eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #4661 from mpg/make-blinding-mandatory

Browse source 
Make blinding mandatory
This commit is contained in:
Manuel Pégourié-Gonnard 2021-06-18 18:32:13 +02:00 committed by GitHub
commit ae35830295
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
57 changed files with 572 additions and 618 deletions
Download patch file Download diff file Expand all files Collapse all files

1
programs/aes/CMakeLists.txt
View file

@ -5,6 +5,7 @@ set(executables
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${mbedcrypto_target})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach()
install(TARGETS ${executables}

2
programs/fuzz/CMakeLists.txt
View file

@ -8,7 +8,6 @@ if(FUZZINGENGINE_LIB)
endif()
set(executables_no_common_c
fuzz_privkey
fuzz_pubkey
fuzz_x509crl
fuzz_x509crt
@ -16,6 +15,7 @@ set(executables_no_common_c
)
set(executables_with_common_c
fuzz_privkey
fuzz_client
fuzz_dtlsclient
fuzz_dtlsserver

3
programs/fuzz/fuzz_dtlsserver.c
View file

@ -55,7 +55,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
mbedtls_test_cas_pem_len ) != 0)
return 1;
if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 ) != 0)
mbedtls_test_srv_key_len, NULL, 0,
dummy_random, NULL ) != 0)
return 1;
#endif
dummy_init();

4
programs/fuzz/fuzz_privkey.c
View file

@ -3,6 +3,7 @@
#include <stdint.h>
#include <stdlib.h>
#include "mbedtls/pk.h"
#include "common.h"
//4 Kb should be enough for every bug ;-)
#define MAX_LEN 0x1000
@ -19,7 +20,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
}
mbedtls_pk_init( &pk );
ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0 );
ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0,
dummy_random, NULL );
if (ret == 0) {
#if defined(MBEDTLS_RSA_C)
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )

17
programs/fuzz/fuzz_server.c
View file

@ -56,6 +56,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
options = Data[Size - 1];
if (initialized == 0) {
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen( pers ) ) != 0 )
return 1;
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_x509_crt_init( &srvcert );
mbedtls_pk_init( &pkey );
@ -66,7 +73,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
mbedtls_test_cas_pem_len ) != 0)
return 1;
if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 ) != 0)
mbedtls_test_srv_key_len, NULL, 0,
dummy_random, &ctr_drbg ) != 0)
return 1;
#endif
@ -80,17 +88,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
}
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
mbedtls_ssl_ticket_init( &ticket_ctx );
#endif
if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen( pers ) ) != 0 )
goto exit;
if( mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_STREAM,

1
programs/hash/CMakeLists.txt
View file

@ -6,6 +6,7 @@ set(executables
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${mbedcrypto_target})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach()
install(TARGETS ${executables}

2
programs/pkey/CMakeLists.txt
View file

@ -6,6 +6,7 @@ set(executables_mbedtls
foreach(exe IN LISTS executables_mbedtls)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${mbedtls_target})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach()
set(executables_mbedcrypto
@ -32,6 +33,7 @@ set(executables_mbedcrypto
foreach(exe IN LISTS executables_mbedcrypto)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${mbedcrypto_target})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach()
install(TARGETS ${executables_mbedtls} ${executables_mbedcrypto}

35
programs/pkey/key_app.c
View file

@ -35,10 +35,13 @@
#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_BIGNUM_C) && \
defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO)
defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/error.h"
#include "mbedtls/rsa.h"
#include "mbedtls/pk.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include <string.h>
#endif
@ -63,11 +66,13 @@
"\n"
#if !defined(MBEDTLS_BIGNUM_C) || \
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO)
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
int main( void )
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO not defined.\n");
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit( 0 );
}
#else
@ -92,12 +97,19 @@ int main( int argc, char *argv[] )
int i;
char *p, *q;
const char *pers = "pkey/key_app";
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_pk_context pk;
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
/*
* Set to sane values
*/
mbedtls_entropy_init( &entropy );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_pk_init( &pk );
memset( buf, 0, sizeof(buf) );
@ -181,7 +193,16 @@ int main( int argc, char *argv[] )
mbedtls_printf( "\n . Loading the private key ..." );
fflush( stdout );
ret = mbedtls_pk_parse_keyfile( &pk, opt.filename, opt.password );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int) -ret );
goto cleanup;
}
ret = mbedtls_pk_parse_keyfile( &pk, opt.filename, opt.password,
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
@ -299,6 +320,9 @@ cleanup:
}
#endif
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_pk_free( &pk );
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
@ -311,4 +335,5 @@ cleanup:
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */

38
programs/pkey/key_app_writer.c
View file

@ -34,11 +34,16 @@
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_FS_IO)
#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) && \
defined(MBEDTLS_FS_IO) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/error.h"
#include "mbedtls/pk.h"
#include "mbedtls/error.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include <stdio.h>
#include <string.h>
#endif
@ -88,10 +93,14 @@
#if !defined(MBEDTLS_PK_PARSE_C) || \
!defined(MBEDTLS_PK_WRITE_C) || \
!defined(MBEDTLS_FS_IO)
!defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_CTR_DRBG_C)
int main( void )
{
mbedtls_printf( "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" );
mbedtls_printf( "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_FS_IO not defined.\n" );
mbedtls_exit( 0 );
}
#else
@ -201,12 +210,19 @@ int main( int argc, char *argv[] )
int i;
char *p, *q;
const char *pers = "pkey/key_app";
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_pk_context key;
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
/*
* Set to sane values
*/
mbedtls_entropy_init( &entropy );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_pk_init( &key );
memset( buf, 0, sizeof( buf ) );
@ -292,8 +308,16 @@ int main( int argc, char *argv[] )
mbedtls_printf( "\n . Loading the private key ..." );
fflush( stdout );
ret = mbedtls_pk_parse_keyfile( &key, opt.filename, NULL );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int) -ret );
goto exit;
}
ret = mbedtls_pk_parse_keyfile( &key, opt.filename, NULL,
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
@ -429,6 +453,9 @@ exit:
mbedtls_pk_free( &key );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
#if defined(_WIN32)
mbedtls_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
@ -436,4 +463,5 @@ exit:
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */
#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */

3
programs/pkey/pk_decrypt.c
View file

@ -106,7 +106,8 @@ int main( int argc, char *argv[] )
mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout );
if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "",
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", (unsigned int) -ret );
goto exit;

3
programs/pkey/pk_sign.c
View file

@ -101,7 +101,8 @@ int main( int argc, char *argv[] )
mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout );
if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "",
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! Could not parse '%s'\n", argv[1] );
goto exit;

3
programs/pkey/rsa_sign_pss.c
View file

@ -102,7 +102,8 @@ int main( int argc, char *argv[] )
mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout );
if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "",
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! Could not read key from '%s'\n", argv[1] );
mbedtls_printf( " ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret );

1
programs/random/CMakeLists.txt
View file

@ -6,6 +6,7 @@ set(executables
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${mbedcrypto_target})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach()
install(TARGETS ${executables}

39
programs/ssl/dtls_server.c
View file

@ -79,6 +79,7 @@ int main( void )
#include "mbedtls/error.h"
#include "mbedtls/debug.h"
#include "mbedtls/timing.h"
#include "test/certs.h"
#if defined(MBEDTLS_SSL_CACHE_C)
@ -138,7 +139,23 @@ int main( void )
#endif
/*
* 1. Load the certificates and private RSA key
* 1. Seed the RNG
*/
printf( " . Seeding the random number generator..." );
fflush( stdout );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
goto exit;
}
printf( " ok\n" );
/*
* 2. Load the certificates and private RSA key
*/
printf( "\n . Loading the server cert. and key..." );
fflush( stdout );
@ -165,7 +182,7 @@ int main( void )
}
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 );
mbedtls_test_srv_key_len, NULL, 0, mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
@ -175,7 +192,7 @@ int main( void )
printf( " ok\n" );
/*
* 2. Setup the "listening" UDP socket
* 3. Setup the "listening" UDP socket
*/
printf( " . Bind on udp/*/4433 ..." );
fflush( stdout );
@ -188,22 +205,6 @@ int main( void )
printf( " ok\n" );
/*
* 3. Seed the RNG
*/
printf( " . Seeding the random number generator..." );
fflush( stdout );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
goto exit;
}
printf( " ok\n" );
/*
* 4. Setup stuff
*/

