commit 0cfe54e4e07736a00e4f4810130bf994d1739552
author Ben Taylor <ben.taylor@linaro.org> Wed Mar 05 15:49:08 2025 +0000
committer Ben Taylor <ben.taylor@linaro.org> Mon Mar 10 13:24:31 2025 +0000
tree 471ce68ca970b58dc56ec567bedbaaae4c0d9bc2
parent 2d1f26037f586cf727fb3b334e123e765f21cf0f

remove RNG parameters from SSL API's

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>

library/ssl_cookie.c

diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 01b90e1..11811ee 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -81,16 +81,12 @@
     mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ssl_cookie_ctx));
 }
 
-int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx,
-                             int (*f_rng)(void *, unsigned char *, size_t),
-                             void *p_rng)
+int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx)
 {
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_algorithm_t alg;
 
-    (void) f_rng;
-    (void) p_rng;
 
     alg = mbedtls_md_psa_alg_from_type(COOKIE_MD);
     if (alg == 0) {

library/ssl_ticket.c

diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index 8653e2d..c10d36f 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -75,11 +75,15 @@
      */
     key->lifetime = ctx->ticket_lifetime;
 
-    if ((ret = ctx->f_rng(ctx->p_rng, key->name, sizeof(key->name))) != 0) {
+    if ((ret = psa_crypto_init()) != 0) {
         return ret;
     }
 
-    if ((ret = ctx->f_rng(ctx->p_rng, buf, sizeof(buf))) != 0) {
+    if ((ret = psa_generate_random(key->name, sizeof(key->name))) != 0) {
+        return ret;
+    }
+
+    if ((ret = psa_generate_random(buf, sizeof(buf))) != 0) {
         return ret;
     }
 
@@ -185,7 +189,6 @@
  * Setup context for actual use
  */
 int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx,
-                             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
                              psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits,
                              uint32_t lifetime)
 {
@@ -199,9 +202,6 @@
         return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
-    ctx->f_rng = f_rng;
-    ctx->p_rng = p_rng;
-
     ctx->ticket_lifetime = lifetime;
 
     ctx->keys[0].alg = alg;
@@ -254,7 +254,7 @@
 
     *tlen = 0;
 
-    if (ctx == NULL || ctx->f_rng == NULL) {
+    if (ctx == NULL) {
         return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
@@ -278,7 +278,11 @@
 
     memcpy(key_name, key->name, TICKET_KEY_NAME_BYTES);
 
-    if ((ret = ctx->f_rng(ctx->p_rng, iv, TICKET_IV_BYTES)) != 0) {
+    if ((ret = psa_crypto_init()) != 0) {
+        goto cleanup;
+    }
+
+    if ((ret = psa_generate_random(iv, TICKET_IV_BYTES)) != 0) {
         goto cleanup;
     }
 
@@ -355,7 +359,7 @@
 
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    if (ctx == NULL || ctx->f_rng == NULL) {
+    if (ctx == NULL) {
         return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }