SSL test programs: stuff RNG context into a struct

Group the random generation context (entropy and DRBG) into a struct.
This is in preparation for unifying the common RNG-related code of
ssl_client2 and ssl_server2, then generalizing that code to support
methods other than entropy+CTR_DRBG.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-01-13 18:17:32 +01:00
parent 2427d15ea3
commit 8a8492bcd4
3 changed files with 31 additions and 25 deletions

View File

@ -686,8 +686,7 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
#endif #endif
mbedtls_entropy_context entropy; rng_context_t rng;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl; mbedtls_ssl_context ssl;
mbedtls_ssl_config conf; mbedtls_ssl_config conf;
mbedtls_ssl_session saved_session; mbedtls_ssl_session saved_session;
@ -742,7 +741,7 @@ int main( int argc, char *argv[] )
mbedtls_ssl_init( &ssl ); mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf ); mbedtls_ssl_config_init( &conf );
memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) ); memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) );
mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_ctr_drbg_init( &rng.drbg );
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_init( &cacert ); mbedtls_x509_crt_init( &cacert );
mbedtls_x509_crt_init( &clicert ); mbedtls_x509_crt_init( &clicert );
@ -1534,12 +1533,12 @@ int main( int argc, char *argv[] )
mbedtls_printf( "\n . Seeding the random number generator..." ); mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout ); fflush( stdout );
mbedtls_entropy_init( &entropy ); mbedtls_entropy_init( &rng.entropy );
if (opt.reproducible) if (opt.reproducible)
{ {
srand( 1 ); srand( 1 );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, if( ( ret = mbedtls_ctr_drbg_seed( &rng.drbg, dummy_entropy,
&entropy, (const unsigned char *) pers, &rng.entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 ) strlen( pers ) ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
@ -1549,8 +1548,8 @@ int main( int argc, char *argv[] )
} }
else else
{ {
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, if( ( ret = mbedtls_ctr_drbg_seed( &rng.drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers, &rng.entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 ) strlen( pers ) ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
@ -1904,7 +1903,7 @@ int main( int argc, char *argv[] )
#endif #endif
#endif #endif
} }
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &rng.drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout ); mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout );
@ -3024,8 +3023,8 @@ exit:
mbedtls_ssl_session_free( &saved_session ); mbedtls_ssl_session_free( &saved_session );
mbedtls_ssl_free( &ssl ); mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf ); mbedtls_ssl_config_free( &conf );
mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_ctr_drbg_free( &rng.drbg );
mbedtls_entropy_free( &entropy ); mbedtls_entropy_free( &rng.entropy );
if( session_data != NULL ) if( session_data != NULL )
mbedtls_platform_zeroize( session_data, session_data_len ); mbedtls_platform_zeroize( session_data, session_data_len );
mbedtls_free( session_data ); mbedtls_free( session_data );

View File

@ -1282,8 +1282,7 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
#endif #endif
mbedtls_entropy_context entropy; rng_context_t rng;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl; mbedtls_ssl_context ssl;
mbedtls_ssl_config conf; mbedtls_ssl_config conf;
#if defined(MBEDTLS_TIMING_C) #if defined(MBEDTLS_TIMING_C)
@ -1377,7 +1376,7 @@ int main( int argc, char *argv[] )
mbedtls_net_init( &listen_fd ); mbedtls_net_init( &listen_fd );
mbedtls_ssl_init( &ssl ); mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf ); mbedtls_ssl_config_init( &conf );
mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_ctr_drbg_init( &rng.drbg );
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_init( &cacert ); mbedtls_x509_crt_init( &cacert );
mbedtls_x509_crt_init( &srvcert ); mbedtls_x509_crt_init( &srvcert );
@ -2293,12 +2292,12 @@ int main( int argc, char *argv[] )
mbedtls_printf( "\n . Seeding the random number generator..." ); mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout ); fflush( stdout );
mbedtls_entropy_init( &entropy ); mbedtls_entropy_init( &rng.entropy );
if (opt.reproducible) if (opt.reproducible)
{ {
srand( 1 ); srand( 1 );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, if( ( ret = mbedtls_ctr_drbg_seed( &rng.drbg, dummy_entropy,
&entropy, (const unsigned char *) pers, &rng.entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 ) strlen( pers ) ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
@ -2308,8 +2307,8 @@ int main( int argc, char *argv[] )
} }
else else
{ {
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, if( ( ret = mbedtls_ctr_drbg_seed( &rng.drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers, &rng.entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 ) strlen( pers ) ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
@ -2706,7 +2705,7 @@ int main( int argc, char *argv[] )
#endif #endif
#endif #endif
} }
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &rng.drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
#if defined(MBEDTLS_SSL_CACHE_C) #if defined(MBEDTLS_SSL_CACHE_C)
@ -2725,7 +2724,7 @@ int main( int argc, char *argv[] )
if( opt.tickets == MBEDTLS_SSL_SESSION_TICKETS_ENABLED ) if( opt.tickets == MBEDTLS_SSL_SESSION_TICKETS_ENABLED )
{ {
if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx, if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx,
mbedtls_ctr_drbg_random, &ctr_drbg, mbedtls_ctr_drbg_random, &rng.drbg,
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_CIPHER_AES_256_GCM,
opt.ticket_timeout ) ) != 0 ) opt.ticket_timeout ) ) != 0 )
{ {
@ -2747,7 +2746,7 @@ int main( int argc, char *argv[] )
if( opt.cookies > 0 ) if( opt.cookies > 0 )
{ {
if( ( ret = mbedtls_ssl_cookie_setup( &cookie_ctx, if( ( ret = mbedtls_ssl_cookie_setup( &cookie_ctx,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) mbedtls_ctr_drbg_random, &rng.drbg ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret );
goto exit; goto exit;
@ -2900,7 +2899,7 @@ int main( int argc, char *argv[] )
- opt.async_private_error : - opt.async_private_error :
opt.async_private_error ); opt.async_private_error );
ssl_async_keys.f_rng = mbedtls_ctr_drbg_random; ssl_async_keys.f_rng = mbedtls_ctr_drbg_random;
ssl_async_keys.p_rng = &ctr_drbg; ssl_async_keys.p_rng = &rng.drbg;
mbedtls_ssl_conf_async_private_cb( &conf, mbedtls_ssl_conf_async_private_cb( &conf,
sign, sign,
decrypt, decrypt,
@ -3998,8 +3997,8 @@ exit:
mbedtls_ssl_free( &ssl ); mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf ); mbedtls_ssl_config_free( &conf );
mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_ctr_drbg_free( &rng.drbg );
mbedtls_entropy_free( &entropy ); mbedtls_entropy_free( &rng.entropy );
#if defined(MBEDTLS_SSL_CACHE_C) #if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_free( &cache ); mbedtls_ssl_cache_free( &cache );

View File

@ -128,6 +128,14 @@ mbedtls_time_t dummy_constant_time( mbedtls_time_t* time );
int dummy_entropy( void *data, unsigned char *output, size_t len ); int dummy_entropy( void *data, unsigned char *output, size_t len );
/** A context for random generation.
*/
typedef struct
{
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context drbg;
} rng_context_t;
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
int ca_callback( void *data, mbedtls_x509_crt const *child, int ca_callback( void *data, mbedtls_x509_crt const *child,
mbedtls_x509_crt **candidates ); mbedtls_x509_crt **candidates );