4
programs/ssl/ssl_client2.c
View file

@ -1548,12 +1548,12 @@ int main( int argc, char *argv[] )
else
#if defined(MBEDTLS_FS_IO)
if( strlen( opt.key_file ) )
ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, opt.key_pwd );
ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, opt.key_pwd, rng_get, &rng );
else
#endif
ret = mbedtls_pk_parse_key( &pkey,
(const unsigned char *) mbedtls_test_cli_key,
mbedtls_test_cli_key_len, NULL, 0 );
mbedtls_test_cli_key_len, NULL, 0, rng_get, &rng );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",

3
programs/ssl/ssl_fork_server.c
View file

@ -166,7 +166,8 @@ int main( void )
}
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 );
mbedtls_test_srv_key_len, NULL, 0,
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_printf( " failed! mbedtls_pk_parse_key returned %d\n\n", ret );

9
programs/ssl/ssl_mail_client.c
View file

@ -556,12 +556,17 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_FS_IO)
if( strlen( opt.key_file ) )
ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" );
{
ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "",
mbedtls_ctr_drbg_random, &ctr_drbg );
}
else
#endif
#if defined(MBEDTLS_PEM_PARSE_C)
{
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_cli_key,
mbedtls_test_cli_key_len, NULL, 0 );
mbedtls_test_cli_key_len, NULL, 0, mbedtls_ctr_drbg_random, &ctr_drbg );
}
#else
{
mbedtls_printf("MBEDTLS_PEM_PARSE_C not defined.");

37
programs/ssl/ssl_pthread_server.c
View file

@ -360,7 +360,23 @@ int main( void )
mbedtls_entropy_init( &entropy );
/*
* 1. Load the certificates and private RSA key
* 1a. Seed the random number generator
*/
mbedtls_printf( " . Seeding the random number generator..." );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
( unsigned int ) -ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/*
* 1b. Load the certificates and private RSA key
*/
mbedtls_printf( "\n . Loading the server cert. and key..." );
fflush( stdout );
@ -388,7 +404,8 @@ int main( void )
mbedtls_pk_init( &pkey );
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 );
mbedtls_test_srv_key_len, NULL, 0,
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
@ -397,22 +414,6 @@ int main( void )
mbedtls_printf( " ok\n" );
/*
* 1b. Seed the random number generator
*/
mbedtls_printf( " . Seeding the random number generator..." );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
( unsigned int ) -ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/*
* 1c. Prepare SSL configuration
*/

39
programs/ssl/ssl_server.c
View file

@ -125,7 +125,23 @@ int main( void )
#endif
/*
* 1. Load the certificates and private RSA key
* 1. Seed the RNG
*/
mbedtls_printf( " . Seeding the random number generator..." );
fflush( stdout );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/*
* 2. Load the certificates and private RSA key
*/
mbedtls_printf( "\n . Loading the server cert. and key..." );
fflush( stdout );
@ -152,7 +168,8 @@ int main( void )
}
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 );
mbedtls_test_srv_key_len, NULL, 0,
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
@ -162,7 +179,7 @@ int main( void )
mbedtls_printf( " ok\n" );
/*
* 2. Setup the listening TCP socket
* 3. Setup the listening TCP socket
*/
mbedtls_printf( " . Bind on https://localhost:4433/ ..." );
fflush( stdout );
@ -175,22 +192,6 @@ int main( void )
mbedtls_printf( " ok\n" );
/*
* 3. Seed the RNG
*/
mbedtls_printf( " . Seeding the random number generator..." );
fflush( stdout );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/*
* 4. Setup stuff
*/

18
programs/ssl/ssl_server2.c
View file

@ -525,6 +525,8 @@ int main( void )
(out_be)[(i) + 7] = (unsigned char)( ( (in_le) >> 0 ) & 0xFF ); \
}
/* This is global so it can be easily accessed by callback functions */
rng_context_t rng;
/*
* global options
@ -727,7 +729,7 @@ sni_entry *sni_parse( char *sni_string )
mbedtls_pk_init( new->key );
if( mbedtls_x509_crt_parse_file( new->cert, crt_file ) != 0 ||
mbedtls_pk_parse_keyfile( new->key, key_file, "" ) != 0 )
mbedtls_pk_parse_keyfile( new->key, key_file, "", rng_get, &rng ) != 0 )
goto error;
if( strcmp( ca_file, "-" ) != 0 )
@ -1045,7 +1047,8 @@ static int ssl_async_start( mbedtls_ssl_context *ssl,
for( slot = 0; slot < config_data->slots_used; slot++ )
{
if( mbedtls_pk_check_pair( &cert->pk,
config_data->slots[slot].pk ) == 0 )
config_data->slots[slot].pk,
rng_get, &rng ) == 0 )
break;
}
if( slot == config_data->slots_used )
@ -1271,7 +1274,6 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
#endif
rng_context_t rng;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
#if defined(MBEDTLS_TIMING_C)
@ -2257,7 +2259,7 @@ int main( int argc, char *argv[] )
{
key_cert_init++;
if( ( ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file,
opt.key_pwd ) ) != 0 )
opt.key_pwd, rng_get, &rng ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", (unsigned int) -ret );
goto exit;
@ -2283,7 +2285,7 @@ int main( int argc, char *argv[] )
{
key_cert_init2++;
if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2,
opt.key_pwd2 ) ) != 0 )
opt.key_pwd2, rng_get, &rng ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n",
(unsigned int) -ret );
@ -2314,7 +2316,8 @@ int main( int argc, char *argv[] )
}
if( ( ret = mbedtls_pk_parse_key( &pkey,
(const unsigned char *) mbedtls_test_srv_key_rsa,
mbedtls_test_srv_key_rsa_len, NULL, 0 ) ) != 0 )
mbedtls_test_srv_key_rsa_len, NULL, 0,
rng_get, &rng ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
(unsigned int) -ret );
@ -2333,7 +2336,8 @@ int main( int argc, char *argv[] )
}
if( ( ret = mbedtls_pk_parse_key( &pkey2,
(const unsigned char *) mbedtls_test_srv_key_ec,
mbedtls_test_srv_key_ec_len, NULL, 0 ) ) != 0 )
mbedtls_test_srv_key_ec_len, NULL, 0,
rng_get, &rng ) ) != 0 )
{
mbedtls_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n",
(unsigned int) -ret );

1
programs/util/CMakeLists.txt
View file

@ -10,6 +10,7 @@ set(executables
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${libs})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach()
install(TARGETS ${executables}

1
programs/x509/CMakeLists.txt
View file

@ -13,6 +13,7 @@ set(executables
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${libs})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach()
target_link_libraries(cert_app ${mbedtls_target})

3
programs/x509/cert_req.c
View file

@ -346,7 +346,8 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Loading the private key ..." );
fflush( stdout );
ret = mbedtls_pk_parse_keyfile( &key, opt.filename, opt.password );
ret = mbedtls_pk_parse_keyfile( &key, opt.filename, opt.password,
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{

7
programs/x509/cert_write.c
View file

@ -577,7 +577,7 @@ int main( int argc, char *argv[] )
fflush( stdout );
ret = mbedtls_pk_parse_keyfile( &loaded_subject_key, opt.subject_key,
opt.subject_pwd );
opt.subject_pwd, mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_strerror( ret, buf, 1024 );
@ -593,7 +593,7 @@ int main( int argc, char *argv[] )
fflush( stdout );
ret = mbedtls_pk_parse_keyfile( &loaded_issuer_key, opt.issuer_key,
opt.issuer_pwd );
opt.issuer_pwd, mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_strerror( ret, buf, 1024 );
@ -606,7 +606,8 @@ int main( int argc, char *argv[] )
//
if( strlen( opt.issuer_crt ) )
{
if( mbedtls_pk_check_pair( &issuer_crt.MBEDTLS_PRIVATE(pk), issuer_key ) != 0 )
if( mbedtls_pk_check_pair( &issuer_crt.MBEDTLS_PRIVATE(pk), issuer_key,
mbedtls_ctr_drbg_random, &ctr_drbg ) != 0 )
{
mbedtls_printf( " failed\n ! issuer_key does not match "
"issuer certificate\n\n" );