- Moved all examples programs to use the new entropy and CTR_DRBG
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 0f0cfc3..d24ae00 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -39,7 +39,8 @@
#include "polarssl/config.h"
-#include "polarssl/havege.h"
+#include "polarssl/entropy.h"
+#include "polarssl/ctr_drbg.h"
#include "polarssl/certs.h"
#include "polarssl/x509.h"
#include "polarssl/ssl.h"
@@ -52,17 +53,18 @@
"<p>Successful connection using: %s</p>\r\n"
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \
- !defined(POLARSSL_HAVEGE_C) || !defined(POLARSSL_SSL_TLS_C) || \
+ !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \
!defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \
- !defined(POLARSSL_RSA_C)
+ !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
- printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_HAVEGE_C "
+ printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
"and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
- "POLARSSL_NET_C and/or POLARSSL_RSA_C not defined.\n");
+ "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
+ "POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
}
#elif defined(_WIN32)
@@ -204,8 +206,10 @@
int listen_fd;
int client_fd;
unsigned char buf[1024];
+ char *pers = "ssl_fork_server";
- havege_state hs;
+ entropy_context entropy;
+ ctr_drbg_context ctr_drbg;
ssl_context ssl;
ssl_session ssn;
x509_cert srvcert;
@@ -217,9 +221,25 @@
signal( SIGCHLD, SIG_IGN );
/*
+ * 0. Initial seeding of the RNG
+ */
+ printf( "\n . Initial seeding of the random generator..." );
+ fflush( stdout );
+
+ entropy_init( &entropy );
+ if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
+ (unsigned char *) pers, strlen( pers ) ) ) != 0 )
+ {
+ printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
+ goto exit;
+ }
+
+ printf( " ok\n" );
+
+ /*
* 1. Load the certificates and private RSA key
*/
- printf( "\n . Loading the server cert. and key..." );
+ printf( " . Loading the server cert. and key..." );
fflush( stdout );
memset( &srvcert, 0, sizeof( x509_cert ) );
@@ -308,6 +328,13 @@
if( pid != 0 )
{
+ if( ( ret = ctr_drbg_reseed( &ctr_drbg,
+ (unsigned char* ) "parent", 6 ) ) != 0 )
+ {
+ printf( " failed\n ! ctr_drbg_reseed returned %d\n", ret );
+ goto exit;
+ }
+
close( client_fd );
continue;
}
@@ -317,11 +344,16 @@
/*
* 4. Setup stuff
*/
- printf( " . Setting up the RNG and SSL data...." );
+ printf( " . Setting up the SSL data...." );
fflush( stdout );
- havege_init( &hs );
-
+ if( ( ret = ctr_drbg_reseed( &ctr_drbg,
+ (unsigned char *) "child", 5 ) ) != 0 )
+ {
+ printf( " failed\n ! ctr_drbg_reseed returned %d\n", ret );
+ goto exit;
+ }
+
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
printf( " failed\n ! ssl_init returned %d\n\n", ret );
@@ -333,7 +365,7 @@
ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
- ssl_set_rng( &ssl, havege_random, &hs );
+ ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio( &ssl, net_recv, &client_fd,
net_send, &client_fd );
@@ -466,6 +498,6 @@
return( ret );
}
-#endif /* POLARSSL_BIGNUM_C && POLARSSL_CERTS_C && POLARSSL_HAVEGE_C &&
+#endif /* POLARSSL_BIGNUM_C && POLARSSL_CERTS_C && POLARSSL_ENTROPY_C &&
POLARSSL_SSL_TLS_C && POLARSSL_SSL_SRV_C && POLARSSL_NET_C &&
- POLARSSL_RSA_C */
+ POLARSSL_RSA_C && POLARSSL_CTR_DRBG_C */