From 9a12243b012493043fdda9cc4e5fc21cc5c3ac7b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 23 Jul 2019 13:24:02 +0100 Subject: [PATCH] Introduce getter function for RNG context --- include/mbedtls/ssl_internal.h | 4 ++++ library/ssl_cli.c | 24 ++++++++++++------------ library/ssl_srv.c | 20 ++++++++++---------- library/ssl_tls.c | 12 ++++++------ 4 files changed, 32 insertions(+), 28 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 25ded986b..e5c37eade 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1560,6 +1560,10 @@ static inline mbedtls_ssl_recv_timeout_t* mbedtls_ssl_get_recv_timeout( typedef int mbedtls_frng_t( void*, unsigned char*, size_t ); +static inline void* mbedtls_ssl_conf_get_prng( mbedtls_ssl_config const *conf ) +{ + return( conf->p_rng ); +} #if !defined(MBEDTLS_SSL_CONF_RNG) static inline mbedtls_frng_t* mbedtls_ssl_conf_get_frng( mbedtls_ssl_config const *conf ) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 8ddeec08d..c36a73507 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -375,7 +375,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, p + 2, end - p - 2, &kkpp_len, mbedtls_ssl_conf_get_frng( ssl->conf ), - ssl->conf->p_rng ); + mbedtls_ssl_conf_get_prng( ssl->conf ) ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret ); @@ -735,7 +735,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) ); #else if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf ) - ( ssl->conf->p_rng, p, 4 ) ) != 0 ) + ( mbedtls_ssl_conf_get_prng( ssl->conf ), p, 4 ) ) != 0 ) { return( ret ); } @@ -744,7 +744,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_HAVE_TIME */ if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf ) - ( ssl->conf->p_rng, p, 28 ) ) != 0 ) + ( mbedtls_ssl_conf_get_prng( ssl->conf ), p, 28 ) ) != 0 ) { return( ret ); } @@ -911,7 +911,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) ssl->session_negotiate->ticket_len != 0 ) { ret = mbedtls_ssl_conf_get_frng( ssl->conf ) - ( ssl->conf->p_rng, ssl->session_negotiate->id, 32 ); + ( mbedtls_ssl_conf_get_prng( ssl->conf ), ssl->session_negotiate->id, 32 ); if( ret != 0 ) return( ret ); @@ -2365,7 +2365,7 @@ static int ssl_rsa_generate_partial_pms( mbedtls_ssl_context *ssl, ssl->conf->transport, out ); if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf ) - ( ssl->conf->p_rng, out + 2, 46 ) ) != 0 ) + ( mbedtls_ssl_conf_get_prng( ssl->conf ), out + 2, 46 ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret ); return( ret ); @@ -2435,7 +2435,7 @@ static int ssl_rsa_encrypt_partial_pms( mbedtls_ssl_context *ssl, ppms, 48, out + len_bytes, olen, buflen - len_bytes, mbedtls_ssl_conf_get_frng( ssl->conf ), - ssl->conf->p_rng ) ) != 0 ) + mbedtls_ssl_conf_get_prng( ssl->conf ) ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_rsa_pkcs1_encrypt", ret ); goto cleanup; @@ -3493,7 +3493,7 @@ static int ssl_client_key_exchange_write( mbedtls_ssl_context *ssl, ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), p, n, mbedtls_ssl_conf_get_frng( ssl->conf ), - ssl->conf->p_rng ); + mbedtls_ssl_conf_get_prng( ssl->conf ) ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret ); @@ -3530,7 +3530,7 @@ static int ssl_client_key_exchange_write( mbedtls_ssl_context *ssl, ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n, p, end - p, mbedtls_ssl_conf_get_frng( ssl->conf ), - ssl->conf->p_rng ); + mbedtls_ssl_conf_get_prng( ssl->conf ) ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret ); @@ -3625,7 +3625,7 @@ static int ssl_client_key_exchange_write( mbedtls_ssl_context *ssl, ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), p, n, mbedtls_ssl_conf_get_frng( ssl->conf ), - ssl->conf->p_rng ); + mbedtls_ssl_conf_get_prng( ssl->conf ) ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret ); @@ -3646,7 +3646,7 @@ static int ssl_client_key_exchange_write( mbedtls_ssl_context *ssl, ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n, p, buflen, mbedtls_ssl_conf_get_frng( ssl->conf ), - ssl->conf->p_rng ); + mbedtls_ssl_conf_get_prng( ssl->conf ) ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret ); @@ -3683,7 +3683,7 @@ static int ssl_client_key_exchange_write( mbedtls_ssl_context *ssl, ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx, p, end - p, &n, mbedtls_ssl_conf_get_frng( ssl->conf ), - ssl->conf->p_rng ); + mbedtls_ssl_conf_get_prng( ssl->conf ) ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret ); @@ -3895,7 +3895,7 @@ sign: md_alg, hash_start, hashlen, ssl->out_msg + 6 + offset, &n, mbedtls_ssl_conf_get_frng( ssl->conf ), - ssl->conf->p_rng, rs_ctx ) ) != 0 ) + mbedtls_ssl_conf_get_prng( ssl->conf ), rs_ctx ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret ); #if defined(MBEDTLS_SSL__ECP_RESTARTABLE) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 51068caed..a31eda438 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2603,7 +2603,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, p + 2, end - p - 2, &kkpp_len, mbedtls_ssl_conf_get_frng( ssl->conf ), - ssl->conf->p_rng ); + mbedtls_ssl_conf_get_prng( ssl->conf ) ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret ); @@ -2783,7 +2783,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) ); #else if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf ) - ( ssl->conf->p_rng, p, 4 ) ) != 0 ) + ( mbedtls_ssl_conf_get_prng( ssl->conf ), p, 4 ) ) != 0 ) { return( ret ); } @@ -2792,7 +2792,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_HAVE_TIME */ if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf ) - ( ssl->conf->p_rng, p, 28 ) ) != 0 ) + ( mbedtls_ssl_conf_get_prng( ssl->conf ), p, 28 ) ) != 0 ) { return( ret ); } @@ -2859,7 +2859,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) { ssl->session_negotiate->id_len = n = 32; if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf ) - ( ssl->conf->p_rng, ssl->session_negotiate->id, n ) ) != 0 ) + ( mbedtls_ssl_conf_get_prng( ssl->conf ), ssl->session_negotiate->id, n ) ) != 0 ) { return( ret ); } @@ -3272,7 +3272,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, ssl->out_msg + ssl->out_msglen, MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, &len, mbedtls_ssl_conf_get_frng( ssl->conf ), - ssl->conf->p_rng ); + mbedtls_ssl_conf_get_prng( ssl->conf ) ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret ); @@ -3336,7 +3336,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), ssl->out_msg + ssl->out_msglen, &len, mbedtls_ssl_conf_get_frng( ssl->conf ), - ssl->conf->p_rng ) ) != 0 ) + mbedtls_ssl_conf_get_prng( ssl->conf ) ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_params", ret ); return( ret ); @@ -3393,7 +3393,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, ssl->out_msg + ssl->out_msglen, MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, mbedtls_ssl_conf_get_frng( ssl->conf ), - ssl->conf->p_rng ) ) != 0 ) + mbedtls_ssl_conf_get_prng( ssl->conf ) ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_params", ret ); return( ret ); @@ -3579,7 +3579,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, ssl->out_msg + ssl->out_msglen + 2, signature_len, mbedtls_ssl_conf_get_frng( ssl->conf ), - ssl->conf->p_rng ) ) != 0 ) + mbedtls_ssl_conf_get_prng( ssl->conf ) ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret ); return( ret ); @@ -3876,7 +3876,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, ret = mbedtls_pk_decrypt( private_key, p, len, peer_pms, peer_pmslen, peer_pmssize, mbedtls_ssl_conf_get_frng( ssl->conf ), - ssl->conf->p_rng ); + mbedtls_ssl_conf_get_prng( ssl->conf ) ); return( ret ); } @@ -3946,7 +3946,7 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl, * regardless of whether it will ultimately influence the output or not. */ ret = mbedtls_ssl_conf_get_frng( ssl->conf ) - ( ssl->conf->p_rng, fake_pms, sizeof( fake_pms ) ); + ( mbedtls_ssl_conf_get_prng( ssl->conf ), fake_pms, sizeof( fake_pms ) ); if( ret != 0 ) { /* It's ok to abort on an RNG failure, since this does not reveal diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e651f29c1..c63e08090 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1669,7 +1669,7 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl ) MBEDTLS_PREMASTER_SIZE, &ssl->handshake->pmslen, mbedtls_ssl_conf_get_frng( ssl->conf ), - ssl->conf->p_rng ) ) != 0 ) + mbedtls_ssl_conf_get_prng( ssl->conf ) ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); return( ret ); @@ -1697,7 +1697,7 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl ) ssl->handshake->premaster, MBEDTLS_MPI_MAX_SIZE, mbedtls_ssl_conf_get_frng( ssl->conf ), - ssl->conf->p_rng ) ) != 0 ) + mbedtls_ssl_conf_get_prng( ssl->conf ) ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); return( ret ); @@ -1729,7 +1729,7 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl ) ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx, ssl->handshake->premaster, 32, &ssl->handshake->pmslen, mbedtls_ssl_conf_get_frng( ssl->conf ), - ssl->conf->p_rng ); + mbedtls_ssl_conf_get_prng( ssl->conf ) ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret ); @@ -1823,7 +1823,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, p + 2, end - ( p + 2 ), &len, mbedtls_ssl_conf_get_frng( ssl->conf ), - ssl->conf->p_rng ) ) != 0 ) + mbedtls_ssl_conf_get_prng( ssl->conf ) ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); return( ret ); @@ -1845,7 +1845,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen, p + 2, end - ( p + 2 ), mbedtls_ssl_conf_get_frng( ssl->conf ), - ssl->conf->p_rng ) ) != 0 ) + mbedtls_ssl_conf_get_prng( ssl->conf ) ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); return( ret ); @@ -4189,7 +4189,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) if( ( ret = mbedtls_ssl_encrypt_buf( ssl, ssl->transform_out, &rec, mbedtls_ssl_conf_get_frng( ssl->conf ), - ssl->conf->p_rng ) ) != 0 ) + mbedtls_ssl_conf_get_prng( ssl->conf ) ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret ); return( ret );