,
mbedtls_test_rnd_std_rand, NULL ) == 0 );
mbedtls_x509write_csr_init( &req ); mbedtls_x509write_csr_init( &req );
mbedtls_x509write_csr_set_md_alg( &req, md_type ); mbedtls_x509write_csr_set_md_alg( &req, md_type );
@ -163,7 +164,8 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage,
TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE ); TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE );
mbedtls_pk_init( &key ); mbedtls_pk_init( &key );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 ); TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL,
mbedtls_test_rnd_std_rand, NULL ) == 0 );
TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &key_id, md_alg_psa ) == 0 ); TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &key_id, md_alg_psa ) == 0 );
mbedtls_x509write_csr_init( &req ); mbedtls_x509write_csr_init( &req );
@ -225,10 +227,10 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
mbedtls_x509write_crt_init( &crt ); mbedtls_x509write_crt_init( &crt );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &subject_key, subject_key_file, TEST_ASSERT( mbedtls_pk_parse_keyfile( &subject_key, subject_key_file,
subject_pwd ) == 0 ); subject_pwd, mbedtls_test_rnd_std_rand, NULL ) == 0 );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file, TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file,
issuer_pwd ) == 0 ); issuer_pwd, mbedtls_test_rnd_std_rand, NULL ) == 0 );
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
/* For RSA PK contexts, create a copy as an alternative RSA context. */ /* For RSA PK contexts, create a copy as an alternative RSA context. */