diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 5943cfcfa5..9817d35a7d 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -1140,17 +1140,11 @@ void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx); * \param ctx certificate to write away * \param buf buffer to write to * \param size size of the buffer - * \param f_rng RNG function. This must not be \c NULL. - * \param p_rng RNG parameter * * \return length of data written if successful, or a specific * error code - * - * \note \p f_rng is used for the signature operation. */ -int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); +int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); #if defined(MBEDTLS_PEM_WRITE_C) /** @@ -1159,16 +1153,11 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, s * \param ctx certificate to write away * \param buf buffer to write to * \param size size of the buffer - * \param f_rng RNG function. This must not be \c NULL. - * \param p_rng RNG parameter * * \return 0 if successful, or a specific error code * - * \note \p f_rng is used for the signature operation. */ -int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); +int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); #endif /* MBEDTLS_PEM_WRITE_C */ #endif /* MBEDTLS_X509_CRT_WRITE_C */ diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index 08e585f3f3..f9eb04d333 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -337,17 +337,12 @@ void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx); * \param ctx CSR to write away * \param buf buffer to write to * \param size size of the buffer - * \param f_rng RNG function. This must not be \c NULL. - * \param p_rng RNG parameter * * \return length of data written if successful, or a specific * error code * - * \note \p f_rng is used for the signature operation. */ -int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); +int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); #if defined(MBEDTLS_PEM_WRITE_C) /** @@ -357,16 +352,11 @@ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, si * \param ctx CSR to write away * \param buf buffer to write to * \param size size of the buffer - * \param f_rng RNG function. This must not be \c NULL. - * \param p_rng RNG parameter * * \return 0 if successful, or a specific error code * - * \note \p f_rng is used for the signature operation. */ -int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); +int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); #endif /* MBEDTLS_PEM_WRITE_C */ #endif /* MBEDTLS_X509_CSR_WRITE_C */ diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index c06844db76..e0743e1a6a 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2827,7 +2827,7 @@ sign: ssl->out_msg + 6 + offset, out_buf_len - 6 - offset, &n, - ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx)) != 0) { + rs_ctx)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index fb88cf2956..84d5994ca0 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3035,9 +3035,7 @@ curve_matching_done: md_alg, hash, hashlen, ssl->out_msg + ssl->out_msglen + 2, out_buf_len - ssl->out_msglen - 2, - signature_len, - ssl->conf->f_rng, - ssl->conf->p_rng)) != 0) { + signature_len)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret); return ret; } diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 1076dea393..deba2ae1e0 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -978,8 +978,7 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl, if ((ret = mbedtls_pk_sign_ext(pk_type, own_key, md_alg, verify_hash, verify_hash_len, - p + 4, (size_t) (end - (p + 4)), &signature_len, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + p + 4, (size_t) (end - (p + 4)), &signature_len)) != 0) { MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature failed with %s", mbedtls_ssl_sig_alg_to_str(*sig_alg))); MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_pk_sign_ext", ret); diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 8a476978a1..7d207481c2 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -379,9 +379,7 @@ static int x509_write_time(unsigned char **p, unsigned char *start, } int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, - unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) + unsigned char *buf, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const char *sig_oid; @@ -571,8 +569,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg, - hash, hash_length, sig, sizeof(sig), &sig_len, - f_rng, p_rng)) != 0) { + hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) { return ret; } @@ -614,15 +611,12 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, #if defined(MBEDTLS_PEM_WRITE_C) int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *crt, - unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) + unsigned char *buf, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen; - if ((ret = mbedtls_x509write_crt_der(crt, buf, size, - f_rng, p_rng)) < 0) { + if ((ret = mbedtls_x509write_crt_der(crt, buf, size)) < 0) { return ret; } diff --git a/library/x509write_csr.c b/library/x509write_csr.c index dd75d8f898..e65ddb07f4 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -131,9 +131,7 @@ int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx, static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - unsigned char *sig, size_t sig_size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) + unsigned char *sig, size_t sig_size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const char *sig_oid; @@ -218,8 +216,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0, - sig, sig_size, &sig_len, - f_rng, p_rng)) != 0) { + sig, sig_size, &sig_len)) != 0) { return ret; } @@ -274,9 +271,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, } int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, - size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) + size_t size) { int ret; unsigned char *sig; @@ -286,8 +281,7 @@ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, } ret = x509write_csr_der_internal(ctx, buf, size, - sig, MBEDTLS_PK_SIGNATURE_MAX_SIZE, - f_rng, p_rng); + sig, MBEDTLS_PK_SIGNATURE_MAX_SIZE); mbedtls_free(sig); @@ -298,15 +292,12 @@ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, #define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n" #if defined(MBEDTLS_PEM_WRITE_C) -int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) +int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen = 0; - if ((ret = mbedtls_x509write_csr_der(ctx, buf, size, - f_rng, p_rng)) < 0) { + if ((ret = mbedtls_x509write_csr_der(ctx, buf, size)) < 0) { return ret; } diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 404c4ad304..740dea5aaf 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -82,8 +82,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) return 1; } if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0, - dummy_random, &ctr_drbg) != 0) { + mbedtls_test_srv_key_len, NULL, 0) != 0) { return 1; } #endif diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c index 1a5fbba9ae..8055603c64 100644 --- a/programs/fuzz/fuzz_privkey.c +++ b/programs/fuzz/fuzz_privkey.c @@ -44,8 +44,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) goto exit; } - ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0, - dummy_random, &ctr_drbg); + ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0); if (ret == 0) { #if defined(MBEDTLS_RSA_C) if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) { diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 64fe32d268..857b1b64f9 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -91,8 +91,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) return 1; } if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0, - dummy_random, &ctr_drbg) != 0) { + mbedtls_test_srv_key_len, NULL, 0) != 0) { return 1; } #endif diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index b064078016..2be584266a 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -248,8 +248,7 @@ usage: goto cleanup; } - ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password, - mbedtls_ctr_drbg_random, &ctr_drbg); + ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password); if (ret != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index b9b477b839..e36130bcd1 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -363,8 +363,7 @@ usage: goto exit; } - ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL, - mbedtls_ctr_drbg_random, &ctr_drbg); + ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL); if (ret != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x", (unsigned int) -ret); diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index a7b9001fc9..d2bfde50f0 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -89,8 +89,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n . Reading private key from '%s'", argv[1]); fflush(stdout); - if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "", - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", (unsigned int) -ret); goto exit; @@ -119,8 +118,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n . Decrypting the encrypted data"); fflush(stdout); - if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result), - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result))) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_decrypt returned -0x%04x\n", (unsigned int) -ret); goto exit; diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index 28a849b38f..1ab2a3d60e 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -105,8 +105,7 @@ int main(int argc, char *argv[]) fflush(stdout); if ((ret = mbedtls_pk_encrypt(&pk, input, strlen(argv[2]), - buf, &olen, sizeof(buf), - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + buf, &olen, sizeof(buf))) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_encrypt returned -0x%04x\n", (unsigned int) -ret); goto exit; diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index af52583201..92d96608e3 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -85,8 +85,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n . Reading private key from '%s'", argv[1]); fflush(stdout); - if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "", - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) { mbedtls_printf(" failed\n ! Could not parse '%s'\n", argv[1]); goto exit; } @@ -106,8 +105,7 @@ int main(int argc, char *argv[]) } if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0, - buf, sizeof(buf), &olen, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + buf, sizeof(buf), &olen)) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret); goto exit; } diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index e4f27f337a..a5e06fb197 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -86,8 +86,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n . Reading private key from '%s'", argv[1]); fflush(stdout); - if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "", - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) { mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]); mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret); goto exit; @@ -120,8 +119,7 @@ int main(int argc, char *argv[]) } if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0, - buf, sizeof(buf), &olen, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + buf, sizeof(buf), &olen)) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_sign returned %d\n\n", ret); goto exit; } diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index d1c2a8c1c6..a10a6e6bb2 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -165,9 +165,7 @@ int main(void) (const unsigned char *) mbedtls_test_srv_key, mbedtls_test_srv_key_len, NULL, - 0, - mbedtls_ctr_drbg_random, - &ctr_drbg); + 0); if (ret != 0) { printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret); goto exit; diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 6ed073eef5..e4efadc0d1 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1736,12 +1736,12 @@ usage: } else #if defined(MBEDTLS_FS_IO) if (strlen(opt.key_file)) { - ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd, rng_get, &rng); + ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd); } else #endif { ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_cli_key, - mbedtls_test_cli_key_len, NULL, 0, rng_get, &rng); } + mbedtls_test_cli_key_len, NULL, 0); } if (ret != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", (unsigned int) -ret); diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index b9598585bf..f1eb21f3d9 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -138,8 +138,7 @@ int main(void) } ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0, - mbedtls_ctr_drbg_random, &ctr_drbg); + mbedtls_test_srv_key_len, NULL, 0); if (ret != 0) { mbedtls_printf(" failed! mbedtls_pk_parse_key returned %d\n\n", ret); goto exit; diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index d3354caf73..69aefef7db 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -514,8 +514,7 @@ usage: #if defined(MBEDTLS_FS_IO) if (strlen(opt.key_file)) { - ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, "", - mbedtls_ctr_drbg_random, &ctr_drbg); + ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, ""); } else #endif #if defined(MBEDTLS_PEM_PARSE_C) @@ -524,9 +523,7 @@ usage: (const unsigned char *) mbedtls_test_cli_key, mbedtls_test_cli_key_len, NULL, - 0, - mbedtls_ctr_drbg_random, - &ctr_drbg); + 0); } #else { diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index a1c583aabc..1214eb83fa 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -379,8 +379,7 @@ int main(void) mbedtls_pk_init(&pkey); ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0, - mbedtls_ctr_drbg_random, &ctr_drbg); + mbedtls_test_srv_key_len, NULL, 0); if (ret != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret); goto exit; diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 4b101d39ad..0f27b8227d 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -144,8 +144,7 @@ int main(void) } ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0, - mbedtls_ctr_drbg_random, &ctr_drbg); + mbedtls_test_srv_key_len, NULL, 0); if (ret != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret); goto exit; diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 8a0e18aefd..556e906498 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -824,7 +824,7 @@ static sni_entry *sni_parse(char *sni_string) mbedtls_pk_init(new->key); if (mbedtls_x509_crt_parse_file(new->cert, crt_file) != 0 || - mbedtls_pk_parse_keyfile(new->key, key_file, "", rng_get, &rng) != 0) { + mbedtls_pk_parse_keyfile(new->key, key_file, "") != 0) { goto error; } @@ -1175,8 +1175,7 @@ static int ssl_async_start(mbedtls_ssl_context *ssl, * public key. */ for (slot = 0; slot < config_data->slots_used; slot++) { if (mbedtls_pk_check_pair(&cert->pk, - config_data->slots[slot].pk, - rng_get, &rng) == 0) { + config_data->slots[slot].pk) == 0) { break; } } @@ -1247,12 +1246,16 @@ static int ssl_async_resume(mbedtls_ssl_context *ssl, } switch (ctx->operation_type) { + case ASYNC_OP_DECRYPT: + ret = mbedtls_pk_decrypt(key_slot->pk, + ctx->input, ctx->input_len, + output, output_len, output_size); + break; case ASYNC_OP_SIGN: ret = mbedtls_pk_sign(key_slot->pk, ctx->md_alg, ctx->input, ctx->input_len, - output, output_size, output_len, - config_data->f_rng, config_data->p_rng); + output, output_size, output_len); break; default: mbedtls_printf( @@ -2637,7 +2640,7 @@ usage: if (strlen(opt.key_file) && strcmp(opt.key_file, "none") != 0) { key_cert_init++; if ((ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, - opt.key_pwd, rng_get, &rng)) != 0) { + opt.key_pwd)) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", (unsigned int) -ret); goto exit; @@ -2659,7 +2662,7 @@ usage: if (strlen(opt.key_file2) && strcmp(opt.key_file2, "none") != 0) { key_cert_init2++; if ((ret = mbedtls_pk_parse_keyfile(&pkey2, opt.key_file2, - opt.key_pwd2, rng_get, &rng)) != 0) { + opt.key_pwd2)) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n", (unsigned int) -ret); goto exit; @@ -2686,8 +2689,7 @@ usage: } if ((ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key_rsa, - mbedtls_test_srv_key_rsa_len, NULL, 0, - rng_get, &rng)) != 0) { + mbedtls_test_srv_key_rsa_len, NULL, 0)) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", (unsigned int) -ret); goto exit; @@ -2704,8 +2706,7 @@ usage: } if ((ret = mbedtls_pk_parse_key(&pkey2, (const unsigned char *) mbedtls_test_srv_key_ec, - mbedtls_test_srv_key_ec_len, NULL, 0, - rng_get, &rng)) != 0) { + mbedtls_test_srv_key_ec_len, NULL, 0)) != 0) { mbedtls_printf(" failed\n ! pk_parse_key2 returned -0x%x\n\n", (unsigned int) -ret); goto exit; diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 1be335c0ad..f09e93863a 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -109,9 +109,7 @@ struct options { mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */ } opt; -static int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) +static int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file) { int ret; FILE *f; @@ -119,7 +117,7 @@ static int write_certificate_request(mbedtls_x509write_csr *req, const char *out size_t len = 0; memset(output_buf, 0, 4096); - if ((ret = mbedtls_x509write_csr_pem(req, output_buf, 4096, f_rng, p_rng)) < 0) { + if ((ret = mbedtls_x509write_csr_pem(req, output_buf, 4096)) < 0) { return ret; } @@ -454,8 +452,7 @@ usage: mbedtls_printf(" . Loading the private key ..."); fflush(stdout); - ret = mbedtls_pk_parse_keyfile(&key, opt.filename, opt.password, - mbedtls_ctr_drbg_random, &ctr_drbg); + ret = mbedtls_pk_parse_keyfile(&key, opt.filename, opt.password); if (ret != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned %d", ret); @@ -472,8 +469,7 @@ usage: mbedtls_printf(" . Writing the certificate request ..."); fflush(stdout); - if ((ret = write_certificate_request(&req, opt.output_file, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + if ((ret = write_certificate_request(&req, opt.output_file)) != 0) { mbedtls_printf(" failed\n ! write_certificate_request %d", ret); goto exit; } diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 5993f24657..9776dc1c37 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -206,9 +206,7 @@ struct options { int format; /* format */ } opt; -static int write_certificate(mbedtls_x509write_cert *crt, const char *output_file, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) +static int write_certificate(mbedtls_x509write_cert *crt, const char *output_file) { int ret; FILE *f; @@ -218,8 +216,7 @@ static int write_certificate(mbedtls_x509write_cert *crt, const char *output_fil memset(output_buf, 0, 4096); if (opt.format == FORMAT_DER) { - ret = mbedtls_x509write_crt_der(crt, output_buf, 4096, - f_rng, p_rng); + ret = mbedtls_x509write_crt_der(crt, output_buf, 4096); if (ret < 0) { return ret; } @@ -227,8 +224,7 @@ static int write_certificate(mbedtls_x509write_cert *crt, const char *output_fil len = ret; output_start = output_buf + 4096 - len; } else { - ret = mbedtls_x509write_crt_pem(crt, output_buf, 4096, - f_rng, p_rng); + ret = mbedtls_x509write_crt_pem(crt, output_buf, 4096); if (ret < 0) { return ret; } @@ -780,7 +776,7 @@ usage: fflush(stdout); ret = mbedtls_pk_parse_keyfile(&loaded_subject_key, opt.subject_key, - opt.subject_pwd, mbedtls_ctr_drbg_random, &ctr_drbg); + opt.subject_pwd); if (ret != 0) { mbedtls_strerror(ret, buf, sizeof(buf)); mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile " @@ -795,7 +791,7 @@ usage: fflush(stdout); ret = mbedtls_pk_parse_keyfile(&loaded_issuer_key, opt.issuer_key, - opt.issuer_pwd, mbedtls_ctr_drbg_random, &ctr_drbg); + opt.issuer_pwd); if (ret != 0) { mbedtls_strerror(ret, buf, sizeof(buf)); mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile " @@ -806,8 +802,7 @@ usage: // Check if key and issuer certificate match // if (strlen(opt.issuer_crt)) { - if (mbedtls_pk_check_pair(&issuer_crt.pk, issuer_key, - mbedtls_ctr_drbg_random, &ctr_drbg) != 0) { + if (mbedtls_pk_check_pair(&issuer_crt.pk, issuer_key) != 0) { mbedtls_printf(" failed\n ! issuer_key does not match " "issuer certificate\n\n"); goto exit; @@ -984,8 +979,7 @@ usage: mbedtls_printf(" . Writing the certificate..."); fflush(stdout); - if ((ret = write_certificate(&crt, opt.output_file, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + if ((ret = write_certificate(&crt, opt.output_file)) != 0) { mbedtls_strerror(ret, buf, sizeof(buf)); mbedtls_printf(" failed\n ! write_certificate -0x%04x - %s\n\n", (unsigned int) -ret, buf); diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 3c3bb6a54a..1ebd5a6fa7 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -652,8 +652,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, ret = mbedtls_pk_parse_key( cert->pkey, (const unsigned char *) mbedtls_test_srv_key_rsa_der, - mbedtls_test_srv_key_rsa_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); + mbedtls_test_srv_key_rsa_der_len, NULL, 0); TEST_ASSERT(ret == 0); } else { ret = mbedtls_x509_crt_parse( @@ -665,8 +664,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, ret = mbedtls_pk_parse_key( cert->pkey, (const unsigned char *) mbedtls_test_srv_key_ec_der, - mbedtls_test_srv_key_ec_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); + mbedtls_test_srv_key_ec_der_len, NULL, 0); TEST_ASSERT(ret == 0); } } else { @@ -680,8 +678,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, ret = mbedtls_pk_parse_key( cert->pkey, (const unsigned char *) mbedtls_test_cli_key_rsa_der, - mbedtls_test_cli_key_rsa_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); + mbedtls_test_cli_key_rsa_der_len, NULL, 0); TEST_ASSERT(ret == 0); } else { ret = mbedtls_x509_crt_parse( @@ -693,8 +690,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, ret = mbedtls_pk_parse_key( cert->pkey, (const unsigned char *) mbedtls_test_cli_key_ec_der, - mbedtls_test_cli_key_ec_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); + mbedtls_test_cli_key_ec_der_len, NULL, 0); TEST_ASSERT(ret == 0); } } diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index d1df9e3912..376cd12337 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -23,13 +23,18 @@ static int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, NULL, NULL, olen, input, output, output_max_len); } + static int mbedtls_rsa_sign_func(void *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig) { - return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx, f_rng, p_rng, - md_alg, hashlen, hash, sig); + return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + md_alg, + hashlen, + hash, + sig); } static size_t mbedtls_rsa_key_len_func(void *ctx) { @@ -210,8 +215,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, mbedtls_pk_init(&key); MD_OR_USE_PSA_INIT(); - TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL, - mbedtls_test_rnd_std_rand, NULL) == 0); + TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL) == 0); mbedtls_x509write_csr_set_md_alg(&req, md_type); mbedtls_x509write_csr_set_key(&req, &key); @@ -229,8 +233,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, TEST_ASSERT(mbedtls_x509write_csr_set_subject_alternative_name(&req, san_list) == 0); } - ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf), - mbedtls_test_rnd_pseudo_rand, &rnd_info); + ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf)); TEST_ASSERT(ret == 0); pem_len = strlen((char *) buf); @@ -254,9 +257,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0); #endif /* MBEDTLS_USE_PSA_CRYPTO */ - der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf), - mbedtls_test_rnd_pseudo_rand, - &rnd_info); + der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf)); TEST_ASSERT(der_len >= 0); if (der_len == 0) { @@ -271,8 +272,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, #else der_len -= 1; #endif - ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len), - mbedtls_test_rnd_pseudo_rand, &rnd_info); + ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len)); TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); exit: @@ -306,8 +306,7 @@ void x509_csr_check_opaque(char *key_file, int md_type, int key_usage, memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info)); - TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL, - mbedtls_test_rnd_std_rand, NULL) == 0); + TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL) == 0); /* Turn the PK context into an opaque one. */ TEST_EQUAL(mbedtls_pk_get_psa_attributes(&key, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0); @@ -326,8 +325,7 @@ void x509_csr_check_opaque(char *key_file, int md_type, int key_usage, TEST_ASSERT(mbedtls_x509write_csr_set_ns_cert_type(&req, cert_type) == 0); } - ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf) - 1, - mbedtls_test_rnd_pseudo_rand, &rnd_info); + ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf) - 1); TEST_ASSERT(ret == 0); @@ -431,10 +429,10 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, MD_OR_USE_PSA_INIT(); TEST_ASSERT(mbedtls_pk_parse_keyfile(&subject_key, subject_key_file, - subject_pwd, mbedtls_test_rnd_std_rand, NULL) == 0); + subject_pwd) == 0); TEST_ASSERT(mbedtls_pk_parse_keyfile(&issuer_key, issuer_key_file, - issuer_pwd, mbedtls_test_rnd_std_rand, NULL) == 0); + issuer_pwd) == 0); issuer_key_type = mbedtls_pk_get_type(&issuer_key); @@ -522,8 +520,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, if (set_subjectAltNames) { TEST_ASSERT(mbedtls_x509write_crt_set_subject_alternative_name(&crt, san_list) == 0); } - ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf), - mbedtls_test_rnd_pseudo_rand, &rnd_info); + ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf)); TEST_ASSERT(ret == 0); pem_len = strlen((char *) buf); @@ -565,9 +562,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0); } - der_len = mbedtls_x509write_crt_der(&crt, buf, sizeof(buf), - mbedtls_test_rnd_pseudo_rand, - &rnd_info); + der_len = mbedtls_x509write_crt_der(&crt, buf, sizeof(buf)); TEST_ASSERT(der_len >= 0); if (der_len == 0) { @@ -625,8 +620,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, #endif der_len -= 1; - ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len), - mbedtls_test_rnd_pseudo_rand, &rnd_info); + ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len)); TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); exit: