Remove RNG from x509 and PK
remove the f_rng and p_rng parameter from x509 and PK.
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index c06844d..e0743e1 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -2827,7 +2827,7 @@
ssl->out_msg + 6 + offset,
out_buf_len - 6 - offset,
&n,
- ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx)) != 0) {
+ rs_ctx)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret);
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index fb88cf2..84d5994 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -3035,9 +3035,7 @@
md_alg, hash, hashlen,
ssl->out_msg + ssl->out_msglen + 2,
out_buf_len - ssl->out_msglen - 2,
- signature_len,
- ssl->conf->f_rng,
- ssl->conf->p_rng)) != 0) {
+ signature_len)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret);
return ret;
}
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 1076dea..deba2ae 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -978,8 +978,7 @@
if ((ret = mbedtls_pk_sign_ext(pk_type, own_key,
md_alg, verify_hash, verify_hash_len,
- p + 4, (size_t) (end - (p + 4)), &signature_len,
- ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+ p + 4, (size_t) (end - (p + 4)), &signature_len)) != 0) {
MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature failed with %s",
mbedtls_ssl_sig_alg_to_str(*sig_alg)));
MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_pk_sign_ext", ret);
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 8a47697..7d20748 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -379,9 +379,7 @@
}
int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
- unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+ unsigned char *buf, size_t size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const char *sig_oid;
@@ -571,8 +569,7 @@
if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg,
- hash, hash_length, sig, sizeof(sig), &sig_len,
- f_rng, p_rng)) != 0) {
+ hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) {
return ret;
}
@@ -614,15 +611,12 @@
#if defined(MBEDTLS_PEM_WRITE_C)
int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *crt,
- unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+ unsigned char *buf, size_t size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen;
- if ((ret = mbedtls_x509write_crt_der(crt, buf, size,
- f_rng, p_rng)) < 0) {
+ if ((ret = mbedtls_x509write_crt_der(crt, buf, size)) < 0) {
return ret;
}
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index dd75d8f..e65ddb0 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -131,9 +131,7 @@
static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
unsigned char *buf,
size_t size,
- unsigned char *sig, size_t sig_size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+ unsigned char *sig, size_t sig_size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const char *sig_oid;
@@ -218,8 +216,7 @@
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
}
if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0,
- sig, sig_size, &sig_len,
- f_rng, p_rng)) != 0) {
+ sig, sig_size, &sig_len)) != 0) {
return ret;
}
@@ -274,9 +271,7 @@
}
int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf,
- size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+ size_t size)
{
int ret;
unsigned char *sig;
@@ -286,8 +281,7 @@
}
ret = x509write_csr_der_internal(ctx, buf, size,
- sig, MBEDTLS_PK_SIGNATURE_MAX_SIZE,
- f_rng, p_rng);
+ sig, MBEDTLS_PK_SIGNATURE_MAX_SIZE);
mbedtls_free(sig);
@@ -298,15 +292,12 @@
#define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n"
#if defined(MBEDTLS_PEM_WRITE_C)
-int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen = 0;
- if ((ret = mbedtls_x509write_csr_der(ctx, buf, size,
- f_rng, p_rng)) < 0) {
+ if ((ret = mbedtls_x509write_csr_der(ctx, buf, size)) < 0) {
return ret;
}