- Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs
diff --git a/ChangeLog b/ChangeLog
index f42d38a..06c8e3b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -29,6 +29,9 @@
trade-off
* Introduced POLARSSL_MPI_MAX_SIZE and POLARSSL_MPI_MAX_BITS for MPI size
management (Closes ticket #44)
+ * Changed the used random function pointer to more flexible format. Renamed
+ havege_rand() to havege_random() to prevent mistakes. Lots of changes as
+ a consequence in library code and programs
Bugfix
* Fixed faulty HMAC-MD2 implementation. Found by dibac. (Closes
diff --git a/include/polarssl/bignum.h b/include/polarssl/bignum.h
index 1308557..12435f7 100644
--- a/include/polarssl/bignum.h
+++ b/include/polarssl/bignum.h
@@ -539,7 +539,9 @@
* \return 0 if successful,
* 1 if memory allocation failed
*/
-int mpi_fill_random( mpi *X, size_t size, int (*f_rng)(void *), void *p_rng );
+int mpi_fill_random( mpi *X, size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
/**
* \brief Greatest common divisor: G = gcd(A, B)
@@ -578,7 +580,9 @@
* 1 if memory allocation failed,
* POLARSSL_ERR_MPI_NOT_ACCEPTABLE if X is not prime
*/
-int mpi_is_prime( mpi *X, int (*f_rng)(void *), void *p_rng );
+int mpi_is_prime( mpi *X,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
/**
* \brief Prime number generation
@@ -594,7 +598,8 @@
* POLARSSL_ERR_MPI_BAD_INPUT_DATA if nbits is < 3
*/
int mpi_gen_prime( mpi *X, size_t nbits, int dh_flag,
- int (*f_rng)(void *), void *p_rng );
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
/**
* \brief Checkup routine
diff --git a/include/polarssl/dhm.h b/include/polarssl/dhm.h
index 1cbfc6c..52b0bf9 100644
--- a/include/polarssl/dhm.h
+++ b/include/polarssl/dhm.h
@@ -90,7 +90,8 @@
*/
int dhm_make_params( dhm_context *ctx, int x_size,
unsigned char *output, size_t *olen,
- int (*f_rng)(void *), void *p_rng );
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
/**
* \brief Import the peer's public value G^Y
@@ -118,7 +119,8 @@
*/
int dhm_make_public( dhm_context *ctx, int x_size,
unsigned char *output, size_t olen,
- int (*f_rng)(void *), void *p_rng );
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
/**
* \brief Derive and export the shared secret (G^Y)^X mod P
diff --git a/include/polarssl/havege.h b/include/polarssl/havege.h
index 4be0e59..48d0f16 100644
--- a/include/polarssl/havege.h
+++ b/include/polarssl/havege.h
@@ -27,6 +27,8 @@
#ifndef POLARSSL_HAVEGE_H
#define POLARSSL_HAVEGE_H
+#include <string.h>
+
#define COLLECT_SIZE 1024
/**
@@ -55,10 +57,12 @@
* \brief HAVEGE rand function
*
* \param p_rng A HAVEGE state
+ * \param output Buffer to fill
+ * \param len Length of buffer
*
* \return A random int
*/
-int havege_rand( void *p_rng );
+int havege_random( void *p_rng, unsigned char *output, size_t len );
#ifdef __cplusplus
}
diff --git a/include/polarssl/rsa.h b/include/polarssl/rsa.h
index c9ecbcd..629aa0f 100644
--- a/include/polarssl/rsa.h
+++ b/include/polarssl/rsa.h
@@ -186,7 +186,7 @@
* \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
*/
int rsa_gen_key( rsa_context *ctx,
- int (*f_rng)(void *),
+ int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
unsigned int nbits, int exponent );
@@ -261,7 +261,7 @@
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
*/
int rsa_pkcs1_encrypt( rsa_context *ctx,
- int (*f_rng)(void *),
+ int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode, size_t ilen,
const unsigned char *input,
@@ -314,7 +314,7 @@
* keep both hashes the same.
*/
int rsa_pkcs1_sign( rsa_context *ctx,
- int (*f_rng)(void *),
+ int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode,
int hash_id,
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 5e2cae3..02d75c7 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -232,7 +232,7 @@
/*
* Callbacks (RNG, debug, I/O, verification)
*/
- int (*f_rng)(void *);
+ int (*f_rng)(void *, unsigned char *, size_t);
void (*f_dbg)(void *, int, const char *);
int (*f_recv)(void *, unsigned char *, size_t);
int (*f_send)(void *, const unsigned char *, size_t);
@@ -438,7 +438,7 @@
* \param p_rng RNG parameter
*/
void ssl_set_rng( ssl_context *ssl,
- int (*f_rng)(void *),
+ int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
/**
diff --git a/library/bignum.c b/library/bignum.c
index 36e78e1..6591b5b 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1608,18 +1608,16 @@
return( ret );
}
-int mpi_fill_random( mpi *X, size_t size, int (*f_rng)(void *), void *p_rng )
+int mpi_fill_random( mpi *X, size_t size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
{
int ret;
- size_t k;
- unsigned char *p;
MPI_CHK( mpi_grow( X, size ) );
MPI_CHK( mpi_lset( X, 0 ) );
- p = (unsigned char *) X->p;
- for( k = 0; k < X->n * ciL; k++ )
- *p++ = (unsigned char) f_rng( p_rng );
+ MPI_CHK( f_rng( p_rng, (unsigned char *) X->p, X->n * ciL ) );
cleanup:
return( ret );
@@ -1750,7 +1748,9 @@
/*
* Miller-Rabin primality test (HAC 4.24)
*/
-int mpi_is_prime( mpi *X, int (*f_rng)(void *), void *p_rng )
+int mpi_is_prime( mpi *X,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
{
int ret, xs;
size_t i, j, n, s;
@@ -1809,7 +1809,7 @@
/*
* pick a random A, 1 < A < |X| - 1
*/
- mpi_fill_random( &A, X->n, f_rng, p_rng );
+ MPI_CHK( mpi_fill_random( &A, X->n, f_rng, p_rng ) );
if( mpi_cmp_mpi( &A, &W ) >= 0 )
{
@@ -1867,7 +1867,8 @@
* Prime number generation
*/
int mpi_gen_prime( mpi *X, size_t nbits, int dh_flag,
- int (*f_rng)(void *), void *p_rng )
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
{
int ret;
size_t k, n;
@@ -1880,7 +1881,7 @@
n = BITS_TO_LIMBS( nbits );
- mpi_fill_random( X, n, f_rng, p_rng );
+ MPI_CHK( mpi_fill_random( X, n, f_rng, p_rng ) );
k = mpi_msb( X );
if( k < nbits ) MPI_CHK( mpi_shift_l( X, nbits - k ) );
diff --git a/library/dhm.c b/library/dhm.c
index 07d722e..bddd076 100644
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -127,7 +127,8 @@
*/
int dhm_make_params( dhm_context *ctx, int x_size,
unsigned char *output, size_t *olen,
- int (*f_rng)(void *), void *p_rng )
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
{
int ret, n;
size_t n1, n2, n3;
@@ -203,7 +204,8 @@
*/
int dhm_make_public( dhm_context *ctx, int x_size,
unsigned char *output, size_t olen,
- int (*f_rng)(void *), void *p_rng )
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
{
int ret, n;
diff --git a/library/havege.c b/library/havege.c
index 11c3d28..ff302c5 100644
--- a/library/havege.c
+++ b/library/havege.c
@@ -200,18 +200,32 @@
/*
* HAVEGE rand function
*/
-int havege_rand( void *p_rng )
+int havege_random( void *p_rng, unsigned char *buf, size_t len )
{
- int ret;
+ int val;
+ size_t use_len;
havege_state *hs = (havege_state *) p_rng;
+ unsigned char *p = buf;
- if( hs->offset[1] >= COLLECT_SIZE )
- havege_fill( hs );
+ while( len > 0 )
+ {
+ use_len = len;
+ if( use_len > sizeof(int) )
+ use_len = sizeof(int);
- ret = hs->pool[hs->offset[0]++];
- ret ^= hs->pool[hs->offset[1]++];
+ if( hs->offset[1] >= COLLECT_SIZE )
+ havege_fill( hs );
- return( ret );
+ val = hs->pool[hs->offset[0]++];
+ val ^= hs->pool[hs->offset[1]++];
+
+ memcpy( p, &val, use_len );
+
+ len -= use_len;
+ p += use_len;
+ }
+
+ return( 0 );
}
#endif
diff --git a/library/rsa.c b/library/rsa.c
index 8cadcad..3133b2f 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -58,9 +58,9 @@
* Generate an RSA keypair
*/
int rsa_gen_key( rsa_context *ctx,
- int (*f_rng)(void *),
- void *p_rng,
- unsigned int nbits, int exponent )
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ unsigned int nbits, int exponent )
{
int ret;
mpi P1, Q1, H, G;
@@ -356,16 +356,16 @@
* Add the message padding, then do an RSA operation
*/
int rsa_pkcs1_encrypt( rsa_context *ctx,
- int (*f_rng)(void *),
+ int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode, size_t ilen,
const unsigned char *input,
unsigned char *output )
{
- size_t nb_pad, olen;
+ size_t nb_pad, olen, ret;
unsigned char *p = output;
#if defined(POLARSSL_PKCS1_V21)
- unsigned int i, hlen;
+ unsigned int hlen;
const md_info_t *md_info;
md_context_t md_ctx;
#endif
@@ -392,13 +392,13 @@
int rng_dl = 100;
do {
- *p = (unsigned char) f_rng( p_rng );
- } while( *p == 0 && --rng_dl );
+ ret = f_rng( p_rng, p, 1 );
+ } while( *p == 0 && --rng_dl && ret == 0 );
// Check if RNG failed to generate data
//
- if( rng_dl == 0 )
- return POLARSSL_ERR_RSA_RNG_FAILED;
+ if( rng_dl == 0 || ret != 0)
+ return POLARSSL_ERR_RSA_RNG_FAILED + ret;
p++;
}
@@ -427,8 +427,10 @@
// Generate a random octet string seed
//
- for( i = 0; i < hlen; ++i )
- *p++ = (unsigned char) f_rng( p_rng );
+ if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 )
+ return( POLARSSL_ERR_RSA_RNG_FAILED + ret );
+
+ p += hlen;
// Construct DB
//
@@ -578,7 +580,7 @@
* Do an RSA operation to sign the message digest
*/
int rsa_pkcs1_sign( rsa_context *ctx,
- int (*f_rng)(void *),
+ int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode,
int hash_id,
@@ -590,7 +592,7 @@
unsigned char *p = sig;
#if defined(POLARSSL_PKCS1_V21)
unsigned char salt[POLARSSL_MD_MAX_SIZE];
- unsigned int i, slen, hlen, offset = 0;
+ unsigned int slen, hlen, offset = 0, ret;
size_t msb;
const md_info_t *md_info;
md_context_t md_ctx;
@@ -757,8 +759,8 @@
// Generate salt of length slen
//
- for( i = 0; i < slen; ++i )
- salt[i] = (unsigned char) f_rng( p_rng );
+ if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 )
+ return( POLARSSL_ERR_RSA_RNG_FAILED + ret );
// Note: EMSA-PSS encoding is over the length of N - 1 bits
//
@@ -1080,12 +1082,17 @@
#define RSA_PT "\xAA\xBB\xCC\x03\x02\x01\x00\xFF\xFF\xFF\xFF\xFF" \
"\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD"
-static int myrand( void *rng_state )
+static int myrand( void *rng_state, unsigned char *output, size_t len )
{
+ size_t i;
+
if( rng_state != NULL )
rng_state = NULL;
- return( rand() );
+ for( i = 0; i < len; ++i )
+ output[i] = rand();
+
+ return( 0 );
}
/*
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 8644151..a7900e4 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -81,8 +81,10 @@
SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) );
- for( i = 28; i > 0; i-- )
- *p++ = (unsigned char) ssl->f_rng( ssl->p_rng );
+ if( ( ret = ssl->f_rng( ssl->p_rng, p, 28 ) ) != 0 )
+ return( ret );
+
+ p += 28;
memcpy( ssl->randbytes, buf + 6, 32 );
@@ -583,8 +585,9 @@
ssl->premaster[1] = (unsigned char) ssl->max_minor_ver;
ssl->pmslen = 48;
- for( i = 2; i < ssl->pmslen; i++ )
- ssl->premaster[i] = (unsigned char) ssl->f_rng( ssl->p_rng );
+ ret = ssl->f_rng( ssl->p_rng, ssl->premaster + 2, ssl->pmslen - 2 );
+ if( ret != 0 )
+ return( ret );
i = 4;
n = ssl->peer_cert->rsa.len;
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 2175523..57de3b1 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -359,7 +359,7 @@
static int ssl_write_server_hello( ssl_context *ssl )
{
time_t t;
- int ret, i, n;
+ int ret, n;
unsigned char *buf, *p;
SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );
@@ -388,8 +388,10 @@
SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) );
- for( i = 28; i > 0; i-- )
- *p++ = (unsigned char) ssl->f_rng( ssl->p_rng );
+ if( ( ret = ssl->f_rng( ssl->p_rng, p, 28 ) ) != 0 )
+ return( ret );
+
+ p += 28;
memcpy( ssl->randbytes + 32, buf + 6, 32 );
@@ -413,9 +415,8 @@
ssl->resume = 0;
ssl->state++;
- for( i = 0; i < n; i++ )
- ssl->session->id[i] =
- (unsigned char) ssl->f_rng( ssl->p_rng );
+ if( ( ret = ssl->f_rng( ssl->p_rng, ssl->session->id, n ) ) != 0 )
+ return( ret );
}
else
{
@@ -823,8 +824,9 @@
*/
ssl->pmslen = 48;
- for( i = 0; i < ssl->pmslen; i++ )
- ssl->premaster[i] = (unsigned char) ssl->f_rng( ssl->p_rng );
+ ret = ssl->f_rng( ssl->p_rng, ssl->premaster, ssl->pmslen );
+ if( ret != 0 )
+ return( ret );
}
}
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c3644ad..a865a75 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -578,8 +578,9 @@
/*
* Generate IV
*/
- for( i = 0; i < ssl->ivlen; i++ )
- ssl->iv_enc[i] = ssl->f_rng( ssl->p_rng );
+ int ret = ssl->f_rng( ssl->p_rng, ssl->iv_enc, ssl->ivlen );
+ if( ret != 0 )
+ return( ret );
/*
* Shift message for ivlen bytes and prepend IV
@@ -1796,7 +1797,7 @@
}
void ssl_set_rng( ssl_context *ssl,
- int (*f_rng)(void *),
+ int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
ssl->f_rng = f_rng;
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index ab7b9a6..7b13e91 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -207,7 +207,7 @@
n = dhm.len;
if( ( ret = dhm_make_public( &dhm, 256, buf, n,
- havege_rand, &hs ) ) != 0 )
+ havege_random, &hs ) ) != 0 )
{
printf( " failed\n ! dhm_make_public returned %d\n\n", ret );
goto exit;
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index f6ae03f..ae31a1e 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -80,7 +80,7 @@
* This can take a long time...
*/
if( ( ret = mpi_gen_prime( &P, DH_P_SIZE, 1,
- havege_rand, &hs ) ) != 0 )
+ havege_random, &hs ) ) != 0 )
{
printf( " failed\n ! mpi_gen_prime returned %d\n\n", ret );
goto exit;
@@ -101,7 +101,7 @@
goto exit;
}
- if( ( ret = mpi_is_prime( &Q, havege_rand, &hs ) ) != 0 )
+ if( ( ret = mpi_is_prime( &Q, havege_random, &hs ) ) != 0 )
{
printf( " failed\n ! mpi_is_prime returned %d\n\n", ret );
goto exit;
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index de2ce97..70af54c 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -172,7 +172,7 @@
memset( buf, 0, sizeof( buf ) );
if( ( ret = dhm_make_params( &dhm, 256, buf, &n,
- havege_rand, &hs ) ) != 0 )
+ havege_random, &hs ) ) != 0 )
{
printf( " failed\n ! dhm_make_params returned %d\n\n", ret );
goto exit;
diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
index 0b54a17..63e2f13 100644
--- a/programs/pkey/rsa_encrypt.c
+++ b/programs/pkey/rsa_encrypt.c
@@ -110,7 +110,7 @@
printf( "\n . Generating the RSA encrypted value" );
fflush( stdout );
- if( ( ret = rsa_pkcs1_encrypt( &rsa, havege_rand, &hs, RSA_PUBLIC, strlen( argv[1] ), input, buf ) ) != 0 )
+ if( ( ret = rsa_pkcs1_encrypt( &rsa, havege_random, &hs, RSA_PUBLIC, strlen( argv[1] ), input, buf ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_encrypt returned %d\n\n", ret );
goto exit;
diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index d7158b4..e2d06fa 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c
@@ -74,7 +74,7 @@
rsa_init( &rsa, RSA_PKCS_V15, 0 );
- if( ( ret = rsa_gen_key( &rsa, havege_rand, &hs, KEY_SIZE, EXPONENT ) ) != 0 )
+ if( ( ret = rsa_gen_key( &rsa, havege_random, &hs, KEY_SIZE, EXPONENT ) ) != 0 )
{
printf( " failed\n ! rsa_gen_key returned %d\n\n", ret );
goto exit;
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index e33cead..3174599 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -105,7 +105,7 @@
goto exit;
}
- if( ( ret = rsa_pkcs1_sign( &rsa, havege_rand, &hs, RSA_PRIVATE, SIG_RSA_SHA1,
+ if( ( ret = rsa_pkcs1_sign( &rsa, havege_random, &hs, RSA_PRIVATE, SIG_RSA_SHA1,
20, hash, buf ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_sign returned %d\n\n", ret );
diff --git a/programs/random/gen_random.c b/programs/random/gen_random.c
index 6a7aa3a..20246fe 100644
--- a/programs/random/gen_random.c
+++ b/programs/random/gen_random.c
@@ -44,7 +44,7 @@
{
FILE *f;
time_t t;
- int i, j, k;
+ int i, k;
havege_state hs;
unsigned char buf[1024];
@@ -66,8 +66,12 @@
for( i = 0, k = 768; i < k; i++ )
{
- for( j = 0; j < (int) sizeof( buf ); j++ )
- buf[j] = havege_rand( &hs );
+ if( havege_random( &hs, buf, sizeof( buf ) ) != 0 )
+ {
+ printf( "Failed to get random from source.\n" );
+ fclose( f );
+ return( 1 );
+ }
fwrite( buf, sizeof( buf ), 1, f );
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index b57fe8d..0bfad1f 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -35,6 +35,7 @@
#include "polarssl/net.h"
#include "polarssl/ssl.h"
#include "polarssl/havege.h"
+#include "polarssl/error.h"
#define SERVER_PORT 4433
#define SERVER_NAME "localhost"
@@ -116,7 +117,7 @@
ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
- ssl_set_rng( &ssl, havege_rand, &hs );
+ ssl_set_rng( &ssl, havege_random, &hs );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd );
@@ -183,6 +184,15 @@
exit:
+#ifdef POLARSSL_ERROR_C
+ if( ret != 0 )
+ {
+ char error_buf[100];
+ error_strerror( ret, error_buf, 100 );
+ printf("Last error was: %d - %s\n\n", ret, error_buf );
+ }
+#endif
+
net_close( server_fd );
ssl_free( &ssl );
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index de0af25..3825106 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -38,6 +38,7 @@
#include "polarssl/havege.h"
#include "polarssl/certs.h"
#include "polarssl/x509.h"
+#include "polarssl/error.h"
#define DFL_SERVER_NAME "localhost"
#define DFL_SERVER_PORT 4433
@@ -328,7 +329,7 @@
ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL );
- ssl_set_rng( &ssl, havege_rand, &hs );
+ ssl_set_rng( &ssl, havege_random, &hs );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd );
@@ -452,6 +453,15 @@
exit:
+#ifdef POLARSSL_ERROR_C
+ if( ret != 0 )
+ {
+ char error_buf[100];
+ error_strerror( ret, error_buf, 100 );
+ printf("Last error was: %d - %s\n\n", ret, error_buf );
+ }
+#endif
+
if( server_fd )
net_close( server_fd );
x509_free( &clicert );
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 411eac1..85803d3 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -333,7 +333,7 @@
ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
- ssl_set_rng( &ssl, havege_rand, &hs );
+ ssl_set_rng( &ssl, havege_random, &hs );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio( &ssl, net_recv, &client_fd,
net_send, &client_fd );
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 8034a24..3f4bd75 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -581,7 +581,7 @@
ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL );
- ssl_set_rng( &ssl, havege_rand, &hs );
+ ssl_set_rng( &ssl, havege_random, &hs );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd );
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 1c6fec2..8a49140 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -42,6 +42,7 @@
#include "polarssl/x509.h"
#include "polarssl/ssl.h"
#include "polarssl/net.h"
+#include "polarssl/error.h"
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
@@ -261,7 +262,6 @@
printf( " . Setting up the RNG and SSL data...." );
fflush( stdout );
- memset( &ssl, 0, sizeof( ssl ) );
havege_init( &hs );
if( ( ret = ssl_init( &ssl ) ) != 0 )
@@ -273,7 +273,7 @@
ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
- ssl_set_rng( &ssl, havege_rand, &hs );
+ ssl_set_rng( &ssl, havege_random, &hs );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_scb( &ssl, my_get_session,
@@ -291,6 +291,15 @@
printf( " ok\n" );
reset:
+#ifdef POLARSSL_ERROR_C
+ if( ret != 0 )
+ {
+ char error_buf[100];
+ error_strerror( ret, error_buf, 100 );
+ printf("Last error was: %d - %s\n\n", ret, error_buf );
+ }
+#endif
+
if( client_fd != -1 )
net_close( client_fd );
@@ -420,12 +429,22 @@
len = ret;
printf( " %d bytes written\n\n%s\n", len, (char *) buf );
-
+
ssl_close_notify( &ssl );
+ ret = 0;
goto reset;
exit:
+#ifdef POLARSSL_ERROR_C
+ if( ret != 0 )
+ {
+ char error_buf[100];
+ error_strerror( ret, error_buf, 100 );
+ printf("Last error was: %d - %s\n\n", ret, error_buf );
+ }
+#endif
+
net_close( client_fd );
x509_free( &srvcert );
rsa_free( &rsa );
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 091a9cf..1588b47 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -47,12 +47,27 @@
#define BUFSIZE 1024
-static int myrand( void *rng_state )
+static int myrand( void *rng_state, unsigned char *output, size_t len )
{
+ size_t use_len;
+ int rnd;
+
if( rng_state != NULL )
rng_state = NULL;
- return( rand() );
+ while( len > 0 )
+ {
+ use_len = len;
+ if( use_len > sizeof(int) )
+ use_len = sizeof(int);
+
+ rnd = rand();
+ memcpy( output, &rnd, use_len );
+ output += use_len;
+ len -= use_len;
+ }
+
+ return( 0 );
}
unsigned char buf[BUFSIZE];
diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c
index 683963c..8bac4b2 100644
--- a/programs/test/ssl_test.c
+++ b/programs/test/ssl_test.c
@@ -257,7 +257,7 @@
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
- ssl_set_rng( &ssl, havege_rand, &hs );
+ ssl_set_rng( &ssl, havege_random, &hs );
ssl_set_dbg( &ssl, my_debug, opt );
ssl_set_bio( &ssl, net_recv, &client_fd,
net_send, &client_fd );
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index 1350fc1..cde96af 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -250,7 +250,7 @@
ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
- ssl_set_rng( &ssl, havege_rand, &hs );
+ ssl_set_rng( &ssl, havege_random, &hs );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd );
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index cfb0253..94d7273 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -97,12 +97,17 @@
*
* rng_state shall be NULL.
*/
-static int rnd_std_rand( void *rng_state )
+static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len )
{
+ size_t i;
+
if( rng_state != NULL )
rng_state = NULL;
- return( rand() );
+ for( i = 0; i < len; ++i )
+ output[i] = rand();
+
+ return( 0 );
}
/**
@@ -110,19 +115,20 @@
*
* rng_state shall be NULL.
*/
-static int rnd_zero_rand( void *rng_state )
+static int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len )
{
if( rng_state != NULL )
rng_state = NULL;
+ memset( output, 0, len );
+
return( 0 );
}
typedef struct
{
unsigned char *buf;
- int length;
- int per_call;
+ size_t length;
} rnd_buf_info;
/**
@@ -136,34 +142,29 @@
*
* After the buffer is empty it will return rand();
*/
-static int rnd_buffer_rand( void *rng_state )
+static int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len )
{
rnd_buf_info *info = (rnd_buf_info *) rng_state;
- int res;
+ size_t use_len;
if( rng_state == NULL )
- return( rand() );
+ return( rnd_std_rand( NULL, output, len ) );
- if( info->per_call > 4 )
- info->per_call = 4;
- else if( info->per_call < 1 )
- info->per_call = 1;
+ use_len = len;
+ if( len > info->length )
+ use_len = info->length;
- res = rand();
-
- if( info->length >= info->per_call )
+ if( use_len )
{
- memcpy( &res, info->buf, info->per_call );
- info->buf += info->per_call;
- info->length -= info->per_call;
- }
- else if( info->length > 0 )
- {
- memcpy( &res, info->buf, info->length );
- info->length = 0;
+ memcpy( output, info->buf, use_len );
+ info->buf += use_len;
+ info->length -= use_len;
}
- return( res );
+ if( len - use_len > 0 )
+ return( rnd_std_rand( NULL, output + use_len, len - use_len ) );
+
+ return( 0 );
}
/**
@@ -187,21 +188,33 @@
*
* rng_state shall be a pointer to a rnd_pseudo_info structure.
*/
-static int rnd_pseudo_rand( void *rng_state )
+static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len )
{
rnd_pseudo_info *info = (rnd_pseudo_info *) rng_state;
- uint32_t i, *k, sum = 0, delta=0x9E3779B9;
+ uint32_t i, *k, sum, delta=0x9E3779B9;
if( rng_state == NULL )
- return( rand() );
+ return( rnd_std_rand( NULL, output, len ) );
k = info->key;
- for( i = 0; i < 32; i++ )
+
+ while( len > 0 )
{
- info->v0 += (((info->v1 << 4) ^ (info->v1 >> 5)) + info->v1) ^ (sum + k[sum & 3]);
- sum += delta;
- info->v1 += (((info->v0 << 4) ^ (info->v0 >> 5)) + info->v0) ^ (sum + k[(sum>>11) & 3]);
+ size_t use_len = len;
+ sum = 0;
+
+ use_len = 1;
+
+ for( i = 0; i < 32; i++ )
+ {
+ info->v0 += (((info->v1 << 4) ^ (info->v1 >> 5)) + info->v1) ^ (sum + k[sum & 3]);
+ sum += delta;
+ info->v1 += (((info->v0 << 4) ^ (info->v0 >> 5)) + info->v0) ^ (sum + k[(sum>>11) & 3]);
+ }
+
+ memcpy( output, &info->v0, use_len );
+ len -= use_len;
}
- return( info->v0 );
+ return( 0 );
}
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index 98dea20..b7d3813 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -26,7 +26,6 @@
info.length = unhexify( rnd_buf, {seed} );
info.buf = rnd_buf;
- info.per_call = 1;
rsa_init( &ctx, RSA_PKCS_V21, {hash} );
memset( message_str, 0x00, 1000 );
@@ -114,7 +113,6 @@
info.length = unhexify( rnd_buf, {salt} );
info.buf = rnd_buf;
- info.per_call = 1;
mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
rsa_init( &ctx, RSA_PKCS_V21, {hash} );
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 0d4ba0b..15048cd 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -514,7 +514,7 @@
havege_init( &hs );
rsa_init( &ctx, 0, 0 );
- TEST_ASSERT( rsa_gen_key( &ctx, havege_rand, &hs, {nrbits}, {exponent} ) == {result} );
+ TEST_ASSERT( rsa_gen_key( &ctx, havege_random, &hs, {nrbits}, {exponent} ) == {result} );
if( {result} == 0 )
{
TEST_ASSERT( rsa_check_privkey( &ctx ) == 0 );