diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b72ba92e2..a72914fb3 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -799,12 +799,16 @@ typedef struct * Pointers */ - const int *ciphersuite_list[4]; /*!< allowed ciphersuites / version */ + const int *ciphersuite_list[4]; /*!< allowed ciphersuites per version */ /** Callback for printing debug output */ void (*f_dbg)(void *, int, const char *); void *p_dbg; /*!< context for the debug function */ + /** Callback for getting (pseudo-)random numbers */ + int (*f_rng)(void *, unsigned char *, size_t); + void *p_rng; /*!< context for the RNG function */ + /** Callback to retrieve a session from the cache */ int (*f_get_cache)(void *, mbedtls_ssl_session *); /** Callback to store a session into the cache */ @@ -836,7 +840,7 @@ typedef struct /** Callback to verify validity of a ClientHello cookie */ int (*f_cookie_check)( void *, const unsigned char *, size_t, const unsigned char *, size_t ); - void *p_cookie; /*!< context for the cookie callbacks */ + void *p_cookie; /*!< context for the cookie callbacks */ #endif #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -846,7 +850,7 @@ typedef struct #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_SET_CURVES) - const mbedtls_ecp_group_id *curve_list; /*!< allowed curves */ + const mbedtls_ecp_group_id *curve_list; /*!< allowed curves */ #endif #if defined(MBEDTLS_DHM_C) @@ -966,9 +970,6 @@ struct mbedtls_ssl_context /* * Callbacks */ - int (*f_rng)(void *, unsigned char *, size_t); - void *p_rng; /*!< context for the RNG function */ - int (*f_send)(void *, const unsigned char *, size_t); int (*f_recv)(void *, unsigned char *, size_t); int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t); @@ -1243,11 +1244,11 @@ void mbedtls_ssl_set_verify( mbedtls_ssl_config *conf, /** * \brief Set the random number generator callback * - * \param ssl SSL context + * \param conf SSL configuration * \param f_rng RNG function * \param p_rng RNG parameter */ -void mbedtls_ssl_set_rng( mbedtls_ssl_context *ssl, +void mbedtls_ssl_set_rng( mbedtls_ssl_config *conf, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); diff --git a/library/ssl_cli.c b/library/ssl_cli.c index a6e020217..0b9de03f3 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -534,13 +534,13 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) ); #else - if( ( ret = ssl->f_rng( ssl->p_rng, p, 4 ) ) != 0 ) + if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 ) return( ret ); p += 4; #endif /* MBEDTLS_HAVE_TIME */ - if( ( ret = ssl->f_rng( ssl->p_rng, p, 28 ) ) != 0 ) + if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 28 ) ) != 0 ) return( ret ); return( 0 ); @@ -558,7 +558,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) ); - if( ssl->f_rng == NULL ) + if( ssl->conf->f_rng == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided") ); return( MBEDTLS_ERR_SSL_NO_RNG ); @@ -640,7 +640,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( ssl->session_negotiate->ticket != NULL && ssl->session_negotiate->ticket_len != 0 ) { - ret = ssl->f_rng( ssl->p_rng, ssl->session_negotiate->id, 32 ); + ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id, 32 ); if( ret != 0 ) return( ret ); @@ -1785,7 +1785,7 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver, ssl->conf->transport, p ); - if( ( ret = ssl->f_rng( ssl->p_rng, p + 2, 46 ) ) != 0 ) + if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret ); return( ret ); @@ -1807,7 +1807,7 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, p, ssl->handshake->pmslen, ssl->out_msg + offset + len_bytes, olen, MBEDTLS_SSL_MAX_CONTENT_LEN - offset - len_bytes, - ssl->f_rng, ssl->p_rng ) ) != 0 ) + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_rsa_pkcs1_encrypt", ret ); return( ret ); @@ -2461,7 +2461,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), &ssl->out_msg[i], n, - ssl->f_rng, ssl->p_rng ); + ssl->conf->f_rng, ssl->conf->p_rng ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret ); @@ -2476,7 +2476,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, ssl->handshake->premaster, &ssl->handshake->pmslen, - ssl->f_rng, ssl->p_rng ) ) != 0 ) + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); return( ret ); @@ -2503,7 +2503,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n, &ssl->out_msg[i], 1000, - ssl->f_rng, ssl->p_rng ); + ssl->conf->f_rng, ssl->conf->p_rng ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret ); @@ -2516,7 +2516,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) &ssl->handshake->pmslen, ssl->handshake->premaster, MBEDTLS_MPI_MAX_SIZE, - ssl->f_rng, ssl->p_rng ) ) != 0 ) + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); return( ret ); @@ -2577,7 +2577,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), &ssl->out_msg[i], n, - ssl->f_rng, ssl->p_rng ); + ssl->conf->f_rng, ssl->conf->p_rng ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret ); @@ -2594,7 +2594,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) */ ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n, &ssl->out_msg[i], MBEDTLS_SSL_MAX_CONTENT_LEN - i, - ssl->f_rng, ssl->p_rng ); + ssl->conf->f_rng, ssl->conf->p_rng ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret ); @@ -2804,7 +2804,7 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) if( ( ret = mbedtls_pk_sign( mbedtls_ssl_own_key( ssl ), md_alg, hash_start, hashlen, ssl->out_msg + 6 + offset, &n, - ssl->f_rng, ssl->p_rng ) ) != 0 ) + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret ); return( ret ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index fd2ee9364..8ca3e58f8 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -197,7 +197,7 @@ static int ssl_write_ticket( mbedtls_ssl_context *ssl, size_t *tlen ) p += 16; /* Generate and write IV (with a copy for aes_crypt) */ - if( ( ret = ssl->f_rng( ssl->p_rng, p, 16 ) ) != 0 ) + if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 16 ) ) != 0 ) return( ret ); memcpy( iv, p, 16 ); p += 16; @@ -2417,7 +2417,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ - if( ssl->f_rng == NULL ) + if( ssl->conf->f_rng == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided") ); return( MBEDTLS_ERR_SSL_NO_RNG ); @@ -2449,13 +2449,13 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) ); #else - if( ( ret = ssl->f_rng( ssl->p_rng, p, 4 ) ) != 0 ) + if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 ) return( ret ); p += 4; #endif /* MBEDTLS_HAVE_TIME */ - if( ( ret = ssl->f_rng( ssl->p_rng, p, 28 ) ) != 0 ) + if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 28 ) ) != 0 ) return( ret ); p += 28; @@ -2503,7 +2503,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_SESSION_TICKETS */ { ssl->session_negotiate->length = n = 32; - if( ( ret = ssl->f_rng( ssl->p_rng, ssl->session_negotiate->id, + if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id, n ) ) != 0 ) return( ret ); } @@ -2895,7 +2895,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) if( ( ret = mbedtls_dhm_make_params( &ssl->handshake->dhm_ctx, (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), - p, &len, ssl->f_rng, ssl->p_rng ) ) != 0 ) + p, &len, ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_params", ret ); return( ret ); @@ -2960,7 +2960,7 @@ curve_matching_done: if( ( ret = mbedtls_ecdh_make_params( &ssl->handshake->ecdh_ctx, &len, p, MBEDTLS_SSL_MAX_CONTENT_LEN - n, - ssl->f_rng, ssl->p_rng ) ) != 0 ) + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_params", ret ); return( ret ); @@ -3124,7 +3124,7 @@ curve_matching_done: if( ( ret = mbedtls_pk_sign( mbedtls_ssl_own_key( ssl ), md_alg, hash, hashlen, p + 2 , &signature_len, - ssl->f_rng, ssl->p_rng ) ) != 0 ) + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret ); return( ret ); @@ -3282,14 +3282,14 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl, * Also, avoid data-dependant branches here to protect against * timing-based variants. */ - ret = ssl->f_rng( ssl->p_rng, fake_pms, sizeof( fake_pms ) ); + ret = ssl->conf->f_rng( ssl->conf->p_rng, fake_pms, sizeof( fake_pms ) ); if( ret != 0 ) return( ret ); ret = mbedtls_pk_decrypt( mbedtls_ssl_own_key( ssl ), p, len, peer_pms, &peer_pmslen, sizeof( peer_pms ), - ssl->f_rng, ssl->p_rng ); + ssl->conf->f_rng, ssl->conf->p_rng ); diff = (size_t) ret; diff |= peer_pmslen ^ 48; @@ -3438,7 +3438,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, ssl->handshake->premaster, &ssl->handshake->pmslen, - ssl->f_rng, ssl->p_rng ) ) != 0 ) + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS ); @@ -3470,7 +3470,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) &ssl->handshake->pmslen, ssl->handshake->premaster, MBEDTLS_MPI_MAX_SIZE, - ssl->f_rng, ssl->p_rng ) ) != 0 ) + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 85aa27614..c599761b0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1108,7 +1108,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch /* Write length only when we know the actual value */ if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, p + 2, &len, - ssl->f_rng, ssl->p_rng ) ) != 0 ) + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); return( ret ); @@ -1129,7 +1129,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen, p + 2, end - ( p + 2 ), - ssl->f_rng, ssl->p_rng ) ) != 0 ) + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); return( ret ); @@ -1338,7 +1338,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) * Generate IV */ #if defined(MBEDTLS_SSL_AEAD_RANDOM_IV) - ret = ssl->f_rng( ssl->p_rng, + ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen, ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen ); if( ret != 0 ) @@ -1434,7 +1434,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) /* * Generate IV */ - int ret = ssl->f_rng( ssl->p_rng, ssl->transform_out->iv_enc, + int ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->transform_out->iv_enc, ssl->transform_out->ivlen ); if( ret != 0 ) return( ret ); @@ -5210,12 +5210,12 @@ void mbedtls_ssl_set_verify( mbedtls_ssl_config *conf, } #endif /* MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_ssl_set_rng( mbedtls_ssl_context *ssl, +void mbedtls_ssl_set_rng( mbedtls_ssl_config *conf, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - ssl->f_rng = f_rng; - ssl->p_rng = p_rng; + conf->f_rng = f_rng; + conf->p_rng = p_rng; } void mbedtls_ssl_set_dbg( mbedtls_ssl_config *conf, diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 58068bcad..658555a21 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -187,7 +187,7 @@ int main( int argc, char *argv[] ) goto exit; } - mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); + mbedtls_ssl_set_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_dbg( &conf, my_debug, stdout ); mbedtls_ssl_set_bio( &ssl, &server_fd, diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 6ad4e661b..e19ab80a1 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -206,7 +206,7 @@ int main( void ) goto exit; } - mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); + mbedtls_ssl_set_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_dbg( &conf, my_debug, stdout ); #if defined(MBEDTLS_SSL_CACHE_C) diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index f7b11578b..0504c76fa 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -203,7 +203,7 @@ int main( void ) goto exit; } - mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); + mbedtls_ssl_set_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) mbedtls_ssl_set_psk( &ssl, psk, sizeof( psk ), diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index cac0a1ba2..f3b22fde3 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -176,7 +176,7 @@ int main( void ) goto exit; } - mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); + mbedtls_ssl_set_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_dbg( &conf, my_debug, stdout ); mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 897c17e76..0181a2fe5 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1115,7 +1115,7 @@ int main( int argc, char *argv[] ) } #endif - mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); + mbedtls_ssl_set_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_dbg( &conf, my_debug, stdout ); if( opt.nbio == 2 ) diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 61a59c62f..6051181f5 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -265,7 +265,7 @@ int main( void ) mbedtls_printf( " ok\n" ); - mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); + mbedtls_ssl_set_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_dbg( &conf, my_debug, stdout ); mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 139c1ad12..36bb92768 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -604,7 +604,7 @@ int main( int argc, char *argv[] ) * but makes interop easier in this simplified example */ mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL ); - mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); + mbedtls_ssl_set_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_dbg( &conf, my_debug, stdout ); mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 162d5ca36..3c69fbfbe 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -176,7 +176,7 @@ static void *handle_ssl_connection( void *data ) goto thread_exit; } - mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); + mbedtls_ssl_set_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_dbg( &conf, my_mutexed_debug, stdout ); /* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 9313a88e0..a8025b37b 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -205,7 +205,7 @@ int main( void ) goto exit; } - mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); + mbedtls_ssl_set_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_dbg( &conf, my_debug, stdout ); #if defined(MBEDTLS_SSL_CACHE_C) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 9a6d7f3ff..e3e680ce5 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1574,7 +1574,7 @@ int main( int argc, char *argv[] ) } #endif - mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); + mbedtls_ssl_set_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_dbg( &conf, my_debug, stdout ); #if defined(MBEDTLS_SSL_CACHE_C) diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index d0aea996e..1e5ef377d 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -419,7 +419,7 @@ int main( int argc, char *argv[] ) else mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE ); - mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); + mbedtls_ssl_set_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_dbg( &conf, my_debug, stdout ); mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );