Remove RNG from x509 and PK
remove the f_rng and p_rng parameter from x509 and PK.
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 5943cfc..9817d35 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -1140,17 +1140,11 @@
* \param ctx certificate to write away
* \param buf buffer to write to
* \param size size of the buffer
- * \param f_rng RNG function. This must not be \c NULL.
- * \param p_rng RNG parameter
*
* \return length of data written if successful, or a specific
* error code
- *
- * \note \p f_rng is used for the signature operation.
*/
-int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng);
+int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size);
#if defined(MBEDTLS_PEM_WRITE_C)
/**
@@ -1159,16 +1153,11 @@
* \param ctx certificate to write away
* \param buf buffer to write to
* \param size size of the buffer
- * \param f_rng RNG function. This must not be \c NULL.
- * \param p_rng RNG parameter
*
* \return 0 if successful, or a specific error code
*
- * \note \p f_rng is used for the signature operation.
*/
-int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng);
+int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size);
#endif /* MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_X509_CRT_WRITE_C */
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index 08e585f..f9eb04d 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -337,17 +337,12 @@
* \param ctx CSR to write away
* \param buf buffer to write to
* \param size size of the buffer
- * \param f_rng RNG function. This must not be \c NULL.
- * \param p_rng RNG parameter
*
* \return length of data written if successful, or a specific
* error code
*
- * \note \p f_rng is used for the signature operation.
*/
-int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng);
+int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size);
#if defined(MBEDTLS_PEM_WRITE_C)
/**
@@ -357,16 +352,11 @@
* \param ctx CSR to write away
* \param buf buffer to write to
* \param size size of the buffer
- * \param f_rng RNG function. This must not be \c NULL.
- * \param p_rng RNG parameter
*
* \return 0 if successful, or a specific error code
*
- * \note \p f_rng is used for the signature operation.
*/
-int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng);
+int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size);
#endif /* MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_X509_CSR_WRITE_C */
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index c06844d..e0743e1 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -2827,7 +2827,7 @@
ssl->out_msg + 6 + offset,
out_buf_len - 6 - offset,
&n,
- ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx)) != 0) {
+ rs_ctx)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret);
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index fb88cf2..84d5994 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -3035,9 +3035,7 @@
md_alg, hash, hashlen,
ssl->out_msg + ssl->out_msglen + 2,
out_buf_len - ssl->out_msglen - 2,
- signature_len,
- ssl->conf->f_rng,
- ssl->conf->p_rng)) != 0) {
+ signature_len)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret);
return ret;
}
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 1076dea..deba2ae 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -978,8 +978,7 @@
if ((ret = mbedtls_pk_sign_ext(pk_type, own_key,
md_alg, verify_hash, verify_hash_len,
- p + 4, (size_t) (end - (p + 4)), &signature_len,
- ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+ p + 4, (size_t) (end - (p + 4)), &signature_len)) != 0) {
MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature failed with %s",
mbedtls_ssl_sig_alg_to_str(*sig_alg)));
MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_pk_sign_ext", ret);
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 8a47697..7d20748 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -379,9 +379,7 @@
}
int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
- unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+ unsigned char *buf, size_t size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const char *sig_oid;
@@ -571,8 +569,7 @@
if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg,
- hash, hash_length, sig, sizeof(sig), &sig_len,
- f_rng, p_rng)) != 0) {
+ hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) {
return ret;
}
@@ -614,15 +611,12 @@
#if defined(MBEDTLS_PEM_WRITE_C)
int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *crt,
- unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+ unsigned char *buf, size_t size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen;
- if ((ret = mbedtls_x509write_crt_der(crt, buf, size,
- f_rng, p_rng)) < 0) {
+ if ((ret = mbedtls_x509write_crt_der(crt, buf, size)) < 0) {
return ret;
}
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index dd75d8f..e65ddb0 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -131,9 +131,7 @@
static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
unsigned char *buf,
size_t size,
- unsigned char *sig, size_t sig_size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+ unsigned char *sig, size_t sig_size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const char *sig_oid;
@@ -218,8 +216,7 @@
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
}
if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0,
- sig, sig_size, &sig_len,
- f_rng, p_rng)) != 0) {
+ sig, sig_size, &sig_len)) != 0) {
return ret;
}
@@ -274,9 +271,7 @@
}
int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf,
- size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+ size_t size)
{
int ret;
unsigned char *sig;
@@ -286,8 +281,7 @@
}
ret = x509write_csr_der_internal(ctx, buf, size,
- sig, MBEDTLS_PK_SIGNATURE_MAX_SIZE,
- f_rng, p_rng);
+ sig, MBEDTLS_PK_SIGNATURE_MAX_SIZE);
mbedtls_free(sig);
@@ -298,15 +292,12 @@
#define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n"
#if defined(MBEDTLS_PEM_WRITE_C)
-int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen = 0;
- if ((ret = mbedtls_x509write_csr_der(ctx, buf, size,
- f_rng, p_rng)) < 0) {
+ if ((ret = mbedtls_x509write_csr_der(ctx, buf, size)) < 0) {
return ret;
}
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
index 404c4ad..740dea5 100644
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c
@@ -82,8 +82,7 @@
return 1;
}
if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0,
- dummy_random, &ctr_drbg) != 0) {
+ mbedtls_test_srv_key_len, NULL, 0) != 0) {
return 1;
}
#endif
diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c
index 1a5fbba..8055603 100644
--- a/programs/fuzz/fuzz_privkey.c
+++ b/programs/fuzz/fuzz_privkey.c
@@ -44,8 +44,7 @@
goto exit;
}
- ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0,
- dummy_random, &ctr_drbg);
+ ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0);
if (ret == 0) {
#if defined(MBEDTLS_RSA_C)
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index 64fe32d..857b1b6 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@@ -91,8 +91,7 @@
return 1;
}
if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0,
- dummy_random, &ctr_drbg) != 0) {
+ mbedtls_test_srv_key_len, NULL, 0) != 0) {
return 1;
}
#endif
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index b064078..2be5842 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -248,8 +248,7 @@
goto cleanup;
}
- ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password,
- mbedtls_ctr_drbg_random, &ctr_drbg);
+ ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n",
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index b9b477b..e36130b 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -363,8 +363,7 @@
goto exit;
}
- ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL,
- mbedtls_ctr_drbg_random, &ctr_drbg);
+ ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x",
(unsigned int) -ret);
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index a7b9001..d2bfde5 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -89,8 +89,7 @@
mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
fflush(stdout);
- if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
@@ -119,8 +118,7 @@
mbedtls_printf("\n . Decrypting the encrypted data");
fflush(stdout);
- if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result),
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_decrypt returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index 28a849b..1ab2a3d 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -105,8 +105,7 @@
fflush(stdout);
if ((ret = mbedtls_pk_encrypt(&pk, input, strlen(argv[2]),
- buf, &olen, sizeof(buf),
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ buf, &olen, sizeof(buf))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_encrypt returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index af52583..92d9660 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -85,8 +85,7 @@
mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
fflush(stdout);
- if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
mbedtls_printf(" failed\n ! Could not parse '%s'\n", argv[1]);
goto exit;
}
@@ -106,8 +105,7 @@
}
if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
- buf, sizeof(buf), &olen,
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ buf, sizeof(buf), &olen)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret);
goto exit;
}
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index e4f27f3..a5e06fb 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -86,8 +86,7 @@
mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
fflush(stdout);
- if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]);
mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret);
goto exit;
@@ -120,8 +119,7 @@
}
if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
- buf, sizeof(buf), &olen,
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ buf, sizeof(buf), &olen)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_sign returned %d\n\n", ret);
goto exit;
}
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index d1c2a8c..a10a6e6 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -165,9 +165,7 @@
(const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len,
NULL,
- 0,
- mbedtls_ctr_drbg_random,
- &ctr_drbg);
+ 0);
if (ret != 0) {
printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 6ed073e..e4efadc 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1736,12 +1736,12 @@
} else
#if defined(MBEDTLS_FS_IO)
if (strlen(opt.key_file)) {
- ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd, rng_get, &rng);
+ ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd);
} else
#endif
{ ret = mbedtls_pk_parse_key(&pkey,
(const unsigned char *) mbedtls_test_cli_key,
- mbedtls_test_cli_key_len, NULL, 0, rng_get, &rng); }
+ mbedtls_test_cli_key_len, NULL, 0); }
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
(unsigned int) -ret);
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index b959858..f1eb21f 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -138,8 +138,7 @@
}
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0,
- mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_test_srv_key_len, NULL, 0);
if (ret != 0) {
mbedtls_printf(" failed! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index d3354ca..69aefef 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -514,8 +514,7 @@
#if defined(MBEDTLS_FS_IO)
if (strlen(opt.key_file)) {
- ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, "",
- mbedtls_ctr_drbg_random, &ctr_drbg);
+ ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, "");
} else
#endif
#if defined(MBEDTLS_PEM_PARSE_C)
@@ -524,9 +523,7 @@
(const unsigned char *) mbedtls_test_cli_key,
mbedtls_test_cli_key_len,
NULL,
- 0,
- mbedtls_ctr_drbg_random,
- &ctr_drbg);
+ 0);
}
#else
{
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index a1c583a..1214eb8 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -379,8 +379,7 @@
mbedtls_pk_init(&pkey);
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0,
- mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_test_srv_key_len, NULL, 0);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 4b101d3..0f27b82 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -144,8 +144,7 @@
}
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0,
- mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_test_srv_key_len, NULL, 0);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 8a0e18a..556e906 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -824,7 +824,7 @@
mbedtls_pk_init(new->key);
if (mbedtls_x509_crt_parse_file(new->cert, crt_file) != 0 ||
- mbedtls_pk_parse_keyfile(new->key, key_file, "", rng_get, &rng) != 0) {
+ mbedtls_pk_parse_keyfile(new->key, key_file, "") != 0) {
goto error;
}
@@ -1175,8 +1175,7 @@
* public key. */
for (slot = 0; slot < config_data->slots_used; slot++) {
if (mbedtls_pk_check_pair(&cert->pk,
- config_data->slots[slot].pk,
- rng_get, &rng) == 0) {
+ config_data->slots[slot].pk) == 0) {
break;
}
}
@@ -1247,12 +1246,16 @@
}
switch (ctx->operation_type) {
+ case ASYNC_OP_DECRYPT:
+ ret = mbedtls_pk_decrypt(key_slot->pk,
+ ctx->input, ctx->input_len,
+ output, output_len, output_size);
+ break;
case ASYNC_OP_SIGN:
ret = mbedtls_pk_sign(key_slot->pk,
ctx->md_alg,
ctx->input, ctx->input_len,
- output, output_size, output_len,
- config_data->f_rng, config_data->p_rng);
+ output, output_size, output_len);
break;
default:
mbedtls_printf(
@@ -2637,7 +2640,7 @@
if (strlen(opt.key_file) && strcmp(opt.key_file, "none") != 0) {
key_cert_init++;
if ((ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file,
- opt.key_pwd, rng_get, &rng)) != 0) {
+ opt.key_pwd)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n",
(unsigned int) -ret);
goto exit;
@@ -2659,7 +2662,7 @@
if (strlen(opt.key_file2) && strcmp(opt.key_file2, "none") != 0) {
key_cert_init2++;
if ((ret = mbedtls_pk_parse_keyfile(&pkey2, opt.key_file2,
- opt.key_pwd2, rng_get, &rng)) != 0) {
+ opt.key_pwd2)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n",
(unsigned int) -ret);
goto exit;
@@ -2686,8 +2689,7 @@
}
if ((ret = mbedtls_pk_parse_key(&pkey,
(const unsigned char *) mbedtls_test_srv_key_rsa,
- mbedtls_test_srv_key_rsa_len, NULL, 0,
- rng_get, &rng)) != 0) {
+ mbedtls_test_srv_key_rsa_len, NULL, 0)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
(unsigned int) -ret);
goto exit;
@@ -2704,8 +2706,7 @@
}
if ((ret = mbedtls_pk_parse_key(&pkey2,
(const unsigned char *) mbedtls_test_srv_key_ec,
- mbedtls_test_srv_key_ec_len, NULL, 0,
- rng_get, &rng)) != 0) {
+ mbedtls_test_srv_key_ec_len, NULL, 0)) != 0) {
mbedtls_printf(" failed\n ! pk_parse_key2 returned -0x%x\n\n",
(unsigned int) -ret);
goto exit;
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 1be335c..f09e938 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -109,9 +109,7 @@
mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */
} opt;
-static int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+static int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file)
{
int ret;
FILE *f;
@@ -119,7 +117,7 @@
size_t len = 0;
memset(output_buf, 0, 4096);
- if ((ret = mbedtls_x509write_csr_pem(req, output_buf, 4096, f_rng, p_rng)) < 0) {
+ if ((ret = mbedtls_x509write_csr_pem(req, output_buf, 4096)) < 0) {
return ret;
}
@@ -454,8 +452,7 @@
mbedtls_printf(" . Loading the private key ...");
fflush(stdout);
- ret = mbedtls_pk_parse_keyfile(&key, opt.filename, opt.password,
- mbedtls_ctr_drbg_random, &ctr_drbg);
+ ret = mbedtls_pk_parse_keyfile(&key, opt.filename, opt.password);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned %d", ret);
@@ -472,8 +469,7 @@
mbedtls_printf(" . Writing the certificate request ...");
fflush(stdout);
- if ((ret = write_certificate_request(&req, opt.output_file,
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ if ((ret = write_certificate_request(&req, opt.output_file)) != 0) {
mbedtls_printf(" failed\n ! write_certificate_request %d", ret);
goto exit;
}
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 5993f24..9776dc1 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -206,9 +206,7 @@
int format; /* format */
} opt;
-static int write_certificate(mbedtls_x509write_cert *crt, const char *output_file,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+static int write_certificate(mbedtls_x509write_cert *crt, const char *output_file)
{
int ret;
FILE *f;
@@ -218,8 +216,7 @@
memset(output_buf, 0, 4096);
if (opt.format == FORMAT_DER) {
- ret = mbedtls_x509write_crt_der(crt, output_buf, 4096,
- f_rng, p_rng);
+ ret = mbedtls_x509write_crt_der(crt, output_buf, 4096);
if (ret < 0) {
return ret;
}
@@ -227,8 +224,7 @@
len = ret;
output_start = output_buf + 4096 - len;
} else {
- ret = mbedtls_x509write_crt_pem(crt, output_buf, 4096,
- f_rng, p_rng);
+ ret = mbedtls_x509write_crt_pem(crt, output_buf, 4096);
if (ret < 0) {
return ret;
}
@@ -780,7 +776,7 @@
fflush(stdout);
ret = mbedtls_pk_parse_keyfile(&loaded_subject_key, opt.subject_key,
- opt.subject_pwd, mbedtls_ctr_drbg_random, &ctr_drbg);
+ opt.subject_pwd);
if (ret != 0) {
mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile "
@@ -795,7 +791,7 @@
fflush(stdout);
ret = mbedtls_pk_parse_keyfile(&loaded_issuer_key, opt.issuer_key,
- opt.issuer_pwd, mbedtls_ctr_drbg_random, &ctr_drbg);
+ opt.issuer_pwd);
if (ret != 0) {
mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile "
@@ -806,8 +802,7 @@
// Check if key and issuer certificate match
//
if (strlen(opt.issuer_crt)) {
- if (mbedtls_pk_check_pair(&issuer_crt.pk, issuer_key,
- mbedtls_ctr_drbg_random, &ctr_drbg) != 0) {
+ if (mbedtls_pk_check_pair(&issuer_crt.pk, issuer_key) != 0) {
mbedtls_printf(" failed\n ! issuer_key does not match "
"issuer certificate\n\n");
goto exit;
@@ -984,8 +979,7 @@
mbedtls_printf(" . Writing the certificate...");
fflush(stdout);
- if ((ret = write_certificate(&crt, opt.output_file,
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ if ((ret = write_certificate(&crt, opt.output_file)) != 0) {
mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(" failed\n ! write_certificate -0x%04x - %s\n\n",
(unsigned int) -ret, buf);
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index 3c3bb6a..1ebd5a6 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -652,8 +652,7 @@
ret = mbedtls_pk_parse_key(
cert->pkey,
(const unsigned char *) mbedtls_test_srv_key_rsa_der,
- mbedtls_test_srv_key_rsa_der_len, NULL, 0,
- mbedtls_test_rnd_std_rand, NULL);
+ mbedtls_test_srv_key_rsa_der_len, NULL, 0);
TEST_ASSERT(ret == 0);
} else {
ret = mbedtls_x509_crt_parse(
@@ -665,8 +664,7 @@
ret = mbedtls_pk_parse_key(
cert->pkey,
(const unsigned char *) mbedtls_test_srv_key_ec_der,
- mbedtls_test_srv_key_ec_der_len, NULL, 0,
- mbedtls_test_rnd_std_rand, NULL);
+ mbedtls_test_srv_key_ec_der_len, NULL, 0);
TEST_ASSERT(ret == 0);
}
} else {
@@ -680,8 +678,7 @@
ret = mbedtls_pk_parse_key(
cert->pkey,
(const unsigned char *) mbedtls_test_cli_key_rsa_der,
- mbedtls_test_cli_key_rsa_der_len, NULL, 0,
- mbedtls_test_rnd_std_rand, NULL);
+ mbedtls_test_cli_key_rsa_der_len, NULL, 0);
TEST_ASSERT(ret == 0);
} else {
ret = mbedtls_x509_crt_parse(
@@ -693,8 +690,7 @@
ret = mbedtls_pk_parse_key(
cert->pkey,
(const unsigned char *) mbedtls_test_cli_key_ec_der,
- mbedtls_test_cli_key_ec_der_len, NULL, 0,
- mbedtls_test_rnd_std_rand, NULL);
+ mbedtls_test_cli_key_ec_der_len, NULL, 0);
TEST_ASSERT(ret == 0);
}
}
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index d1df9e3..376cd12 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -23,13 +23,18 @@
return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, NULL, NULL,
olen, input, output, output_max_len);
}
+
static int mbedtls_rsa_sign_func(void *ctx,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig)
{
- return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx, f_rng, p_rng,
- md_alg, hashlen, hash, sig);
+ return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ md_alg,
+ hashlen,
+ hash,
+ sig);
}
static size_t mbedtls_rsa_key_len_func(void *ctx)
{
@@ -210,8 +215,7 @@
mbedtls_pk_init(&key);
MD_OR_USE_PSA_INIT();
- TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL,
- mbedtls_test_rnd_std_rand, NULL) == 0);
+ TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL) == 0);
mbedtls_x509write_csr_set_md_alg(&req, md_type);
mbedtls_x509write_csr_set_key(&req, &key);
@@ -229,8 +233,7 @@
TEST_ASSERT(mbedtls_x509write_csr_set_subject_alternative_name(&req, san_list) == 0);
}
- ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf),
- mbedtls_test_rnd_pseudo_rand, &rnd_info);
+ ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf));
TEST_ASSERT(ret == 0);
pem_len = strlen((char *) buf);
@@ -254,9 +257,7 @@
TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf),
- mbedtls_test_rnd_pseudo_rand,
- &rnd_info);
+ der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf));
TEST_ASSERT(der_len >= 0);
if (der_len == 0) {
@@ -271,8 +272,7 @@
#else
der_len -= 1;
#endif
- ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len),
- mbedtls_test_rnd_pseudo_rand, &rnd_info);
+ ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len));
TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
exit:
@@ -306,8 +306,7 @@
memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
- TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL,
- mbedtls_test_rnd_std_rand, NULL) == 0);
+ TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL) == 0);
/* Turn the PK context into an opaque one. */
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&key, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0);
@@ -326,8 +325,7 @@
TEST_ASSERT(mbedtls_x509write_csr_set_ns_cert_type(&req, cert_type) == 0);
}
- ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf) - 1,
- mbedtls_test_rnd_pseudo_rand, &rnd_info);
+ ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf) - 1);
TEST_ASSERT(ret == 0);
@@ -431,10 +429,10 @@
MD_OR_USE_PSA_INIT();
TEST_ASSERT(mbedtls_pk_parse_keyfile(&subject_key, subject_key_file,
- subject_pwd, mbedtls_test_rnd_std_rand, NULL) == 0);
+ subject_pwd) == 0);
TEST_ASSERT(mbedtls_pk_parse_keyfile(&issuer_key, issuer_key_file,
- issuer_pwd, mbedtls_test_rnd_std_rand, NULL) == 0);
+ issuer_pwd) == 0);
issuer_key_type = mbedtls_pk_get_type(&issuer_key);
@@ -522,8 +520,7 @@
if (set_subjectAltNames) {
TEST_ASSERT(mbedtls_x509write_crt_set_subject_alternative_name(&crt, san_list) == 0);
}
- ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf),
- mbedtls_test_rnd_pseudo_rand, &rnd_info);
+ ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf));
TEST_ASSERT(ret == 0);
pem_len = strlen((char *) buf);
@@ -565,9 +562,7 @@
TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0);
}
- der_len = mbedtls_x509write_crt_der(&crt, buf, sizeof(buf),
- mbedtls_test_rnd_pseudo_rand,
- &rnd_info);
+ der_len = mbedtls_x509write_crt_der(&crt, buf, sizeof(buf));
TEST_ASSERT(der_len >= 0);
if (der_len == 0) {
@@ -625,8 +620,7 @@
#endif
der_len -= 1;
- ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len),
- mbedtls_test_rnd_pseudo_rand, &rnd_info);
+ ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len));
TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
exit: