commit 572d448ab234e8edaa3e7dc0dd95c49cf8c86382
author Hanno Becker <hanno.becker@arm.com> Tue Jul 23 13:47:53 2019 +0100
committer Hanno Becker <hanno.becker@arm.com> Mon Aug 12 17:05:03 2019 +0100
tree 6754b9d64574cc89e912c83cd52587e16d1c5f37
parent 9a12243b012493043fdda9cc4e5fc21cc5c3ac7b

Enforce NULL context for hardcoded RNG

include/mbedtls/config.h

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 243678c..96413f8 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -3668,9 +3668,10 @@
 /* The PRNG to use by the SSL module. If defined, this must
  * evaluate to the name on externally defined function with signature
  * int f_rng(void *, unsigned char *, size_t),
- * e.g. mbedtls_ctr_drbg_random or mbedtls_hmac_drbg_random.
+ * which ignores its first parameter (the stack will always
+ * pass NULL to this function).
  */
-//#define MBEDTLS_SSL_CONF_RNG mbedtls_ctr_drbg_random
+//#define MBEDTLS_SSL_CONF_RNG rng_wrap
 
 /* TLS version */
 //#define MBEDTLS_SSL_CONF_MIN_MINOR_VER MBEDTLS_SSL_MINOR_VERSION_3

include/mbedtls/ssl.h

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index ec2cf45..1f09977 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1000,8 +1000,8 @@
 #if !defined(MBEDTLS_SSL_CONF_RNG)
     /** Callback for getting (pseudo-)random numbers                        */
     int  (*f_rng)(void *, unsigned char *, size_t);
-#endif /* !MBEDTLS_SSL_CONF_RNG */
     void *p_rng;                    /*!< context for the RNG function       */
+#endif /* !MBEDTLS_SSL_CONF_RNG */
 
 #if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
     /** Callback to retrieve a session from the cache                       */
@@ -1601,15 +1601,6 @@
 void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
                   int (*f_rng)(void *, unsigned char *, size_t),
                   void *p_rng );
-#else /* !MBEDTLS_SSL_CONF_RNG */
-/**
- * \brief          Set the random number generator callback context.
- *
- * \param conf     SSL configuration
- * \param p_rng    RNG parameter
- */
-void mbedtls_ssl_conf_rng_ctx( mbedtls_ssl_config *conf,
-                               void *p_rng );
 #endif /* MBEDTLS_SSL_CONF_RNG */
 
 #if defined(MBEDTLS_DEBUG_C)

include/mbedtls/ssl_internal.h

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index e5c37ea..9cf80ef 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -1560,18 +1560,18 @@
 
 typedef int mbedtls_frng_t( void*, unsigned char*, size_t );
 
-static inline void* mbedtls_ssl_conf_get_prng( mbedtls_ssl_config const *conf )
-{
-    return( conf->p_rng );
-}
 #if !defined(MBEDTLS_SSL_CONF_RNG)
 static inline mbedtls_frng_t* mbedtls_ssl_conf_get_frng(
     mbedtls_ssl_config const *conf )
 {
     return( conf->f_rng );
 }
-#else /* !MBEDTLS_SSL_CONF_RNG */
 
+static inline void* mbedtls_ssl_conf_get_prng( mbedtls_ssl_config const *conf )
+{
+    return( conf->p_rng );
+}
+#else /* !MBEDTLS_SSL_CONF_RNG */
 #define mbedtls_ssl_conf_rng_func MBEDTLS_SSL_CONF_RNG
 extern int mbedtls_ssl_conf_rng_func( void*, unsigned char*, size_t );
 
@@ -1581,6 +1581,12 @@
     ((void) conf);
     return ((mbedtls_frng_t*) mbedtls_ssl_conf_rng_func);
 }
+
+static inline void* mbedtls_ssl_conf_get_prng( mbedtls_ssl_config const *conf )
+{
+    ((void) conf);
+    return( NULL );
+}
 #endif /* MBEDTLS_SSL_CONF_RNG */
 
 static inline int mbedtls_ssl_conf_get_max_major_ver(