Merge remote-tracking branch 'origin/pr/646' into baremetal
diff --git a/configs/baremetal_test.h b/configs/baremetal_test.h
index b7e36f0..b107bd7 100644
--- a/configs/baremetal_test.h
+++ b/configs/baremetal_test.h
@@ -37,9 +37,6 @@
/* Debug output */
#define MBEDTLS_DEBUG_C
-/* ssl_client2 and ssl_server2 use CTR-DRBG so far. */
-#define MBEDTLS_CTR_DRBG_C
-
/* The ticket implementation hardcodes AES-GCM */
#define MBEDTLS_GCM_C
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 2aa4950..788793a 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -43,13 +43,16 @@
#endif
#if !defined(MBEDTLS_ENTROPY_C) || \
- !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
- !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_CTR_DRBG_C)
+ !defined(MBEDTLS_SSL_TLS_C) || \
+ !defined(MBEDTLS_SSL_CLI_C) || \
+ !defined(MBEDTLS_NET_C) || \
+ !( defined(MBEDTLS_CTR_DRBG_C) || defined(MBEDTLS_HMAC_DRBG_C) )
int main( void )
{
mbedtls_printf("MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
- "MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n");
+ "MBEDTLS_NET_C not defined, or "
+ "neither MBEDTLS_CTR_DRBG_C nor MBEDTLS_HMAC_DRBG_C defined.\n");
return( 0 );
}
#else
@@ -59,6 +62,7 @@
#include "mbedtls/ssl_ciphersuites.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/hmac_drbg.h"
#include "mbedtls/certs.h"
#include "mbedtls/x509.h"
#include "mbedtls/error.h"
@@ -701,8 +705,12 @@
return( 0 );
}
-#if !defined(MBEDTLS_SSL_CONF_SINGLE_HASH)
-static int ssl_sig_hashes_for_test[] = {
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if ( defined(MBEDTLS_X509_CRT_PARSE_C) && \
+ !defined(MBEDTLS_SSL_CONF_SINGLE_HASH) ) || \
+ !defined(MBEDTLS_CTR_DRBG_C)
+static int available_hashes[] = {
#if defined(MBEDTLS_SHA512_C)
MBEDTLS_MD_SHA512,
MBEDTLS_MD_SHA384,
@@ -717,8 +725,8 @@
#endif
MBEDTLS_MD_NONE
};
-#endif /* !MBEDTLS_SSL_CONF_SINGLE_HASH */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* ( MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_CONF_SINGLE_HASH ) ||
+ !MBEDTLS_CTR_DRBG_C */
/*
* Wait for an event from the underlying transport or the timer
@@ -892,14 +900,23 @@
#if defined(MBEDTLS_SSL_CONF_RNG)
int rng_wrap( void *ctx, unsigned char *dst, size_t len );
+#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_context *rng_ctx_global = NULL;
+#else
+mbedtls_hmac_drbg_context *rng_ctx_global = NULL;
+#endif /* MBEDTLS_CTR_DRBG_C */
+
int rng_wrap( void *ctx, unsigned char *dst, size_t len )
{
/* We expect the NULL parameter here. */
if( ctx != NULL )
return( -1 );
+#if defined(MBEDTLS_CTR_DRBG_C)
return( mbedtls_ctr_drbg_random( rng_ctx_global, dst, len ) );
+#else
+ return( mbedtls_hmac_drbg_random( rng_ctx_global, dst, len ) );
+#endif
}
#endif /* MBEDTLS_SSL_CONF_RNG */
@@ -941,7 +958,11 @@
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
#endif
mbedtls_entropy_context entropy;
+#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_context ctr_drbg;
+#else
+ mbedtls_hmac_drbg_context hmac_drbg;
+#endif
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_ssl_session saved_session;
@@ -970,7 +991,11 @@
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) );
+#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_init( &ctr_drbg );
+#else
+ mbedtls_hmac_drbg_init( &hmac_drbg );
+#endif /* MBEDTLS_CTR_DRBG_C */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_init( &cacert );
mbedtls_x509_crt_init( &clicert );
@@ -1664,6 +1689,7 @@
fflush( stdout );
mbedtls_entropy_init( &entropy );
+#if defined(MBEDTLS_CTR_DRBG_C)
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
@@ -1672,6 +1698,19 @@
-ret );
goto exit;
}
+#else /* MBEDTLS_CTR_DRBG_C */
+ if( ( ret = mbedtls_hmac_drbg_seed( &hmac_drbg,
+ mbedtls_md_info_from_type(
+ available_hashes[0] ),
+ mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
+ -ret );
+ goto exit;
+ }
+#endif /* MBEDTLS_CTR_DRBG */
mbedtls_printf( " ok\n" );
@@ -1851,7 +1890,7 @@
crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
#if !defined(MBEDTLS_SSL_CONF_SINGLE_HASH)
- mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
+ mbedtls_ssl_conf_sig_hashes( &conf, available_hashes );
#endif
}
@@ -1953,11 +1992,19 @@
}
#endif
+#if defined(MBEDTLS_CTR_DRBG_C)
#if !defined(MBEDTLS_SSL_CONF_RNG)
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
#else
rng_ctx_global = &ctr_drbg;
#endif
+#else /* MBEDTLS_CTR_DRBG_C */
+#if !defined(MBEDTLS_SSL_CONF_RNG)
+ mbedtls_ssl_conf_rng( &conf, mbedtls_hmac_drbg_random, &hmac_drbg );
+#else
+ rng_ctx_global = &hmac_drbg;
+#endif
+#endif /* MBEDTLS_CTR_DRBG_C */
#if defined(MBEDTLS_DEBUG_C)
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
@@ -2871,7 +2918,11 @@
mbedtls_ssl_session_free( &saved_session );
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
+#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_free( &ctr_drbg );
+#else
+ mbedtls_hmac_drbg_free( &hmac_drbg );
+#endif
mbedtls_entropy_free( &entropy );
if( session_data != NULL )
mbedtls_platform_zeroize( session_data, session_data_len );
@@ -2895,4 +2946,4 @@
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
- MBEDTLS_CTR_DRBG_C MBEDTLS_TIMING_C */
+ ( MBEDTLS_CTR_DRBG_C || MBEDTLS_HMAC_DRBG_C ) && MBEDTLS_TIMING_C */
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index e0e4337..890725e 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -42,13 +42,16 @@
#endif
#if !defined(MBEDTLS_ENTROPY_C) || \
- !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \
- !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_CTR_DRBG_C)
+ !defined(MBEDTLS_SSL_TLS_C) || \
+ !defined(MBEDTLS_SSL_SRV_C) || \
+ !defined(MBEDTLS_NET_C) || \
+ !( defined(MBEDTLS_CTR_DRBG_C) || defined(MBEDTLS_HMAC_DRBG_C) )
int main( void )
{
mbedtls_printf("MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
- "MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n");
+ "MBEDTLS_NET_C not defined, or "
+ "neither MBEDTLS_CTR_DRBG_C nor MBEDTLS_HMAC_DRBG_C defined.\n");
return( 0 );
}
#else
@@ -58,6 +61,7 @@
#include "mbedtls/ssl_ciphersuites.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/hmac_drbg.h"
#include "mbedtls/certs.h"
#include "mbedtls/x509.h"
#include "mbedtls/error.h"
@@ -1133,9 +1137,10 @@
}
#endif
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
- !defined(MBEDTLS_SSL_CONF_SINGLE_HASH)
-static int ssl_sig_hashes_for_test[] = {
+#if ( defined(MBEDTLS_X509_CRT_PARSE_C) && \
+ !defined(MBEDTLS_SSL_CONF_SINGLE_HASH) ) || \
+ !defined(MBEDTLS_CTR_DRBG_C)
+static int available_hashes[] = {
#if defined(MBEDTLS_SHA512_C)
MBEDTLS_MD_SHA512,
MBEDTLS_MD_SHA384,
@@ -1150,7 +1155,8 @@
#endif
MBEDTLS_MD_NONE
};
-#endif /* MBEDTLS_X509_CRT_PARSE_C && !defined(MBEDTLS_SSL_CONF_SINGLE_HASH) */
+#endif /* ( MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_CONF_SINGLE_HASH ) ||
+ !MBEDTLS_CTR_DRBG_C */
/** Return true if \p ret is a status code indicating that there is an
* operation in progress on an SSL connection, and false if it indicates
@@ -1508,14 +1514,23 @@
#if defined(MBEDTLS_SSL_CONF_RNG)
int rng_wrap( void *ctx, unsigned char *dst, size_t len );
+#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_context *rng_ctx_global = NULL;
+#else
+mbedtls_hmac_drbg_context *rng_ctx_global = NULL;
+#endif /* MBEDTLS_CTR_DRBG_C */
+
int rng_wrap( void *ctx, unsigned char *dst, size_t len )
{
/* We expect the NULL parameter here. */
if( ctx != NULL )
return( -1 );
+#if defined(MBEDTLS_CTR_DRBG_C)
return( mbedtls_ctr_drbg_random( rng_ctx_global, dst, len ) );
+#else
+ return( mbedtls_hmac_drbg_random( rng_ctx_global, dst, len ) );
+#endif
}
#endif /* MBEDTLS_SSL_CONF_RNG */
@@ -1545,7 +1560,11 @@
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
#endif
mbedtls_entropy_context entropy;
+#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_context ctr_drbg;
+#else
+ mbedtls_hmac_drbg_context hmac_drbg;
+#endif
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
#if defined(MBEDTLS_TIMING_C)
@@ -1615,7 +1634,11 @@
mbedtls_net_init( &listen_fd );
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
+#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_init( &ctr_drbg );
+#else
+ mbedtls_hmac_drbg_init( &hmac_drbg );
+#endif /* MBEDTLS_CTR_DRBG_C */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_init( &cacert );
mbedtls_x509_crt_init( &srvcert );
@@ -2418,6 +2441,7 @@
fflush( stdout );
mbedtls_entropy_init( &entropy );
+#if defined(MBEDTLS_CTR_DRBG_C)
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
@@ -2426,6 +2450,19 @@
-ret );
goto exit;
}
+#else /* MBEDTLS_CTR_DRBG_C */
+ if( ( ret = mbedtls_hmac_drbg_seed( &hmac_drbg,
+ mbedtls_md_info_from_type(
+ available_hashes[0] ),
+ mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
+ -ret );
+ goto exit;
+ }
+#endif /* MBEDTLS_CTR_DRBG */
mbedtls_printf( " ok\n" );
@@ -2674,7 +2711,7 @@
crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
#if !defined(MBEDTLS_SSL_CONF_SINGLE_HASH)
- mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
+ mbedtls_ssl_conf_sig_hashes( &conf, available_hashes );
#endif
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
@@ -2765,11 +2802,19 @@
}
#endif
+#if defined(MBEDTLS_CTR_DRBG_C)
#if !defined(MBEDTLS_SSL_CONF_RNG)
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
#else
rng_ctx_global = &ctr_drbg;
#endif
+#else /* MBEDTLS_CTR_DRBG_C */
+#if !defined(MBEDTLS_SSL_CONF_RNG)
+ mbedtls_ssl_conf_rng( &conf, mbedtls_hmac_drbg_random, &hmac_drbg );
+#else
+ rng_ctx_global = &hmac_drbg;
+#endif
+#endif /* MBEDTLS_CTR_DRBG_C */
#if defined(MBEDTLS_DEBUG_C)
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
@@ -2793,7 +2838,11 @@
if( opt.tickets == MBEDTLS_SSL_SESSION_TICKETS_ENABLED )
{
if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx,
+#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_random, &ctr_drbg,
+#else
+ mbedtls_hmac_drbg_random, &hmac_drbg,
+#endif
MBEDTLS_CIPHER_AES_256_GCM,
opt.ticket_timeout ) ) != 0 )
{
@@ -2815,7 +2864,12 @@
if( opt.cookies > 0 )
{
if( ( ret = mbedtls_ssl_cookie_setup( &cookie_ctx,
- mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
+#if defined(MBEDTLS_CTR_DRBG_C)
+ mbedtls_ctr_drbg_random, &ctr_drbg
+#else
+ mbedtls_hmac_drbg_random, &hmac_drbg
+#endif /* MBEDTLS_CTR_DRBG_C */
+ ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret );
goto exit;
@@ -3852,7 +3906,11 @@
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
+#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_free( &ctr_drbg );
+#else
+ mbedtls_hmac_drbg_free( &hmac_drbg );
+#endif
mbedtls_entropy_free( &entropy );
#if defined(MBEDTLS_SSL_CACHE_C)
@@ -3895,4 +3953,4 @@
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
- MBEDTLS_CTR_DRBG_C */
+ ( MBEDTLS_CTR_DRBG_C || MBEDTLS_HMAC_DRBG_C ) */
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 2055292..8464dec 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -682,6 +682,27 @@
if_build_succeeded tests/compat.sh -t RSA
}
+component_test_no_ctr_drbg () {
+ msg "build: Default + !MBEDTLS_CTR_DRBG_C"
+ scripts/config.pl unset MBEDTLS_CTR_DRBG_C
+ CC=gcc cmake .
+ make
+
+ msg "test: !MBEDTLS_CTR_DRBG_C - ssl-opt.sh" # ~ 5s
+ if_build_succeeded tests/ssl-opt.sh --filter "Default"
+}
+
+component_test_no_ctr_drbg_no_sha512 () {
+ msg "build: Default + !MBEDTLS_CTR_DRBG_C + !MBEDTLS_SHA512_C"
+ scripts/config.pl unset MBEDTLS_CTR_DRBG_C
+ scripts/config.pl unset MBEDTLS_SHA512_C
+ CC=gcc cmake .
+ make
+
+ msg "test: !MBEDTLS_CTR_DRBG_C + !MBEDTLS_SHA512_C - ssl-opt.sh" # ~ 5s
+ if_build_succeeded tests/ssl-opt.sh --filter "Default"
+}
+
component_test_no_resumption () {
msg "build: Default + MBEDTLS_SSL_NO_SESSION_RESUMPTION (ASan build)" # ~ 6 min
scripts/config.pl unset MBEDTLS_SSL_SESSION_TICKETS
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 89c84e8..f2a9b98 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -1506,7 +1506,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
+/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
void mbedtls_rsa_validate_params( int radix_N, char *input_N,
int radix_P, char *input_P,
int radix_Q, char *input_Q,