From 508ad5ab6dcc75e100872e61b30200d2acc71afe Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Sun, 4 Dec 2011 17:09:26 +0000 Subject: [PATCH] - Moved all examples programs to use the new entropy and CTR_DRBG --- ChangeLog | 1 + programs/pkey/dh_client.c | 30 +++++++++----- programs/pkey/dh_genprime.c | 30 +++++++++----- programs/pkey/dh_server.c | 30 +++++++++----- programs/pkey/rsa_encrypt.c | 34 +++++++++++----- programs/pkey/rsa_genkey.c | 30 +++++++++----- programs/pkey/rsa_sign_pss.c | 37 ++++++++++++----- programs/random/gen_random_ctr_drbg.c | 2 +- programs/ssl/ssl_client1.c | 43 ++++++++++++++------ programs/ssl/ssl_client2.c | 42 +++++++++++++------ programs/ssl/ssl_fork_server.c | 58 +++++++++++++++++++++------ programs/ssl/ssl_mail_client.c | 42 +++++++++++++------ programs/ssl/ssl_server.c | 42 +++++++++++++------ programs/test/ssl_test.c | 31 +++++++++----- programs/x509/cert_app.c | 34 +++++++++++----- 15 files changed, 343 insertions(+), 143 deletions(-) diff --git a/ChangeLog b/ChangeLog index fc7287e0f..b08e049a0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,6 +35,7 @@ Changes * Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs + * Moved all examples programs to use the new entropy and CTR_DRBG * Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 7b13e91c0..e4307f393 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -37,23 +37,25 @@ #include "polarssl/dhm.h" #include "polarssl/rsa.h" #include "polarssl/sha1.h" -#include "polarssl/havege.h" +#include "polarssl/entropy.h" +#include "polarssl/ctr_drbg.h" #define SERVER_NAME "localhost" #define SERVER_PORT 11999 #if !defined(POLARSSL_AES_C) || !defined(POLARSSL_DHM_C) || \ - !defined(POLARSSL_HAVEGE_C) || !defined(POLARSSL_NET_C) || \ + !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_NET_C) || \ !defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA1_C) || \ - !defined(POLARSSL_FS_IO) + !defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C) int main( int argc, char *argv[] ) { ((void) argc); ((void) argv); - printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_HAVEGE_C " + printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_ENTROPY_C " "and/or POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " - "POLARSSL_SHA1_C and/or POLARSSL_FS_IO not defined.\n"); + "POLARSSL_SHA1_C and/or POLARSSL_FS_IO and/or " + "POLARSSL_CTR_DRBG_C not defined.\n"); return( 0 ); } #else @@ -68,8 +70,10 @@ int main( int argc, char *argv[] ) unsigned char *p, *end; unsigned char buf[1024]; unsigned char hash[20]; + char *pers = "dh_client"; - havege_state hs; + entropy_context entropy; + ctr_drbg_context ctr_drbg; rsa_context rsa; dhm_context dhm; aes_context aes; @@ -86,7 +90,13 @@ int main( int argc, char *argv[] ) printf( "\n . Seeding the random number generator" ); fflush( stdout ); - havege_init( &hs ); + entropy_init( &entropy ); + if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, + (unsigned char *) pers, strlen( pers ) ) ) != 0 ) + { + printf( " failed\n ! ctr_drbg_init returned %d\n", ret ); + goto exit; + } /* * 2. Read the server's public RSA key @@ -207,7 +217,7 @@ int main( int argc, char *argv[] ) n = dhm.len; if( ( ret = dhm_make_public( &dhm, 256, buf, n, - havege_random, &hs ) ) != 0 ) + ctr_drbg_random, &ctr_drbg ) ) != 0 ) { printf( " failed\n ! dhm_make_public returned %d\n\n", ret ); goto exit; @@ -273,6 +283,6 @@ exit: return( ret ); } -#endif /* POLARSSL_AES_C && POLARSSL_DHM_C && POLARSSL_HAVEGE_C && +#endif /* POLARSSL_AES_C && POLARSSL_DHM_C && POLARSSL_ENTROPY_C && POLARSSL_NET_C && POLARSSL_RSA_C && POLARSSL_SHA1_C && - POLARSSL_FS_IO */ + POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */ diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index ae31a1ef6..fc37f5c87 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -32,7 +32,8 @@ #include "polarssl/config.h" #include "polarssl/bignum.h" -#include "polarssl/havege.h" +#include "polarssl/entropy.h" +#include "polarssl/ctr_drbg.h" /* * Note: G = 4 is always a quadratic residue mod P, @@ -41,15 +42,15 @@ #define DH_P_SIZE 1024 #define GENERATOR "4" -#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_HAVEGE_C) || \ - !defined(POLARSSL_FS_IO) +#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ + !defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C) int main( int argc, char *argv[] ) { ((void) argc); ((void) argv); - printf("POLARSSL_BIGNUM_C and/or POLARSSL_HAVEGE_C and/or " - "POLARSSL_FS_IO not defined.\n"); + printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " + "POLARSSL_FS_IO and/or POLARSSL_CTR_DRBG_C not defined.\n"); return( 0 ); } #else @@ -59,7 +60,9 @@ int main( int argc, char *argv[] ) #if defined(POLARSSL_GENPRIME) mpi G, P, Q; - havege_state hs; + entropy_context entropy; + ctr_drbg_context ctr_drbg; + char *pers = "dh_genprime"; FILE *fout; ((void) argc); @@ -71,7 +74,13 @@ int main( int argc, char *argv[] ) printf( "\n . Seeding the random number generator..." ); fflush( stdout ); - havege_init( &hs ); + entropy_init( &entropy ); + if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, + (unsigned char *) pers, strlen( pers ) ) ) != 0 ) + { + printf( " failed\n ! ctr_drbg_init returned %d\n", ret ); + goto exit; + } printf( " ok\n . Generating the modulus, please wait..." ); fflush( stdout ); @@ -80,7 +89,7 @@ int main( int argc, char *argv[] ) * This can take a long time... */ if( ( ret = mpi_gen_prime( &P, DH_P_SIZE, 1, - havege_random, &hs ) ) != 0 ) + ctr_drbg_random, &ctr_drbg ) ) != 0 ) { printf( " failed\n ! mpi_gen_prime returned %d\n\n", ret ); goto exit; @@ -101,7 +110,7 @@ int main( int argc, char *argv[] ) goto exit; } - if( ( ret = mpi_is_prime( &Q, havege_random, &hs ) ) != 0 ) + if( ( ret = mpi_is_prime( &Q, ctr_drbg_random, &ctr_drbg ) ) != 0 ) { printf( " failed\n ! mpi_is_prime returned %d\n\n", ret ); goto exit; @@ -141,4 +150,5 @@ exit: return( ret ); } -#endif /* POLARSSL_BIGNUM_C && POLARSSL_HAVEGE_C && POLARSSL_FS_IO */ +#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_FS_IO && + POLARSSL_CTR_DRBG_C */ diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 70af54c1d..d7133f7c7 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -37,23 +37,25 @@ #include "polarssl/dhm.h" #include "polarssl/rsa.h" #include "polarssl/sha1.h" -#include "polarssl/havege.h" +#include "polarssl/entropy.h" +#include "polarssl/ctr_drbg.h" #define SERVER_PORT 11999 #define PLAINTEXT "==Hello there!==" #if !defined(POLARSSL_AES_C) || !defined(POLARSSL_DHM_C) || \ - !defined(POLARSSL_HAVEGE_C) || !defined(POLARSSL_NET_C) || \ + !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_NET_C) || \ !defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA1_C) || \ - !defined(POLARSSL_FS_IO) + !defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C) int main( int argc, char *argv[] ) { ((void) argc); ((void) argv); - printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_HAVEGE_C " + printf("POLARSSL_AES_C and/or POLARSSL_DHM_C and/or POLARSSL_ENTROPY_C " "and/or POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " - "POLARSSL_SHA1_C and/or POLARSSL_FS_IO not defined.\n"); + "POLARSSL_SHA1_C and/or POLARSSL_FS_IO and/or " + "POLARSSL_CTR_DBRG_C not defined.\n"); return( 0 ); } #else @@ -69,8 +71,10 @@ int main( int argc, char *argv[] ) unsigned char buf[1024]; unsigned char hash[20]; unsigned char buf2[2]; + char *pers = "dh_server"; - havege_state hs; + entropy_context entropy; + ctr_drbg_context ctr_drbg; rsa_context rsa; dhm_context dhm; aes_context aes; @@ -87,7 +91,13 @@ int main( int argc, char *argv[] ) printf( "\n . Seeding the random number generator" ); fflush( stdout ); - havege_init( &hs ); + entropy_init( &entropy ); + if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, + (unsigned char *) pers, strlen( pers ) ) ) != 0 ) + { + printf( " failed\n ! ctr_drbg_init returned %d\n", ret ); + goto exit; + } /* * 2a. Read the server's private RSA key @@ -172,7 +182,7 @@ int main( int argc, char *argv[] ) memset( buf, 0, sizeof( buf ) ); if( ( ret = dhm_make_params( &dhm, 256, buf, &n, - havege_random, &hs ) ) != 0 ) + ctr_drbg_random, &ctr_drbg ) ) != 0 ) { printf( " failed\n ! dhm_make_params returned %d\n\n", ret ); goto exit; @@ -276,6 +286,6 @@ exit: return( ret ); } -#endif /* POLARSSL_AES_C && POLARSSL_DHM_C && POLARSSL_HAVEGE_C && +#endif /* POLARSSL_AES_C && POLARSSL_DHM_C && POLARSSL_ENTROPY_C && POLARSSL_NET_C && POLARSSL_RSA_C && POLARSSL_SHA1_C && - POLARSSL_FS_IO */ + POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */ diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 63e2f13bc..aa6ca0e27 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -33,17 +33,20 @@ #include "polarssl/config.h" #include "polarssl/rsa.h" -#include "polarssl/havege.h" +#include "polarssl/entropy.h" +#include "polarssl/ctr_drbg.h" #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \ - !defined(POLARSSL_HAVEGE_C) || !defined(POLARSSL_FS_IO) + !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_FS_IO) || \ + !defined(POLARSSL_CTR_DRBG_C) int main( int argc, char *argv[] ) { ((void) argc); ((void) argv); printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or " - "POLARSSL_HAVEGE_C and/or POLARSSL_FS_IO not defined.\n"); + "POLARSSL_ENTROPY_C and/or POLARSSL_FS_IO and/or " + "POLARSSL_CTR_DRBG_C not defined.\n"); return( 0 ); } #else @@ -53,11 +56,11 @@ int main( int argc, char *argv[] ) int ret; size_t i; rsa_context rsa; - havege_state hs; + entropy_context entropy; + ctr_drbg_context ctr_drbg; unsigned char input[1024]; unsigned char buf[512]; - - havege_init( &hs ); + char *pers = "rsa_encrypt"; ret = 1; @@ -72,6 +75,17 @@ int main( int argc, char *argv[] ) goto exit; } + printf( "\n . Seeding the random number generator..." ); + fflush( stdout ); + + entropy_init( &entropy ); + if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, + (unsigned char *) pers, strlen( pers ) ) ) != 0 ) + { + printf( " failed\n ! ctr_drbg_init returned %d\n", ret ); + goto exit; + } + printf( "\n . Reading public key from rsa_pub.txt" ); fflush( stdout ); @@ -110,7 +124,9 @@ int main( int argc, char *argv[] ) printf( "\n . Generating the RSA encrypted value" ); fflush( stdout ); - if( ( ret = rsa_pkcs1_encrypt( &rsa, havege_random, &hs, RSA_PUBLIC, strlen( argv[1] ), input, buf ) ) != 0 ) + if( ( ret = rsa_pkcs1_encrypt( &rsa, ctr_drbg_random, &ctr_drbg, + RSA_PUBLIC, strlen( argv[1] ), + input, buf ) ) != 0 ) { printf( " failed\n ! rsa_pkcs1_encrypt returned %d\n\n", ret ); goto exit; @@ -143,5 +159,5 @@ exit: return( ret ); } -#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_HAVEGE_C && - POLARSSL_FS_IO */ +#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && POLARSSL_ENTROPY_C && + POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */ diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index e2d06fa54..424097e03 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -31,7 +31,8 @@ #include "polarssl/config.h" -#include "polarssl/havege.h" +#include "polarssl/entropy.h" +#include "polarssl/ctr_drbg.h" #include "polarssl/bignum.h" #include "polarssl/x509.h" #include "polarssl/rsa.h" @@ -39,17 +40,17 @@ #define KEY_SIZE 1024 #define EXPONENT 65537 -#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_HAVEGE_C) || \ +#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ !defined(POLARSSL_RSA_C) || !defined(POLARSSL_GENPRIME) || \ - !defined(POLARSSL_FS_IO) + !defined(POLARSSL_FS_IO) || !defined(POLARSSL_CTR_DRBG_C) int main( int argc, char *argv[] ) { ((void) argc); ((void) argv); - printf("POLARSSL_BIGNUM_C and/or POLARSSL_HAVEGE_C and/or " + printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " "POLARSSL_RSA_C and/or POLARSSL_GENPRIME and/or " - "POLARSSL_FS_IO not defined.\n"); + "POLARSSL_FS_IO and/or POLARSSL_CTR_DRBG_C not defined.\n"); return( 0 ); } #else @@ -57,9 +58,11 @@ int main( int argc, char *argv[] ) { int ret; rsa_context rsa; - havege_state hs; + entropy_context entropy; + ctr_drbg_context ctr_drbg; FILE *fpub = NULL; FILE *fpriv = NULL; + char *pers = "rsa_genkey"; ((void) argc); ((void) argv); @@ -67,14 +70,21 @@ int main( int argc, char *argv[] ) printf( "\n . Seeding the random number generator..." ); fflush( stdout ); - havege_init( &hs ); + entropy_init( &entropy ); + if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, + (unsigned char *) pers, strlen( pers ) ) ) != 0 ) + { + printf( " failed\n ! ctr_drbg_init returned %d\n", ret ); + goto exit; + } printf( " ok\n . Generating the RSA key [ %d-bit ]...", KEY_SIZE ); fflush( stdout ); rsa_init( &rsa, RSA_PKCS_V15, 0 ); - if( ( ret = rsa_gen_key( &rsa, havege_random, &hs, KEY_SIZE, EXPONENT ) ) != 0 ) + if( ( ret = rsa_gen_key( &rsa, ctr_drbg_random, &ctr_drbg, KEY_SIZE, + EXPONENT ) ) != 0 ) { printf( " failed\n ! rsa_gen_key returned %d\n\n", ret ); goto exit; @@ -151,5 +161,5 @@ exit: return( ret ); } -#endif /* POLARSSL_BIGNUM_C && POLARSSL_HAVEGE_C && POLARSSL_RSA_C && - POLARSSL_GENPRIME && POLARSSL_FS_IO */ +#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_RSA_C && + POLARSSL_GENPRIME && POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */ diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 3174599a8..c00c8d839 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -32,7 +32,8 @@ #include "polarssl/config.h" -#include "polarssl/havege.h" +#include "polarssl/entropy.h" +#include "polarssl/ctr_drbg.h" #include "polarssl/md.h" #include "polarssl/rsa.h" #include "polarssl/sha1.h" @@ -42,17 +43,19 @@ #define snprintf _snprintf #endif -#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_HAVEGE_C) || \ +#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ !defined(POLARSSL_RSA_C) || !defined(POLARSSL_SHA1_C) || \ - !defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_FS_IO) + !defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_FS_IO) || \ + !defined(POLARSSL_CTR_DRBG_C) int main( int argc, char *argv[] ) { ((void) argc); ((void) argv); - printf("POLARSSL_BIGNUM_C and/or POLARSSL_HAVEGE_C and/or " + printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " "POLARSSL_RSA_C and/or POLARSSL_SHA1_C and/or " - "POLARSSL_X509_PARSE_C and/or POLARSSL_FS_IO not defined.\n"); + "POLARSSL_X509_PARSE_C and/or POLARSSL_FS_IO and/or " + "POLARSSL_CTR_DRBG_C not defined.\n"); return( 0 ); } #else @@ -61,10 +64,12 @@ int main( int argc, char *argv[] ) FILE *f; int ret; rsa_context rsa; - havege_state hs; + entropy_context entropy; + ctr_drbg_context ctr_drbg; unsigned char hash[20]; unsigned char buf[512]; char filename[512]; + char *pers = "rsa_sign_pss"; ret = 1; @@ -79,10 +84,20 @@ int main( int argc, char *argv[] ) goto exit; } + printf( "\n . Seeding the random number generator..." ); + fflush( stdout ); + + entropy_init( &entropy ); + if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, + (unsigned char *) pers, strlen( pers ) ) ) != 0 ) + { + printf( " failed\n ! ctr_drbg_init returned %d\n", ret ); + goto exit; + } + printf( "\n . Reading private key from '%s'", argv[1] ); fflush( stdout ); - havege_init( &hs ); rsa_init( &rsa, RSA_PKCS_V21, POLARSSL_MD_SHA1 ); if( ( ret = x509parse_keyfile( &rsa, argv[1], "" ) ) != 0 ) @@ -105,7 +120,8 @@ int main( int argc, char *argv[] ) goto exit; } - if( ( ret = rsa_pkcs1_sign( &rsa, havege_random, &hs, RSA_PRIVATE, SIG_RSA_SHA1, + if( ( ret = rsa_pkcs1_sign( &rsa, ctr_drbg_random, &ctr_drbg, + RSA_PRIVATE, SIG_RSA_SHA1, 20, hash, buf ) ) != 0 ) { printf( " failed\n ! rsa_pkcs1_sign returned %d\n\n", ret ); @@ -143,5 +159,6 @@ exit: return( ret ); } -#endif /* POLARSSL_BIGNUM_C && POLARSSL_HAVEGE_C && POLARSSL_RSA_C && - POLARSSL_SHA1_C && POLARSSL_X509_PARSE_C && POLARSSL_FS_IO */ +#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_RSA_C && + POLARSSL_SHA1_C && POLARSSL_X509_PARSE_C && POLARSSL_FS_IO && + POLARSSL_CTR_DRBG_C */ diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c index e926ad089..5eed520fb 100644 --- a/programs/random/gen_random_ctr_drbg.c +++ b/programs/random/gen_random_ctr_drbg.c @@ -88,4 +88,4 @@ cleanup: return( ret ); } -#endif /* POLARSSL_HAVEGE_C && POLARSSL_ENTROPY_C */ +#endif /* POLARSSL_CTR_DRBG_C && POLARSSL_ENTROPY_C */ diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 0bfad1ffc..9bd578d15 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -34,7 +34,8 @@ #include "polarssl/net.h" #include "polarssl/ssl.h" -#include "polarssl/havege.h" +#include "polarssl/entropy.h" +#include "polarssl/ctr_drbg.h" #include "polarssl/error.h" #define SERVER_PORT 4433 @@ -52,17 +53,19 @@ void my_debug( void *ctx, int level, const char *str ) } } -#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_HAVEGE_C) || \ +#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \ - !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) + !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \ + !defined(POLARSSL_CTR_DRBG_C) int main( int argc, char *argv[] ) { ((void) argc); ((void) argv); - printf("POLARSSL_BIGNUM_C and/or POLARSSL_HAVEGE_C and/or " + printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or " - "POLARSSL_NET_C and/or POLARSSL_RSA_C not defined.\n"); + "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " + "POLARSSL_CTR_DRBG_C not defined.\n"); return( 0 ); } #else @@ -70,7 +73,10 @@ int main( int argc, char *argv[] ) { int ret, len, server_fd; unsigned char buf[1024]; - havege_state hs; + char *pers = "ssl_client1"; + + entropy_context entropy; + ctr_drbg_context ctr_drbg; ssl_context ssl; ssl_session ssn; @@ -80,15 +86,27 @@ int main( int argc, char *argv[] ) /* * 0. Initialize the RNG and the session data */ - havege_init( &hs ); memset( &ssn, 0, sizeof( ssl_session ) ); memset( &ssl, 0, sizeof( ssl_context ) ); + printf( "\n . Seeding the random number generator..." ); + fflush( stdout ); + + entropy_init( &entropy ); + if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, + (unsigned char *) pers, strlen( pers ) ) ) != 0 ) + { + printf( " failed\n ! ctr_drbg_init returned %d\n", ret ); + goto exit; + } + + printf( " ok\n" ); + /* * 1. Start the connection */ - printf( "\n . Connecting to tcp/%s/%4d...", SERVER_NAME, - SERVER_PORT ); + printf( " . Connecting to tcp/%s/%4d...", SERVER_NAME, + SERVER_PORT ); fflush( stdout ); if( ( ret = net_connect( &server_fd, SERVER_NAME, @@ -117,7 +135,7 @@ int main( int argc, char *argv[] ) ssl_set_endpoint( &ssl, SSL_IS_CLIENT ); ssl_set_authmode( &ssl, SSL_VERIFY_NONE ); - ssl_set_rng( &ssl, havege_random, &hs ); + ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_debug, stdout ); ssl_set_bio( &ssl, net_recv, &server_fd, net_send, &server_fd ); @@ -205,5 +223,6 @@ exit: return( ret ); } -#endif /* POLARSSL_BIGNUM_C && POLARSSL_HAVEGE_C && POLARSSL_SSL_TLS_C && - POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C */ +#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C && + POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C && + POLARSSL_CTR_DRBG_C */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index fea43ee34..39d69aceb 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -35,7 +35,8 @@ #include "polarssl/net.h" #include "polarssl/ssl.h" -#include "polarssl/havege.h" +#include "polarssl/entropy.h" +#include "polarssl/ctr_drbg.h" #include "polarssl/certs.h" #include "polarssl/x509.h" #include "polarssl/error.h" @@ -96,17 +97,19 @@ void my_debug( void *ctx, int level, const char *str ) " force_ciphersuite= default: all enabled\n"\ " acceptable ciphersuite names:\n" -#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_HAVEGE_C) || \ +#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \ - !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) + !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \ + !defined(POLARSSL_CTR_DRBG_C) int main( int argc, char *argv[] ) { ((void) argc); ((void) argv); - printf("POLARSSL_BIGNUM_C and/or POLARSSL_HAVEGE_C and/or " + printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or " - "POLARSSL_NET_C and/or POLARSSL_RSA_C not defined.\n"); + "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " + "POLARSSL_CTR_DRBG_C not defined.\n"); return( 0 ); } #else @@ -114,7 +117,10 @@ int main( int argc, char *argv[] ) { int ret = 0, len, server_fd; unsigned char buf[1024]; - havege_state hs; + char *pers = "ssl_client2"; + + entropy_context entropy; + ctr_drbg_context ctr_drbg; ssl_context ssl; ssl_session ssn; x509_cert cacert; @@ -214,12 +220,23 @@ int main( int argc, char *argv[] ) /* * 0. Initialize the RNG and the session data */ - havege_init( &hs ); + printf( "\n . Seeding the random number generator..." ); + fflush( stdout ); + + entropy_init( &entropy ); + if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, + (unsigned char *) pers, strlen( pers ) ) ) != 0 ) + { + printf( " failed\n ! ctr_drbg_init returned %d\n", ret ); + goto exit; + } + + printf( " ok\n" ); /* * 1.1. Load the trusted CA */ - printf( "\n . Loading the CA root certificate ..." ); + printf( " . Loading the CA root certificate ..." ); fflush( stdout ); #if defined(POLARSSL_FS_IO) @@ -316,8 +333,6 @@ int main( int argc, char *argv[] ) printf( " . Setting up the SSL/TLS structure..." ); fflush( stdout ); - havege_init( &hs ); - if( ( ret = ssl_init( &ssl ) ) != 0 ) { printf( " failed\n ! ssl_init returned %d\n\n", ret ); @@ -329,7 +344,7 @@ int main( int argc, char *argv[] ) ssl_set_endpoint( &ssl, SSL_IS_CLIENT ); ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL ); - ssl_set_rng( &ssl, havege_random, &hs ); + ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_debug, stdout ); ssl_set_bio( &ssl, net_recv, &server_fd, net_send, &server_fd ); @@ -478,5 +493,6 @@ exit: return( ret ); } -#endif /* POLARSSL_BIGNUM_C && POLARSSL_HAVEGE_C && POLARSSL_SSL_TLS_C && - POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C */ +#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C && + POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C && + POLARSSL_CTR_DRBG_C */ diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 0f0cfc35e..d24ae00f7 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -39,7 +39,8 @@ #include "polarssl/config.h" -#include "polarssl/havege.h" +#include "polarssl/entropy.h" +#include "polarssl/ctr_drbg.h" #include "polarssl/certs.h" #include "polarssl/x509.h" #include "polarssl/ssl.h" @@ -52,17 +53,18 @@ "

Successful connection using: %s

\r\n" #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \ - !defined(POLARSSL_HAVEGE_C) || !defined(POLARSSL_SSL_TLS_C) || \ + !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \ !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \ - !defined(POLARSSL_RSA_C) + !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) int main( int argc, char *argv[] ) { ((void) argc); ((void) argv); - printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_HAVEGE_C " + printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C " "and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or " - "POLARSSL_NET_C and/or POLARSSL_RSA_C not defined.\n"); + "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " + "POLARSSL_CTR_DRBG_C not defined.\n"); return( 0 ); } #elif defined(_WIN32) @@ -204,8 +206,10 @@ int main( int argc, char *argv[] ) int listen_fd; int client_fd; unsigned char buf[1024]; + char *pers = "ssl_fork_server"; - havege_state hs; + entropy_context entropy; + ctr_drbg_context ctr_drbg; ssl_context ssl; ssl_session ssn; x509_cert srvcert; @@ -216,10 +220,26 @@ int main( int argc, char *argv[] ) signal( SIGCHLD, SIG_IGN ); + /* + * 0. Initial seeding of the RNG + */ + printf( "\n . Initial seeding of the random generator..." ); + fflush( stdout ); + + entropy_init( &entropy ); + if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, + (unsigned char *) pers, strlen( pers ) ) ) != 0 ) + { + printf( " failed\n ! ctr_drbg_init returned %d\n", ret ); + goto exit; + } + + printf( " ok\n" ); + /* * 1. Load the certificates and private RSA key */ - printf( "\n . Loading the server cert. and key..." ); + printf( " . Loading the server cert. and key..." ); fflush( stdout ); memset( &srvcert, 0, sizeof( x509_cert ) ); @@ -308,6 +328,13 @@ int main( int argc, char *argv[] ) if( pid != 0 ) { + if( ( ret = ctr_drbg_reseed( &ctr_drbg, + (unsigned char* ) "parent", 6 ) ) != 0 ) + { + printf( " failed\n ! ctr_drbg_reseed returned %d\n", ret ); + goto exit; + } + close( client_fd ); continue; } @@ -317,11 +344,16 @@ int main( int argc, char *argv[] ) /* * 4. Setup stuff */ - printf( " . Setting up the RNG and SSL data...." ); + printf( " . Setting up the SSL data...." ); fflush( stdout ); - havege_init( &hs ); - + if( ( ret = ctr_drbg_reseed( &ctr_drbg, + (unsigned char *) "child", 5 ) ) != 0 ) + { + printf( " failed\n ! ctr_drbg_reseed returned %d\n", ret ); + goto exit; + } + if( ( ret = ssl_init( &ssl ) ) != 0 ) { printf( " failed\n ! ssl_init returned %d\n\n", ret ); @@ -333,7 +365,7 @@ int main( int argc, char *argv[] ) ssl_set_endpoint( &ssl, SSL_IS_SERVER ); ssl_set_authmode( &ssl, SSL_VERIFY_NONE ); - ssl_set_rng( &ssl, havege_random, &hs ); + ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_debug, stdout ); ssl_set_bio( &ssl, net_recv, &client_fd, net_send, &client_fd ); @@ -466,6 +498,6 @@ exit: return( ret ); } -#endif /* POLARSSL_BIGNUM_C && POLARSSL_CERTS_C && POLARSSL_HAVEGE_C && +#endif /* POLARSSL_BIGNUM_C && POLARSSL_CERTS_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C && POLARSSL_SSL_SRV_C && POLARSSL_NET_C && - POLARSSL_RSA_C */ + POLARSSL_RSA_C && POLARSSL_CTR_DRBG_C */ diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 08ecd1a5d..eb223b0b3 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -50,7 +50,8 @@ #include "polarssl/error.h" #include "polarssl/net.h" #include "polarssl/ssl.h" -#include "polarssl/havege.h" +#include "polarssl/entropy.h" +#include "polarssl/ctr_drbg.h" #include "polarssl/certs.h" #include "polarssl/x509.h" @@ -100,17 +101,19 @@ void my_debug( void *ctx, int level, const char *str ) } } -#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_HAVEGE_C) || \ +#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \ - !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) + !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \ + !defined(POLARSSL_CTR_DRBG_C) int main( int argc, char *argv[] ) { ((void) argc); ((void) argv); - printf("POLARSSL_BIGNUM_C and/or POLARSSL_HAVEGE_C and/or " + printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or " - "POLARSSL_NET_C and/or POLARSSL_RSA_C not defined.\n"); + "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " + "POLARSSL_CTR_DRBG_C not defined.\n"); return( 0 ); } #else @@ -340,7 +343,10 @@ int main( int argc, char *argv[] ) unsigned char base[1024]; #endif char hostname[32]; - havege_state hs; + char *pers = "ssl_mail_client"; + + entropy_context entropy; + ctr_drbg_context ctr_drbg; ssl_context ssl; ssl_session ssn; x509_cert cacert; @@ -466,12 +472,23 @@ int main( int argc, char *argv[] ) /* * 0. Initialize the RNG and the session data */ - havege_init( &hs ); + printf( "\n . Seeding the random number generator..." ); + fflush( stdout ); + + entropy_init( &entropy ); + if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, + (unsigned char *) pers, strlen( pers ) ) ) != 0 ) + { + printf( " failed\n ! ctr_drbg_init returned %d\n", ret ); + goto exit; + } + + printf( " ok\n" ); /* * 1.1. Load the trusted CA */ - printf( "\n . Loading the CA root certificate ..." ); + printf( " . Loading the CA root certificate ..." ); fflush( stdout ); #if defined(POLARSSL_FS_IO) @@ -568,8 +585,6 @@ int main( int argc, char *argv[] ) printf( " . Setting up the SSL/TLS structure..." ); fflush( stdout ); - havege_init( &hs ); - if( ( ret = ssl_init( &ssl ) ) != 0 ) { printf( " failed\n ! ssl_init returned %d\n\n", ret ); @@ -581,7 +596,7 @@ int main( int argc, char *argv[] ) ssl_set_endpoint( &ssl, SSL_IS_CLIENT ); ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL ); - ssl_set_rng( &ssl, havege_random, &hs ); + ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_debug, stdout ); ssl_set_bio( &ssl, net_recv, &server_fd, net_send, &server_fd ); @@ -799,5 +814,6 @@ exit: return( ret ); } -#endif /* POLARSSL_BIGNUM_C && POLARSSL_HAVEGE_C && POLARSSL_SSL_TLS_C && - POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C */ +#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C && + POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C ** + POLARSSL_CTR_DRBG_C */ diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index a673f52dc..f43e8b4c5 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -37,7 +37,8 @@ #include "polarssl/config.h" -#include "polarssl/havege.h" +#include "polarssl/entropy.h" +#include "polarssl/ctr_drbg.h" #include "polarssl/certs.h" #include "polarssl/x509.h" #include "polarssl/ssl.h" @@ -172,17 +173,18 @@ static int my_set_session( ssl_context *ssl ) } #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \ - !defined(POLARSSL_HAVEGE_C) || !defined(POLARSSL_SSL_TLS_C) || \ + !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \ !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \ - !defined(POLARSSL_RSA_C) + !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) int main( int argc, char *argv[] ) { ((void) argc); ((void) argv); - printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_HAVEGE_C " + printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C " "and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or " - "POLARSSL_NET_C and/or POLARSSL_RSA_C not defined.\n"); + "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " + "POLARSSL_CTR_DRBG_C not defined.\n"); return( 0 ); } #else @@ -192,8 +194,10 @@ int main( int argc, char *argv[] ) int listen_fd; int client_fd = -1; unsigned char buf[1024]; + char *pers = "ssl_server"; - havege_state hs; + entropy_context entropy; + ctr_drbg_context ctr_drbg; ssl_context ssl; ssl_session ssn; x509_cert srvcert; @@ -257,12 +261,26 @@ int main( int argc, char *argv[] ) printf( " ok\n" ); /* - * 4. Setup stuff + * 3. Seed the RNG */ - printf( " . Setting up the RNG and SSL data...." ); + printf( " . Seeding the random number generator..." ); fflush( stdout ); - havege_init( &hs ); + entropy_init( &entropy ); + if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, + (unsigned char *) pers, strlen( pers ) ) ) != 0 ) + { + printf( " failed\n ! ctr_drbg_init returned %d\n", ret ); + goto exit; + } + + printf( " ok\n" ); + + /* + * 4. Setup stuff + */ + printf( " . Setting up the SSL data...." ); + fflush( stdout ); if( ( ret = ssl_init( &ssl ) ) != 0 ) { @@ -273,7 +291,7 @@ int main( int argc, char *argv[] ) ssl_set_endpoint( &ssl, SSL_IS_SERVER ); ssl_set_authmode( &ssl, SSL_VERIFY_NONE ); - ssl_set_rng( &ssl, havege_random, &hs ); + ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_debug, stdout ); ssl_set_scb( &ssl, my_get_session, @@ -468,6 +486,6 @@ exit: return( ret ); } -#endif /* POLARSSL_BIGNUM_C && POLARSSL_CERTS_C && POLARSSL_HAVEGE_C && +#endif /* POLARSSL_BIGNUM_C && POLARSSL_CERTS_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C && POLARSSL_SSL_SRV_C && POLARSSL_NET_C && - POLARSSL_RSA_C */ + POLARSSL_RSA_C && POLARSSL_CTR_DRBG_C */ diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c index b9c957250..333754075 100644 --- a/programs/test/ssl_test.c +++ b/programs/test/ssl_test.c @@ -35,7 +35,8 @@ #include "polarssl/net.h" #include "polarssl/ssl.h" -#include "polarssl/havege.h" +#include "polarssl/entropy.h" +#include "polarssl/ctr_drbg.h" #include "polarssl/timing.h" #include "polarssl/certs.h" @@ -123,19 +124,19 @@ void my_debug( void *ctx, int level, const char *str ) fprintf( stderr, "%s", str ); } -#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_HAVEGE_C) || \ +#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_SRV_C) || \ !defined(POLARSSL_SSL_CLI_C) || !defined(POLARSSL_NET_C) || \ - !defined(POLARSSL_RSA_C) + !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) int main( int argc, char *argv[] ) { ((void) argc); ((void) argv); - printf("POLARSSL_BIGNUM_C and/or POLARSSL_HAVEGE_C and/or " + printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or " "POLARSSL_SSL_CLI_C and/or POLARSSL_NET_C and/or " - "POLARSSL_RSA_C not defined.\n"); + "POLARSSL_RSA_C and/or POLARSSL_CTR_DRBG_C not defined.\n"); return( 0 ); } #else @@ -160,8 +161,11 @@ static int ssl_test( struct options *opt ) unsigned char *read_buf = NULL; unsigned char *write_buf = NULL; + char *pers = "ssl_test"; + struct hr_time t; - havege_state hs; + entropy_context entropy; + ctr_drbg_context ctr_drbg; ssl_context ssl; ssl_session ssn; x509_cert srvcert; @@ -169,7 +173,14 @@ static int ssl_test( struct options *opt ) ret = 1; - havege_init( &hs ); + entropy_init( &entropy ); + if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, + (unsigned char *) pers, strlen( pers ) ) ) != 0 ) + { + printf( " ! ctr_drbg_init returned %d\n", ret ); + goto exit; + } + get_timer( &t, 1 ); memset( read_state, 0, sizeof( read_state ) ); @@ -257,7 +268,7 @@ static int ssl_test( struct options *opt ) ssl_set_authmode( &ssl, SSL_VERIFY_NONE ); - ssl_set_rng( &ssl, havege_random, &hs ); + ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_debug, opt ); ssl_set_bio( &ssl, net_recv, &client_fd, net_send, &client_fd ); @@ -594,6 +605,6 @@ exit: return( ret ); } -#endif /* POLARSSL_BIGNUM_C && POLARSSL_HAVEGE_C && POLARSSL_SSL_TLS_C && +#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C && POLARSSL_SSL_SRV_C && POLARSSL_SSL_CLI_C && POLARSSL_NET_C && - POLARSSL_RSA_C */ + POLARSSL_RSA_C && POLARSSL_CTR_DRBG_C */ diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 24b97270e..a041a47ef 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -33,7 +33,8 @@ #include "polarssl/config.h" -#include "polarssl/havege.h" +#include "polarssl/entropy.h" +#include "polarssl/ctr_drbg.h" #include "polarssl/net.h" #include "polarssl/ssl.h" #include "polarssl/x509.h" @@ -82,19 +83,21 @@ void my_debug( void *ctx, int level, const char *str ) " permissive=%%d default: 0 (disabled)\n" \ "\n" -#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_HAVEGE_C) || \ +#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \ !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \ - !defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_FS_IO) + !defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_FS_IO) || \ + !defined(POLARSSL_CTR_DRBG_C) int main( int argc, char *argv[] ) { ((void) argc); ((void) argv); - printf("POLARSSL_BIGNUM_C and/or POLARSSL_HAVEGE_C and/or " + printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or " "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " - "POLARSSL_X509_PARSE_C and/or POLARSSL_FS_IO not defined.\n"); + "POLARSSL_X509_PARSE_C and/or POLARSSL_FS_IO and/or " + "POLARSSL_CTR_DRBG_C not defined.\n"); return( 0 ); } #else @@ -102,13 +105,15 @@ int main( int argc, char *argv[] ) { int ret = 0, server_fd; unsigned char buf[1024]; - havege_state hs; + entropy_context entropy; + ctr_drbg_context ctr_drbg; ssl_context ssl; ssl_session ssn; x509_cert clicert; rsa_context rsa; int i, j, n; char *p, *q; + char *pers = "cert_app"; /* * Set to sane values @@ -232,7 +237,16 @@ int main( int argc, char *argv[] ) /* * 1. Initialize the RNG and the session data */ - havege_init( &hs ); + printf( "\n . Seeding the random number generator..." ); + fflush( stdout ); + + entropy_init( &entropy ); + if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, + (unsigned char *) pers, strlen( pers ) ) ) != 0 ) + { + printf( " failed\n ! ctr_drbg_init returned %d\n", ret ); + goto exit; + } /* * 2. Start the connection @@ -260,7 +274,7 @@ int main( int argc, char *argv[] ) ssl_set_endpoint( &ssl, SSL_IS_CLIENT ); ssl_set_authmode( &ssl, SSL_VERIFY_NONE ); - ssl_set_rng( &ssl, havege_random, &hs ); + ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); ssl_set_dbg( &ssl, my_debug, stdout ); ssl_set_bio( &ssl, net_recv, &server_fd, net_send, &server_fd ); @@ -321,6 +335,6 @@ exit: return( ret ); } -#endif /* POLARSSL_BIGNUM_C && POLARSSL_HAVEGE_C && POLARSSL_SSL_TLS_C && +#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C && POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C && - POLARSSL_X509_PARSE_C && POLARSSL_FS_IO */ + POLARSSL_X509_PARSE_C && POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */