lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Remove RNG from x509 and PK

Browse Source 
remove the f_rng and p_rng parameter from x509 and PK.

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
This commit is contained in:
Ben Taylor
2025-03-05 09:40:08 +00:00
parent b90a16d589
commit 440cb2aac2
27 changed files with 83 additions and 161 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
include/mbedtls/x509_crt.h
View File

@ -1140,17 +1140,11 @@ void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx);
* \param ctx certificate to write away
* \param buf buffer to write to
* \param size size of the buffer
* \param f_rng RNG function. This must not be \c NULL.
* \param p_rng RNG parameter
*
* \return length of data written if successful, or a specific
* error code
*
* \note \p f_rng is used for the signature operation.
*/
int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size);
#if defined(MBEDTLS_PEM_WRITE_C)
/**
@ -1159,16 +1153,11 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, s
* \param ctx certificate to write away
* \param buf buffer to write to
* \param size size of the buffer
* \param f_rng RNG function. This must not be \c NULL.
* \param p_rng RNG parameter
*
* \return 0 if successful, or a specific error code
*
* \note \p f_rng is used for the signature operation.
*/
int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size);
#endif /* MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_X509_CRT_WRITE_C */

14
include/mbedtls/x509_csr.h
View File

@ -337,17 +337,12 @@ void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx);
* \param ctx CSR to write away
* \param buf buffer to write to
* \param size size of the buffer
* \param f_rng RNG function. This must not be \c NULL.
* \param p_rng RNG parameter
*
* \return length of data written if successful, or a specific
* error code
*
* \note \p f_rng is used for the signature operation.
*/
int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size);
#if defined(MBEDTLS_PEM_WRITE_C)
/**
@ -357,16 +352,11 @@ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, si
* \param ctx CSR to write away
* \param buf buffer to write to
* \param size size of the buffer
* \param f_rng RNG function. This must not be \c NULL.
* \param p_rng RNG parameter
*
* \return 0 if successful, or a specific error code
*
* \note \p f_rng is used for the signature operation.
*/
int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size);
#endif /* MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_X509_CSR_WRITE_C */

2
library/ssl_tls12_client.c
View File

@ -2827,7 +2827,7 @@ sign:
ssl->out_msg + 6 + offset,
out_buf_len - 6 - offset,
&n,
ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx)) != 0) {
rs_ctx)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret);
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {

4
library/ssl_tls12_server.c
View File

@ -3035,9 +3035,7 @@ curve_matching_done:
md_alg, hash, hashlen,
ssl->out_msg + ssl->out_msglen + 2,
out_buf_len - ssl->out_msglen - 2,
signature_len,
ssl->conf->f_rng,
ssl->conf->p_rng)) != 0) {
signature_len)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret);
return ret;
}

3
library/ssl_tls13_generic.c
View File

@ -978,8 +978,7 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl,
if ((ret = mbedtls_pk_sign_ext(pk_type, own_key,
md_alg, verify_hash, verify_hash_len,
p + 4, (size_t) (end - (p + 4)), &signature_len,
ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
p + 4, (size_t) (end - (p + 4)), &signature_len)) != 0) {
MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature failed with %s",
mbedtls_ssl_sig_alg_to_str(*sig_alg)));
MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_pk_sign_ext", ret);

14
library/x509write_crt.c
View File

@ -379,9 +379,7 @@ static int x509_write_time(unsigned char **p, unsigned char *start,
}
int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
unsigned char *buf, size_t size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const char *sig_oid;
@ -571,8 +569,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg,
hash, hash_length, sig, sizeof(sig), &sig_len,
f_rng, p_rng)) != 0) {
hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) {
return ret;
}
@ -614,15 +611,12 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
#if defined(MBEDTLS_PEM_WRITE_C)
int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *crt,
unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
unsigned char *buf, size_t size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen;
if ((ret = mbedtls_x509write_crt_der(crt, buf, size,
f_rng, p_rng)) < 0) {
if ((ret = mbedtls_x509write_crt_der(crt, buf, size)) < 0) {
return ret;
}

21
library/x509write_csr.c
View File

@ -131,9 +131,7 @@ int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx,
static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
unsigned char *buf,
size_t size,
unsigned char *sig, size_t sig_size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
unsigned char *sig, size_t sig_size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const char *sig_oid;
@ -218,8 +216,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
}
if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0,
sig, sig_size, &sig_len,
f_rng, p_rng)) != 0) {
sig, sig_size, &sig_len)) != 0) {
return ret;
}
@ -274,9 +271,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
}
int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf,
size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
size_t size)
{
int ret;
unsigned char *sig;
@ -286,8 +281,7 @@ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf,
}
ret = x509write_csr_der_internal(ctx, buf, size,
sig, MBEDTLS_PK_SIGNATURE_MAX_SIZE,
f_rng, p_rng);
sig, MBEDTLS_PK_SIGNATURE_MAX_SIZE);
mbedtls_free(sig);
@ -298,15 +292,12 @@ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf,
#define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n"
#if defined(MBEDTLS_PEM_WRITE_C)
int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen = 0;
if ((ret = mbedtls_x509write_csr_der(ctx, buf, size,
f_rng, p_rng)) < 0) {
if ((ret = mbedtls_x509write_csr_der(ctx, buf, size)) < 0) {
return ret;
}

3
programs/fuzz/fuzz_dtlsserver.c
View File

@ -82,8 +82,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
return 1;
}
if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0,
dummy_random, &ctr_drbg) != 0) {
mbedtls_test_srv_key_len, NULL, 0) != 0) {
return 1;
}
#endif

3
programs/fuzz/fuzz_privkey.c
View File

@ -44,8 +44,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
goto exit;
}
ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0,
dummy_random, &ctr_drbg);
ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0);
if (ret == 0) {
#if defined(MBEDTLS_RSA_C)
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {

3
programs/fuzz/fuzz_server.c
View File

@ -91,8 +91,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
return 1;
}
if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0,
dummy_random, &ctr_drbg) != 0) {
mbedtls_test_srv_key_len, NULL, 0) != 0) {
return 1;
}
#endif

3
programs/pkey/key_app.c
View File

@ -248,8 +248,7 @@ usage:
goto cleanup;
}
ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password,
mbedtls_ctr_drbg_random, &ctr_drbg);
ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n",

3
programs/pkey/key_app_writer.c
View File

@ -363,8 +363,7 @@ usage:
goto exit;
}
ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL,
mbedtls_ctr_drbg_random, &ctr_drbg);
ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x",
(unsigned int) -ret);

6
programs/pkey/pk_decrypt.c
View File

@ -89,8 +89,7 @@ int main(int argc, char *argv[])
mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
fflush(stdout);
if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
@ -119,8 +118,7 @@ int main(int argc, char *argv[])
mbedtls_printf("\n . Decrypting the encrypted data");
fflush(stdout);
if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result),
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_decrypt returned -0x%04x\n",
(unsigned int) -ret);
goto exit;

3
programs/pkey/pk_encrypt.c
View File

@ -105,8 +105,7 @@ int main(int argc, char *argv[])
fflush(stdout);
if ((ret = mbedtls_pk_encrypt(&pk, input, strlen(argv[2]),
buf, &olen, sizeof(buf),
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
buf, &olen, sizeof(buf))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_encrypt returned -0x%04x\n",
(unsigned int) -ret);
goto exit;

6
programs/pkey/pk_sign.c
View File

@ -85,8 +85,7 @@ int main(int argc, char *argv[])
mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
fflush(stdout);
if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
mbedtls_printf(" failed\n ! Could not parse '%s'\n", argv[1]);
goto exit;
}
@ -106,8 +105,7 @@ int main(int argc, char *argv[])
}
if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
buf, sizeof(buf), &olen,
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
buf, sizeof(buf), &olen)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret);
goto exit;
}

6
programs/pkey/rsa_sign_pss.c
View File

@ -86,8 +86,7 @@ int main(int argc, char *argv[])
mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
fflush(stdout);
if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]);
mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret);
goto exit;
@ -120,8 +119,7 @@ int main(int argc, char *argv[])
}
if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
buf, sizeof(buf), &olen,
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
buf, sizeof(buf), &olen)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_sign returned %d\n\n", ret);
goto exit;
}

4
programs/ssl/dtls_server.c
View File

@ -165,9 +165,7 @@ int main(void)
(const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len,
NULL,
0,
mbedtls_ctr_drbg_random,
&ctr_drbg);
0);
if (ret != 0) {
printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;

4
programs/ssl/ssl_client2.c
View File

@ -1736,12 +1736,12 @@ usage:
} else
#if defined(MBEDTLS_FS_IO)
if (strlen(opt.key_file)) {
ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd, rng_get, &rng);
ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd);
} else
#endif
{ ret = mbedtls_pk_parse_key(&pkey,
(const unsigned char *) mbedtls_test_cli_key,
mbedtls_test_cli_key_len, NULL, 0, rng_get, &rng); }
mbedtls_test_cli_key_len, NULL, 0); }
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
(unsigned int) -ret);

3
programs/ssl/ssl_fork_server.c
View File

@ -138,8 +138,7 @@ int main(void)
}
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0,
mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_test_srv_key_len, NULL, 0);
if (ret != 0) {
mbedtls_printf(" failed! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;

7
programs/ssl/ssl_mail_client.c
View File

@ -514,8 +514,7 @@ usage:
#if defined(MBEDTLS_FS_IO)
if (strlen(opt.key_file)) {
ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, "",
mbedtls_ctr_drbg_random, &ctr_drbg);
ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, "");
} else
#endif
#if defined(MBEDTLS_PEM_PARSE_C)
@ -524,9 +523,7 @@ usage:
(const unsigned char *) mbedtls_test_cli_key,
mbedtls_test_cli_key_len,
NULL,
0,
mbedtls_ctr_drbg_random,
&ctr_drbg);
0);
}
#else
{

3
programs/ssl/ssl_pthread_server.c
View File

@ -379,8 +379,7 @@ int main(void)
mbedtls_pk_init(&pkey);
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0,
mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_test_srv_key_len, NULL, 0);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;

3
programs/ssl/ssl_server.c
View File

@ -144,8 +144,7 @@ int main(void)
}
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0,
mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_test_srv_key_len, NULL, 0);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;

23
programs/ssl/ssl_server2.c
View File

@ -824,7 +824,7 @@ static sni_entry *sni_parse(char *sni_string)
mbedtls_pk_init(new->key);
if (mbedtls_x509_crt_parse_file(new->cert, crt_file) != 0 ||
mbedtls_pk_parse_keyfile(new->key, key_file, "", rng_get, &rng) != 0) {
mbedtls_pk_parse_keyfile(new->key, key_file, "") != 0) {
goto error;
}
@ -1175,8 +1175,7 @@ static int ssl_async_start(mbedtls_ssl_context *ssl,
* public key. */
for (slot = 0; slot < config_data->slots_used; slot++) {
if (mbedtls_pk_check_pair(&cert->pk,
config_data->slots[slot].pk,
rng_get, &rng) == 0) {
config_data->slots[slot].pk) == 0) {
break;
}
}
@ -1247,12 +1246,16 @@ static int ssl_async_resume(mbedtls_ssl_context *ssl,
}
switch (ctx->operation_type) {
case ASYNC_OP_DECRYPT:
ret = mbedtls_pk_decrypt(key_slot->pk,
ctx->input, ctx->input_len,
output, output_len, output_size);
break;
case ASYNC_OP_SIGN:
ret = mbedtls_pk_sign(key_slot->pk,
ctx->md_alg,
ctx->input, ctx->input_len,
output, output_size, output_len,
config_data->f_rng, config_data->p_rng);
output, output_size, output_len);
break;
default:
mbedtls_printf(
@ -2637,7 +2640,7 @@ usage:
if (strlen(opt.key_file) && strcmp(opt.key_file, "none") != 0) {
key_cert_init++;
if ((ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file,
opt.key_pwd, rng_get, &rng)) != 0) {
opt.key_pwd)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n",
(unsigned int) -ret);
goto exit;
@ -2659,7 +2662,7 @@ usage:
if (strlen(opt.key_file2) && strcmp(opt.key_file2, "none") != 0) {
key_cert_init2++;
if ((ret = mbedtls_pk_parse_keyfile(&pkey2, opt.key_file2,
opt.key_pwd2, rng_get, &rng)) != 0) {
opt.key_pwd2)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n",
(unsigned int) -ret);
goto exit;
@ -2686,8 +2689,7 @@ usage:
}
if ((ret = mbedtls_pk_parse_key(&pkey,
(const unsigned char *) mbedtls_test_srv_key_rsa,
mbedtls_test_srv_key_rsa_len, NULL, 0,
rng_get, &rng)) != 0) {
mbedtls_test_srv_key_rsa_len, NULL, 0)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
(unsigned int) -ret);
goto exit;
@ -2704,8 +2706,7 @@ usage:
}
if ((ret = mbedtls_pk_parse_key(&pkey2,
(const unsigned char *) mbedtls_test_srv_key_ec,
mbedtls_test_srv_key_ec_len, NULL, 0,
rng_get, &rng)) != 0) {
mbedtls_test_srv_key_ec_len, NULL, 0)) != 0) {
mbedtls_printf(" failed\n ! pk_parse_key2 returned -0x%x\n\n",
(unsigned int) -ret);
goto exit;

12
programs/x509/cert_req.c
View File

@ -109,9 +109,7 @@ struct options {
mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */
} opt;
static int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
static int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file)
{
int ret;
FILE *f;
@ -119,7 +117,7 @@ static int write_certificate_request(mbedtls_x509write_csr *req, const char *out
size_t len = 0;
memset(output_buf, 0, 4096);
if ((ret = mbedtls_x509write_csr_pem(req, output_buf, 4096, f_rng, p_rng)) < 0) {
if ((ret = mbedtls_x509write_csr_pem(req, output_buf, 4096)) < 0) {
return ret;
}
@ -454,8 +452,7 @@ usage:
mbedtls_printf(" . Loading the private key ...");
fflush(stdout);
ret = mbedtls_pk_parse_keyfile(&key, opt.filename, opt.password,
mbedtls_ctr_drbg_random, &ctr_drbg);
ret = mbedtls_pk_parse_keyfile(&key, opt.filename, opt.password);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned %d", ret);
@ -472,8 +469,7 @@ usage:
mbedtls_printf(" . Writing the certificate request ...");
fflush(stdout);
if ((ret = write_certificate_request(&req, opt.output_file,
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
if ((ret = write_certificate_request(&req, opt.output_file)) != 0) {
mbedtls_printf(" failed\n ! write_certificate_request %d", ret);
goto exit;
}

20
programs/x509/cert_write.c
View File

@ -206,9 +206,7 @@ struct options {
int format; /* format */
} opt;
static int write_certificate(mbedtls_x509write_cert *crt, const char *output_file,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
static int write_certificate(mbedtls_x509write_cert *crt, const char *output_file)
{
int ret;
FILE *f;
@ -218,8 +216,7 @@ static int write_certificate(mbedtls_x509write_cert *crt, const char *output_fil
memset(output_buf, 0, 4096);
if (opt.format == FORMAT_DER) {
ret = mbedtls_x509write_crt_der(crt, output_buf, 4096,
f_rng, p_rng);
ret = mbedtls_x509write_crt_der(crt, output_buf, 4096);
if (ret < 0) {
return ret;
}
@ -227,8 +224,7 @@ static int write_certificate(mbedtls_x509write_cert *crt, const char *output_fil
len = ret;
output_start = output_buf + 4096 - len;
} else {
ret = mbedtls_x509write_crt_pem(crt, output_buf, 4096,
f_rng, p_rng);
ret = mbedtls_x509write_crt_pem(crt, output_buf, 4096);
if (ret < 0) {
return ret;
}
@ -780,7 +776,7 @@ usage:
fflush(stdout);
ret = mbedtls_pk_parse_keyfile(&loaded_subject_key, opt.subject_key,
opt.subject_pwd, mbedtls_ctr_drbg_random, &ctr_drbg);
opt.subject_pwd);
if (ret != 0) {
mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile "
@ -795,7 +791,7 @@ usage:
fflush(stdout);
ret = mbedtls_pk_parse_keyfile(&loaded_issuer_key, opt.issuer_key,
opt.issuer_pwd, mbedtls_ctr_drbg_random, &ctr_drbg);
opt.issuer_pwd);
if (ret != 0) {
mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile "
@ -806,8 +802,7 @@ usage:
// Check if key and issuer certificate match
//
if (strlen(opt.issuer_crt)) {
if (mbedtls_pk_check_pair(&issuer_crt.pk, issuer_key,
mbedtls_ctr_drbg_random, &ctr_drbg) != 0) {
if (mbedtls_pk_check_pair(&issuer_crt.pk, issuer_key) != 0) {
mbedtls_printf(" failed\n ! issuer_key does not match "
"issuer certificate\n\n");
goto exit;
@ -984,8 +979,7 @@ usage:
mbedtls_printf(" . Writing the certificate...");
fflush(stdout);
if ((ret = write_certificate(&crt, opt.output_file,
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
if ((ret = write_certificate(&crt, opt.output_file)) != 0) {
mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(" failed\n ! write_certificate -0x%04x - %s\n\n",
(unsigned int) -ret, buf);

12
tests/src/test_helpers/ssl_helpers.c
View File

@ -652,8 +652,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
ret = mbedtls_pk_parse_key(
cert->pkey,
(const unsigned char *) mbedtls_test_srv_key_rsa_der,
mbedtls_test_srv_key_rsa_der_len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL);
mbedtls_test_srv_key_rsa_der_len, NULL, 0);
TEST_ASSERT(ret == 0);
} else {
ret = mbedtls_x509_crt_parse(
@ -665,8 +664,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
ret = mbedtls_pk_parse_key(
cert->pkey,
(const unsigned char *) mbedtls_test_srv_key_ec_der,
mbedtls_test_srv_key_ec_der_len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL);
mbedtls_test_srv_key_ec_der_len, NULL, 0);
TEST_ASSERT(ret == 0);
}
} else {
@ -680,8 +678,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
ret = mbedtls_pk_parse_key(
cert->pkey,
(const unsigned char *) mbedtls_test_cli_key_rsa_der,
mbedtls_test_cli_key_rsa_der_len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL);
mbedtls_test_cli_key_rsa_der_len, NULL, 0);
TEST_ASSERT(ret == 0);
} else {
ret = mbedtls_x509_crt_parse(
@ -693,8 +690,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
ret = mbedtls_pk_parse_key(
cert->pkey,
(const unsigned char *) mbedtls_test_cli_key_ec_der,
mbedtls_test_cli_key_ec_der_len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL);
mbedtls_test_cli_key_ec_der_len, NULL, 0);
TEST_ASSERT(ret == 0);
}
}

44
tests/suites/test_suite_x509write.function
View File

@ -23,13 +23,18 @@ static int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen,
return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, NULL, NULL,
olen, input, output, output_max_len);
}
static int mbedtls_rsa_sign_func(void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig)
{
return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx, f_rng, p_rng,
md_alg, hashlen, hash, sig);
return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx,
mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE,
md_alg,
hashlen,
hash,
sig);
}
static size_t mbedtls_rsa_key_len_func(void *ctx)
{
@ -210,8 +215,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type,
mbedtls_pk_init(&key);
MD_OR_USE_PSA_INIT();
TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL,
mbedtls_test_rnd_std_rand, NULL) == 0);
TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL) == 0);
mbedtls_x509write_csr_set_md_alg(&req, md_type);
mbedtls_x509write_csr_set_key(&req, &key);
@ -229,8 +233,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type,
TEST_ASSERT(mbedtls_x509write_csr_set_subject_alternative_name(&req, san_list) == 0);
}
ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf),
mbedtls_test_rnd_pseudo_rand, &rnd_info);
ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf));
TEST_ASSERT(ret == 0);
pem_len = strlen((char *) buf);
@ -254,9 +257,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type,
TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf),
mbedtls_test_rnd_pseudo_rand,
&rnd_info);
der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf));
TEST_ASSERT(der_len >= 0);
if (der_len == 0) {
@ -271,8 +272,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type,
#else
der_len -= 1;
#endif
ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len),
mbedtls_test_rnd_pseudo_rand, &rnd_info);
ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len));
TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
exit:
@ -306,8 +306,7 @@ void x509_csr_check_opaque(char *key_file, int md_type, int key_usage,
memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL,
mbedtls_test_rnd_std_rand, NULL) == 0);
TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL) == 0);
/* Turn the PK context into an opaque one. */
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&key, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0);
@ -326,8 +325,7 @@ void x509_csr_check_opaque(char *key_file, int md_type, int key_usage,
TEST_ASSERT(mbedtls_x509write_csr_set_ns_cert_type(&req, cert_type) == 0);
}
ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf) - 1,
mbedtls_test_rnd_pseudo_rand, &rnd_info);
ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf) - 1);
TEST_ASSERT(ret == 0);
@ -431,10 +429,10 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
MD_OR_USE_PSA_INIT();
TEST_ASSERT(mbedtls_pk_parse_keyfile(&subject_key, subject_key_file,
subject_pwd, mbedtls_test_rnd_std_rand, NULL) == 0);
subject_pwd) == 0);
TEST_ASSERT(mbedtls_pk_parse_keyfile(&issuer_key, issuer_key_file,
issuer_pwd, mbedtls_test_rnd_std_rand, NULL) == 0);
issuer_pwd) == 0);
issuer_key_type = mbedtls_pk_get_type(&issuer_key);
@ -522,8 +520,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
if (set_subjectAltNames) {
TEST_ASSERT(mbedtls_x509write_crt_set_subject_alternative_name(&crt, san_list) == 0);
}
ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf),
mbedtls_test_rnd_pseudo_rand, &rnd_info);
ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf));
TEST_ASSERT(ret == 0);
pem_len = strlen((char *) buf);
@ -565,9 +562,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0);
}
der_len = mbedtls_x509write_crt_der(&crt, buf, sizeof(buf),
mbedtls_test_rnd_pseudo_rand,
&rnd_info);
der_len = mbedtls_x509write_crt_der(&crt, buf, sizeof(buf));
TEST_ASSERT(der_len >= 0);
if (der_len == 0) {
@ -625,8 +620,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
#endif
der_len -= 1;
ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len),
mbedtls_test_rnd_pseudo_rand, &rnd_info);
ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len));
TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
exit: