pre-test version of the mbedtls_ssl_conf_rng removal
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
diff --git a/library/ssl_client.c b/library/ssl_client.c
index be4d621..f8abfde 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -725,8 +725,7 @@
#endif /* MBEDTLS_HAVE_TIME */
}
- ret = ssl->conf->f_rng(ssl->conf->p_rng,
- randbytes + gmt_unix_time_len,
+ ret = psa_generate_random(randbytes + gmt_unix_time_len,
MBEDTLS_CLIENT_HELLO_RANDOM_LEN - gmt_unix_time_len);
return ret;
}
@@ -867,8 +866,8 @@
if (session_id_len != session_negotiate->id_len) {
session_negotiate->id_len = session_id_len;
if (session_id_len > 0) {
- ret = ssl->conf->f_rng(ssl->conf->p_rng,
- session_negotiate->id,
+
+ ret = psa_generate_random(session_negotiate->id,
session_id_len);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "creating session id failed", ret);
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index d12cee3..e51a3df 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1721,9 +1721,7 @@
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform,
- mbedtls_record *rec,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng);
+ mbedtls_record *rec);
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl,
mbedtls_ssl_transform *transform,
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index f5ea8dd..96c1a7c 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -801,9 +801,7 @@
int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform,
- mbedtls_record *rec,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+ mbedtls_record *rec)
{
mbedtls_ssl_mode_t ssl_mode;
int auth_done = 0;
@@ -1140,10 +1138,6 @@
* Prepend per-record IV for block cipher in TLS v1.2 as per
* Method 1 (6.2.3.2. in RFC4346 and RFC5246)
*/
- if (f_rng == NULL) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("No PRNG provided to encrypt_record routine"));
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- }
if (rec->data_offset < transform->ivlen) {
MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough"));
@@ -1153,7 +1147,7 @@
/*
* Generate IV
*/
- ret = f_rng(p_rng, transform->iv_enc, transform->ivlen);
+ ret = psa_generate_random(transform->iv_enc, transform->ivlen);
if (ret != 0) {
return ret;
}
@@ -2725,8 +2719,7 @@
rec.cid_len = 0;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- if ((ret = mbedtls_ssl_encrypt_buf(ssl, ssl->transform_out, &rec,
- ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+ if ((ret = mbedtls_ssl_encrypt_buf(ssl, ssl->transform_out, &rec)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "ssl_encrypt_buf", ret);
return ret;
}
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8f90fa1..20a2538 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1223,11 +1223,6 @@
return ret;
}
- if (ssl->conf->f_rng == NULL) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided"));
- return MBEDTLS_ERR_SSL_NO_RNG;
- }
-
/* Space for further checks */
return 0;
@@ -1249,6 +1244,7 @@
if ((ret = ssl_conf_check(ssl)) != 0) {
return ret;
}
+
ssl->tls_version = ssl->conf->max_tls_version;
/*
@@ -1289,6 +1285,10 @@
goto error;
}
+ if((ret = psa_crypto_init()) != 0) {
+ goto error;
+ }
+
return 0;
error:
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 84d5994..d3c4223 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -2133,14 +2133,14 @@
MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
(long long) t));
#else
- if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 4)) != 0) {
+ if ((ret = psa_generate_random(ssl->conf->p_rng, p, 4)) != 0) {
return ret;
}
p += 4;
#endif /* MBEDTLS_HAVE_TIME */
- if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 20)) != 0) {
+ if ((ret = psa_generate_random(p, 20)) != 0) {
return ret;
}
p += 20;
@@ -2166,7 +2166,8 @@
} else
#endif
{
- if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 8)) != 0) {
+
+ if ((ret = psa_generate_random(p, 8)) != 0) {
return ret;
}
}
@@ -2197,7 +2198,7 @@
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
{
ssl->session_negotiate->id_len = n = 32;
- if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, ssl->session_negotiate->id,
+ if ((ret = psa_generate_random(ssl->session_negotiate->id,
n)) != 0) {
return ret;
}
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 1dde4ab..4ef23f8 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1996,7 +1996,7 @@
unsigned char *server_randbytes =
ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
- if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, server_randbytes,
+ if ((ret = psa_generate_random(server_randbytes,
MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret);
return ret;
@@ -3172,8 +3172,7 @@
#endif
/* Generate ticket_age_add */
- if ((ret = ssl->conf->f_rng(ssl->conf->p_rng,
- (unsigned char *) &session->ticket_age_add,
+ if ((ret = psa_generate_random((unsigned char *) &session->ticket_age_add,
sizeof(session->ticket_age_add)) != 0)) {
MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_age_add", ret);
return ret;
@@ -3182,7 +3181,7 @@
(unsigned int) session->ticket_age_add));
/* Generate ticket_nonce */
- ret = ssl->conf->f_rng(ssl->conf->p_rng, ticket_nonce, ticket_nonce_size);
+ ret = psa_generate_random(ticket_nonce, ticket_nonce_size);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_nonce", ret);
return ret;