remove RNG parameters from SSL API's
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index afeb07b..ec54f61 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -55,9 +55,7 @@
/**
* \brief Setup cookie context (generate keys)
*/
-int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng);
+int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx);
/**
* \brief Set expiration delay for cookies
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index ef97e8f..5a2e487 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -68,8 +68,6 @@
uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */
/** Callback for getting (pseudo-)random numbers */
- int(*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
- void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
#if defined(MBEDTLS_THREADING_C)
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
@@ -90,8 +88,6 @@
* \brief Prepare context to be actually used
*
* \param ctx Context to be set up
- * \param f_rng RNG callback function (mandatory)
- * \param p_rng RNG callback context
* \param alg AEAD cipher to use for ticket protection.
* \param key_type Cryptographic key type to use.
* \param key_bits Cryptographic key size to use in bits.
@@ -116,7 +112,6 @@
* or a specific MBEDTLS_ERR_XXX error code
*/
int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits,
uint32_t lifetime);
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 01b90e1..11811ee 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -81,16 +81,12 @@
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ssl_cookie_ctx));
}
-int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx)
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_algorithm_t alg;
- (void) f_rng;
- (void) p_rng;
alg = mbedtls_md_psa_alg_from_type(COOKIE_MD);
if (alg == 0) {
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index 8653e2d..c10d36f 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -75,11 +75,15 @@
*/
key->lifetime = ctx->ticket_lifetime;
- if ((ret = ctx->f_rng(ctx->p_rng, key->name, sizeof(key->name))) != 0) {
+ if ((ret = psa_crypto_init()) != 0) {
return ret;
}
- if ((ret = ctx->f_rng(ctx->p_rng, buf, sizeof(buf))) != 0) {
+ if ((ret = psa_generate_random(key->name, sizeof(key->name))) != 0) {
+ return ret;
+ }
+
+ if ((ret = psa_generate_random(buf, sizeof(buf))) != 0) {
return ret;
}
@@ -185,7 +189,6 @@
* Setup context for actual use
*/
int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits,
uint32_t lifetime)
{
@@ -199,9 +202,6 @@
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- ctx->f_rng = f_rng;
- ctx->p_rng = p_rng;
-
ctx->ticket_lifetime = lifetime;
ctx->keys[0].alg = alg;
@@ -254,7 +254,7 @@
*tlen = 0;
- if (ctx == NULL || ctx->f_rng == NULL) {
+ if (ctx == NULL) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
@@ -278,7 +278,11 @@
memcpy(key_name, key->name, TICKET_KEY_NAME_BYTES);
- if ((ret = ctx->f_rng(ctx->p_rng, iv, TICKET_IV_BYTES)) != 0) {
+ if ((ret = psa_crypto_init()) != 0) {
+ goto cleanup;
+ }
+
+ if ((ret = psa_generate_random(iv, TICKET_IV_BYTES)) != 0) {
goto cleanup;
}
@@ -355,7 +359,7 @@
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if (ctx == NULL || ctx->f_rng == NULL) {
+ if (ctx == NULL) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
index c2dbef8..d215f7a 100644
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c
@@ -108,7 +108,7 @@
}
#endif
- if (mbedtls_ssl_cookie_setup(&cookie_ctx, dummy_random, &ctr_drbg) != 0) {
+ if (mbedtls_ssl_cookie_setup(&cookie_ctx) != 0) {
goto exit;
}
diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index 28f9e33..0943654 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@@ -132,8 +132,6 @@
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
if (options & 0x4) {
if (mbedtls_ssl_ticket_setup(&ticket_ctx, //context
- dummy_random, //f_rng
- &ctr_drbg, //p_rng
PSA_ALG_GCM, //alg
PSA_KEY_TYPE_AES, //key_type
256, //key_bits
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index 6430ed2..e881c91 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -216,8 +216,7 @@
goto exit;
}
- if ((ret = mbedtls_ssl_cookie_setup(&cookie_ctx,
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ if ((ret = mbedtls_ssl_cookie_setup(&cookie_ctx)) != 0) {
printf(" failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret);
goto exit;
}
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index dc7ca8f..a81cc88 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2971,8 +2971,6 @@
#endif /* MBEDTLS_HAVE_TIME */
{
if ((ret = mbedtls_ssl_ticket_setup(&ticket_ctx,
- rng_get,
- &rng,
opt.ticket_alg,
opt.ticket_key_type,
opt.ticket_key_bits,
@@ -3014,8 +3012,7 @@
if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
#if defined(MBEDTLS_SSL_COOKIE_C)
if (opt.cookies > 0) {
- if ((ret = mbedtls_ssl_cookie_setup(&cookie_ctx,
- rng_get, &rng)) != 0) {
+ if ((ret = mbedtls_ssl_cookie_setup(&cookie_ctx)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret);
goto exit;
}