- Changed origins of random function and pointer in rsa_pkcs1_encrypt, rsa_init, rsa_gen_key.
Moved to parameters of function instead of context pointers as within ssl_cli, context pointer cannot be set easily.
diff --git a/ChangeLog b/ChangeLog
index 9e77f2c..5557394 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,8 +11,9 @@
Changes
* Made Makefile cleaner
* Removed dependency on rand() in rsa_pkcs1_encrypt().
- Now using random fuction provided to context.
- Requires initialization with rsa_init() before use!
+ Now using random fuction provided to function and
+ changed the prototype of rsa_pkcs1_encrypt(),
+ rsa_init() and rsa_gen_key().
* Some SSL defines were renamed in order to avoid
future confusion
diff --git a/include/polarssl/rsa.h b/include/polarssl/rsa.h
index 03f7956..5fae794 100644
--- a/include/polarssl/rsa.h
+++ b/include/polarssl/rsa.h
@@ -144,8 +144,6 @@
int padding; /*!< 1.5 or OAEP/PSS */
int hash_id; /*!< hash identifier */
- int (*f_rng)(void *); /*!< RNG function */
- void *p_rng; /*!< RNG parameter */
}
rsa_context;
@@ -159,8 +157,6 @@
* \param ctx RSA context to be initialized
* \param padding RSA_PKCS_V15 or RSA_PKCS_V21
* \param hash_id RSA_PKCS_V21 hash identifier
- * \param f_rng RNG function
- * \param p_rng RNG parameter
*
* \note The hash_id parameter is actually ignored
* when using RSA_PKCS_V15 padding.
@@ -170,23 +166,26 @@
*/
void rsa_init( rsa_context *ctx,
int padding,
- int hash_id,
- int (*f_rng)(void *),
- void *p_rng );
+ int hash_id);
/**
* \brief Generate an RSA keypair
*
* \param ctx RSA context that will hold the key
+ * \param f_rng RNG function
+ * \param p_rng RNG parameter
* \param nbits size of the public key in bits
* \param exponent public exponent (e.g., 65537)
*
* \note rsa_init() must be called beforehand to setup
- * the RSA context (especially f_rng and p_rng).
+ * the RSA context.
*
* \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
*/
-int rsa_gen_key( rsa_context *ctx, int nbits, int exponent );
+int rsa_gen_key( rsa_context *ctx,
+ int (*f_rng)(void *),
+ void *p_rng,
+ int nbits, int exponent );
/**
* \brief Check a public RSA key
@@ -246,6 +245,8 @@
* \brief Add the message padding, then do an RSA operation
*
* \param ctx RSA context
+ * \param f_rng RNG function
+ * \param p_rng RNG parameter
* \param mode RSA_PUBLIC or RSA_PRIVATE
* \param ilen contains the plaintext length
* \param input buffer holding the data to be encrypted
@@ -257,6 +258,8 @@
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
*/
int rsa_pkcs1_encrypt( rsa_context *ctx,
+ int (*f_rng)(void *),
+ void *p_rng,
int mode, int ilen,
const unsigned char *input,
unsigned char *output );
diff --git a/library/rsa.c b/library/rsa.c
index 333e25c..77404fc 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -44,17 +44,12 @@
*/
void rsa_init( rsa_context *ctx,
int padding,
- int hash_id,
- int (*f_rng)(void *),
- void *p_rng )
+ int hash_id )
{
memset( ctx, 0, sizeof( rsa_context ) );
ctx->padding = padding;
ctx->hash_id = hash_id;
-
- ctx->f_rng = f_rng;
- ctx->p_rng = p_rng;
}
#if defined(POLARSSL_GENPRIME)
@@ -62,12 +57,15 @@
/*
* Generate an RSA keypair
*/
-int rsa_gen_key( rsa_context *ctx, int nbits, int exponent )
+int rsa_gen_key( rsa_context *ctx,
+ int (*f_rng)(void *),
+ void *p_rng,
+ int nbits, int exponent )
{
int ret;
mpi P1, Q1, H, G;
- if( ctx->f_rng == NULL || nbits < 128 || exponent < 3 )
+ if( f_rng == NULL || nbits < 128 || exponent < 3 )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
mpi_init( &P1, &Q1, &H, &G, NULL );
@@ -81,10 +79,10 @@
do
{
MPI_CHK( mpi_gen_prime( &ctx->P, ( nbits + 1 ) >> 1, 0,
- ctx->f_rng, ctx->p_rng ) );
+ f_rng, p_rng ) );
MPI_CHK( mpi_gen_prime( &ctx->Q, ( nbits + 1 ) >> 1, 0,
- ctx->f_rng, ctx->p_rng ) );
+ f_rng, p_rng ) );
if( mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 )
mpi_swap( &ctx->P, &ctx->Q );
@@ -297,6 +295,8 @@
* Add the message padding, then do an RSA operation
*/
int rsa_pkcs1_encrypt( rsa_context *ctx,
+ int (*f_rng)(void *),
+ void *p_rng,
int mode, int ilen,
const unsigned char *input,
unsigned char *output )
@@ -310,7 +310,7 @@
{
case RSA_PKCS_V15:
- if( ilen < 0 || olen < ilen + 11 || ctx->f_rng == NULL )
+ if( ilen < 0 || olen < ilen + 11 || f_rng == NULL )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
nb_pad = olen - 3 - ilen;
@@ -323,7 +323,7 @@
int rng_dl = 100;
do {
- *p = (unsigned char) ctx->f_rng( ctx->p_rng );
+ *p = (unsigned char) f_rng( p_rng );
} while( *p == 0 && --rng_dl );
// Check if RNG failed to generate data
@@ -725,7 +725,7 @@
unsigned char rsa_decrypted[PT_LEN];
unsigned char rsa_ciphertext[KEY_LEN];
- rsa_init( &rsa, RSA_PKCS_V15, 0, &myrand, NULL );
+ rsa_init( &rsa, RSA_PKCS_V15, 0 );
rsa.len = KEY_LEN;
mpi_read_string( &rsa.N , 16, RSA_N );
@@ -754,7 +754,7 @@
memcpy( rsa_plaintext, RSA_PT, PT_LEN );
- if( rsa_pkcs1_encrypt( &rsa, RSA_PUBLIC, PT_LEN,
+ if( rsa_pkcs1_encrypt( &rsa, &myrand, NULL, RSA_PUBLIC, PT_LEN,
rsa_plaintext, rsa_ciphertext ) != 0 )
{
if( verbose != 0 )
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index ba1d287..cebcceb 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -584,7 +584,9 @@
ssl->out_msg[5] = (unsigned char)( n );
}
- ret = rsa_pkcs1_encrypt( &ssl->peer_cert->rsa, RSA_PUBLIC,
+ ret = rsa_pkcs1_encrypt( &ssl->peer_cert->rsa,
+ ssl->f_rng, ssl->p_rng,
+ RSA_PUBLIC,
ssl->pmslen, ssl->premaster,
ssl->out_msg + i );
if( ret != 0 )