Merge pull request #10042 from bjwtaylor/remove-ssl-conf
Remove mbedtls_ssl_conf_rng()
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 6c37fc3..9a02a6a 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1405,10 +1405,6 @@
void(*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *);
void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function */
- /** Callback for getting (pseudo-)random numbers */
- int(*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
- void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
-
/** Callback to retrieve a session from the cache */
mbedtls_ssl_cache_get_t *MBEDTLS_PRIVATE(f_get_cache);
/** Callback to store a session into the cache */
@@ -2061,17 +2057,6 @@
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/**
- * \brief Set the random number generator callback
- *
- * \param conf SSL configuration
- * \param f_rng RNG function (mandatory)
- * \param p_rng RNG parameter
- */
-void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng);
-
-/**
* \brief Set the debug callback
*
* The callback has the following argument:
diff --git a/library/ssl_client.c b/library/ssl_client.c
index be4d621..cb57a97 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -725,9 +725,8 @@
#endif /* MBEDTLS_HAVE_TIME */
}
- ret = ssl->conf->f_rng(ssl->conf->p_rng,
- randbytes + gmt_unix_time_len,
- MBEDTLS_CLIENT_HELLO_RANDOM_LEN - gmt_unix_time_len);
+ ret = psa_generate_random(randbytes + gmt_unix_time_len,
+ MBEDTLS_CLIENT_HELLO_RANDOM_LEN - gmt_unix_time_len);
return ret;
}
@@ -867,9 +866,9 @@
if (session_id_len != session_negotiate->id_len) {
session_negotiate->id_len = session_id_len;
if (session_id_len > 0) {
- ret = ssl->conf->f_rng(ssl->conf->p_rng,
- session_negotiate->id,
- session_id_len);
+
+ ret = psa_generate_random(session_negotiate->id,
+ session_id_len);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "creating session id failed", ret);
return ret;
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index d12cee3..e51a3df 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1721,9 +1721,7 @@
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform,
- mbedtls_record *rec,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng);
+ mbedtls_record *rec);
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl,
mbedtls_ssl_transform *transform,
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index f5ea8dd..be0dc92 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -801,9 +801,7 @@
int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform,
- mbedtls_record *rec,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+ mbedtls_record *rec)
{
mbedtls_ssl_mode_t ssl_mode;
int auth_done = 0;
@@ -825,14 +823,6 @@
((void) ssl);
#endif
- /* The PRNG is used for dynamic IV generation that's used
- * for CBC transformations in TLS 1.2. */
-#if !(defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
- defined(MBEDTLS_SSL_PROTO_TLS1_2))
- ((void) f_rng);
- ((void) p_rng);
-#endif
-
MBEDTLS_SSL_DEBUG_MSG(2, ("=> encrypt buf"));
if (transform == NULL) {
@@ -1140,10 +1130,6 @@
* Prepend per-record IV for block cipher in TLS v1.2 as per
* Method 1 (6.2.3.2. in RFC4346 and RFC5246)
*/
- if (f_rng == NULL) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("No PRNG provided to encrypt_record routine"));
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- }
if (rec->data_offset < transform->ivlen) {
MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough"));
@@ -1153,7 +1139,7 @@
/*
* Generate IV
*/
- ret = f_rng(p_rng, transform->iv_enc, transform->ivlen);
+ ret = psa_generate_random(transform->iv_enc, transform->ivlen);
if (ret != 0) {
return ret;
}
@@ -2725,8 +2711,7 @@
rec.cid_len = 0;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- if ((ret = mbedtls_ssl_encrypt_buf(ssl, ssl->transform_out, &rec,
- ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+ if ((ret = mbedtls_ssl_encrypt_buf(ssl, ssl->transform_out, &rec)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "ssl_encrypt_buf", ret);
return ret;
}
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 7eb181e..94de343 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1223,11 +1223,6 @@
return ret;
}
- if (ssl->conf->f_rng == NULL) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided"));
- return MBEDTLS_ERR_SSL_NO_RNG;
- }
-
/* Space for further checks */
return 0;
@@ -1526,14 +1521,6 @@
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
-{
- conf->f_rng = f_rng;
- conf->p_rng = p_rng;
-}
-
void mbedtls_ssl_conf_dbg(mbedtls_ssl_config *conf,
void (*f_dbg)(void *, int, const char *, int, const char *),
void *p_dbg)
@@ -4479,6 +4466,7 @@
ssl->conf->f_async_cancel(ssl);
handshake->async_in_progress = 0;
}
+
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(PSA_WANT_ALG_SHA_256)
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 84d5994..e178550 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -2133,14 +2133,14 @@
MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
(long long) t));
#else
- if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 4)) != 0) {
+ if ((ret = psa_generate_random(p, 4)) != 0) {
return ret;
}
p += 4;
#endif /* MBEDTLS_HAVE_TIME */
- if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 20)) != 0) {
+ if ((ret = psa_generate_random(p, 20)) != 0) {
return ret;
}
p += 20;
@@ -2166,7 +2166,7 @@
} else
#endif
{
- if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 8)) != 0) {
+ if ((ret = psa_generate_random(p, 8)) != 0) {
return ret;
}
}
@@ -2197,8 +2197,8 @@
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
{
ssl->session_negotiate->id_len = n = 32;
- if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, ssl->session_negotiate->id,
- n)) != 0) {
+ if ((ret = psa_generate_random(ssl->session_negotiate->id,
+ n)) != 0) {
return ret;
}
}
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 1dde4ab..dc50bee 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1996,9 +1996,9 @@
unsigned char *server_randbytes =
ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
- if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, server_randbytes,
- MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret);
+ if ((ret = psa_generate_random(server_randbytes,
+ MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_random", ret);
return ret;
}
@@ -3172,9 +3172,8 @@
#endif
/* Generate ticket_age_add */
- if ((ret = ssl->conf->f_rng(ssl->conf->p_rng,
- (unsigned char *) &session->ticket_age_add,
- sizeof(session->ticket_age_add)) != 0)) {
+ if ((ret = psa_generate_random((unsigned char *) &session->ticket_age_add,
+ sizeof(session->ticket_age_add)) != 0)) {
MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_age_add", ret);
return ret;
}
@@ -3182,7 +3181,7 @@
(unsigned int) session->ticket_age_add));
/* Generate ticket_nonce */
- ret = ssl->conf->f_rng(ssl->conf->p_rng, ticket_nonce, ticket_nonce_size);
+ ret = psa_generate_random(ticket_nonce, ticket_nonce_size);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_nonce", ret);
return ret;
diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c
index 2094223..6d3b73f 100644
--- a/programs/fuzz/fuzz_client.c
+++ b/programs/fuzz/fuzz_client.c
@@ -141,9 +141,6 @@
//There may be other options to add :
// mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes
- srand(1);
- mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
-
if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
goto exit;
}
diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c
index e667d8b..efe1362 100644
--- a/programs/fuzz/fuzz_dtlsclient.c
+++ b/programs/fuzz/fuzz_dtlsclient.c
@@ -68,7 +68,6 @@
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- srand(1);
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
goto exit;
@@ -85,7 +84,6 @@
mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
#endif
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
- mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
goto exit;
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
index 740dea5..31eb514 100644
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c
@@ -98,10 +98,6 @@
goto exit;
}
-
- srand(1);
- mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
-
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) {
diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index 857b1b6..bb9dd0a 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@@ -112,9 +112,6 @@
goto exit;
}
- srand(1);
- mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
-
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) {
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index 3277e52..26eb20d 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -169,7 +169,6 @@
* Production code should set a proper ca chain and use REQUIRED. */
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
- mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS);
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index a10a6e6..0e155fd 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -200,7 +200,6 @@
goto exit;
}
- mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS);
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index 39d07ab..e3adb3c 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -187,8 +187,6 @@
goto exit;
}
- mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
-
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk),
(const unsigned char *) psk_id, sizeof(psk_id) - 1);
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index bd2572b..dba8aab 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -150,7 +150,6 @@
* but makes interop easier in this simplified example */
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
- mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index e4efadc..6a5fca5 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1906,7 +1906,6 @@
#endif
#endif /* MBEDTLS_HAVE_TIME */
}
- mbedtls_ssl_conf_rng(&conf, rng_get, &rng);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
mbedtls_ssl_conf_read_timeout(&conf, opt.read_timeout);
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index f1eb21f..f8752bb 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -160,7 +160,6 @@
goto exit;
}
- mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 69aefef..521bc54 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -571,7 +571,6 @@
* but makes interop easier in this simplified example */
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
- mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) {
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 1214eb8..5701a7b 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -401,7 +401,6 @@
goto exit;
}
- mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_mutexed_debug, stdout);
/* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 0f27b82..2f26ca4 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -179,7 +179,6 @@
goto exit;
}
- mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
#if defined(MBEDTLS_SSL_CACHE_C)
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 556e906..6338222 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2925,7 +2925,6 @@
#endif
#endif /* MBEDTLS_HAVE_TIME */
}
- mbedtls_ssl_conf_rng(&conf, rng_get, &rng);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
#if defined(MBEDTLS_SSL_CACHE_C)
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index 1de439c..d9d5bb6 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -383,7 +383,6 @@
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
}
- mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index 1ebd5a6..bffb353 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -767,7 +767,6 @@
mbedtls_ssl_init(&(ep->ssl));
mbedtls_ssl_config_init(&(ep->conf));
- mbedtls_ssl_conf_rng(&(ep->conf), mbedtls_test_random, NULL);
TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL);
TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0);
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index f3c8ff6..57b8f4e 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@@ -156,7 +156,6 @@
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT),
0);
- mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
@@ -194,7 +193,6 @@
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT),
0);
- mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
@@ -229,7 +227,6 @@
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT),
0);
- mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
@@ -267,7 +264,6 @@
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT),
0);
- mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
@@ -306,7 +302,6 @@
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT),
0);
- mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 3f84458..743b53c 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -1219,7 +1219,6 @@
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
MBEDTLS_SSL_PRESET_DEFAULT) == 0);
- mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
@@ -1341,8 +1340,7 @@
rec_backup = rec;
/* Encrypt record */
- ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec,
- mbedtls_test_rnd_std_rand, NULL);
+ ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec);
TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
if (ret != 0) {
continue;
@@ -1495,8 +1493,7 @@
rec_backup = rec;
/* Encrypt record */
- ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec,
- mbedtls_test_rnd_std_rand, NULL);
+ ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec);
if (ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
/* It's ok if the output buffer is too small. We do insist
@@ -1949,8 +1946,7 @@
memset(&rec.ctr[0], 0, 8);
rec.ctr[7] = ctr;
- TEST_ASSERT(mbedtls_ssl_encrypt_buf(NULL, &transform_send, &rec,
- NULL, NULL) == 0);
+ TEST_ASSERT(mbedtls_ssl_encrypt_buf(NULL, &transform_send, &rec) == 0);
if (padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) {
TEST_MEMORY_COMPARE(rec.buf + rec.data_offset, rec.data_len,
@@ -3033,7 +3029,6 @@
mbedtls_ssl_conf_transport(&conf, transport);
mbedtls_ssl_conf_min_tls_version(&conf, min_tls_version);
mbedtls_ssl_conf_max_tls_version(&conf, max_tls_version);
- mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == expected_ssl_setup_result);
TEST_EQUAL(mbedtls_ssl_conf_get_endpoint(
@@ -3058,7 +3053,6 @@
mbedtls_ssl_config conf;
mbedtls_ssl_config_init(&conf);
- mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT);
@@ -3168,7 +3162,6 @@
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
MBEDTLS_SSL_PRESET_DEFAULT),
0);
- mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0);
TEST_EQUAL(mbedtls_ssl_check_dtls_clihlo_cookie(&ssl, ssl.cli_id,
@@ -3223,7 +3216,6 @@
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT)
== 0);
- mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
@@ -3482,7 +3474,6 @@
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT), 0);
- mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0);