Remove RNG from x509 and PK
remove the f_rng and p_rng parameter from x509 and PK.
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
index 404c4ad..740dea5 100644
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c
@@ -82,8 +82,7 @@
return 1;
}
if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0,
- dummy_random, &ctr_drbg) != 0) {
+ mbedtls_test_srv_key_len, NULL, 0) != 0) {
return 1;
}
#endif
diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c
index 1a5fbba..8055603 100644
--- a/programs/fuzz/fuzz_privkey.c
+++ b/programs/fuzz/fuzz_privkey.c
@@ -44,8 +44,7 @@
goto exit;
}
- ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0,
- dummy_random, &ctr_drbg);
+ ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0);
if (ret == 0) {
#if defined(MBEDTLS_RSA_C)
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index 64fe32d..857b1b6 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@@ -91,8 +91,7 @@
return 1;
}
if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0,
- dummy_random, &ctr_drbg) != 0) {
+ mbedtls_test_srv_key_len, NULL, 0) != 0) {
return 1;
}
#endif
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index b064078..2be5842 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -248,8 +248,7 @@
goto cleanup;
}
- ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password,
- mbedtls_ctr_drbg_random, &ctr_drbg);
+ ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n",
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index b9b477b..e36130b 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -363,8 +363,7 @@
goto exit;
}
- ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL,
- mbedtls_ctr_drbg_random, &ctr_drbg);
+ ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x",
(unsigned int) -ret);
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index a7b9001..d2bfde5 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -89,8 +89,7 @@
mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
fflush(stdout);
- if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
@@ -119,8 +118,7 @@
mbedtls_printf("\n . Decrypting the encrypted data");
fflush(stdout);
- if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result),
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_decrypt returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index 28a849b..1ab2a3d 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -105,8 +105,7 @@
fflush(stdout);
if ((ret = mbedtls_pk_encrypt(&pk, input, strlen(argv[2]),
- buf, &olen, sizeof(buf),
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ buf, &olen, sizeof(buf))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_encrypt returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index af52583..92d9660 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -85,8 +85,7 @@
mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
fflush(stdout);
- if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
mbedtls_printf(" failed\n ! Could not parse '%s'\n", argv[1]);
goto exit;
}
@@ -106,8 +105,7 @@
}
if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
- buf, sizeof(buf), &olen,
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ buf, sizeof(buf), &olen)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret);
goto exit;
}
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index e4f27f3..a5e06fb 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -86,8 +86,7 @@
mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
fflush(stdout);
- if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]);
mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret);
goto exit;
@@ -120,8 +119,7 @@
}
if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
- buf, sizeof(buf), &olen,
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ buf, sizeof(buf), &olen)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_sign returned %d\n\n", ret);
goto exit;
}
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index d1c2a8c..a10a6e6 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -165,9 +165,7 @@
(const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len,
NULL,
- 0,
- mbedtls_ctr_drbg_random,
- &ctr_drbg);
+ 0);
if (ret != 0) {
printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 6ed073e..e4efadc 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1736,12 +1736,12 @@
} else
#if defined(MBEDTLS_FS_IO)
if (strlen(opt.key_file)) {
- ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd, rng_get, &rng);
+ ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd);
} else
#endif
{ ret = mbedtls_pk_parse_key(&pkey,
(const unsigned char *) mbedtls_test_cli_key,
- mbedtls_test_cli_key_len, NULL, 0, rng_get, &rng); }
+ mbedtls_test_cli_key_len, NULL, 0); }
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
(unsigned int) -ret);
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index b959858..f1eb21f 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -138,8 +138,7 @@
}
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0,
- mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_test_srv_key_len, NULL, 0);
if (ret != 0) {
mbedtls_printf(" failed! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index d3354ca..69aefef 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -514,8 +514,7 @@
#if defined(MBEDTLS_FS_IO)
if (strlen(opt.key_file)) {
- ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, "",
- mbedtls_ctr_drbg_random, &ctr_drbg);
+ ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, "");
} else
#endif
#if defined(MBEDTLS_PEM_PARSE_C)
@@ -524,9 +523,7 @@
(const unsigned char *) mbedtls_test_cli_key,
mbedtls_test_cli_key_len,
NULL,
- 0,
- mbedtls_ctr_drbg_random,
- &ctr_drbg);
+ 0);
}
#else
{
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index a1c583a..1214eb8 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -379,8 +379,7 @@
mbedtls_pk_init(&pkey);
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0,
- mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_test_srv_key_len, NULL, 0);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 4b101d3..0f27b82 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -144,8 +144,7 @@
}
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
- mbedtls_test_srv_key_len, NULL, 0,
- mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_test_srv_key_len, NULL, 0);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 8a0e18a..556e906 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -824,7 +824,7 @@
mbedtls_pk_init(new->key);
if (mbedtls_x509_crt_parse_file(new->cert, crt_file) != 0 ||
- mbedtls_pk_parse_keyfile(new->key, key_file, "", rng_get, &rng) != 0) {
+ mbedtls_pk_parse_keyfile(new->key, key_file, "") != 0) {
goto error;
}
@@ -1175,8 +1175,7 @@
* public key. */
for (slot = 0; slot < config_data->slots_used; slot++) {
if (mbedtls_pk_check_pair(&cert->pk,
- config_data->slots[slot].pk,
- rng_get, &rng) == 0) {
+ config_data->slots[slot].pk) == 0) {
break;
}
}
@@ -1247,12 +1246,16 @@
}
switch (ctx->operation_type) {
+ case ASYNC_OP_DECRYPT:
+ ret = mbedtls_pk_decrypt(key_slot->pk,
+ ctx->input, ctx->input_len,
+ output, output_len, output_size);
+ break;
case ASYNC_OP_SIGN:
ret = mbedtls_pk_sign(key_slot->pk,
ctx->md_alg,
ctx->input, ctx->input_len,
- output, output_size, output_len,
- config_data->f_rng, config_data->p_rng);
+ output, output_size, output_len);
break;
default:
mbedtls_printf(
@@ -2637,7 +2640,7 @@
if (strlen(opt.key_file) && strcmp(opt.key_file, "none") != 0) {
key_cert_init++;
if ((ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file,
- opt.key_pwd, rng_get, &rng)) != 0) {
+ opt.key_pwd)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n",
(unsigned int) -ret);
goto exit;
@@ -2659,7 +2662,7 @@
if (strlen(opt.key_file2) && strcmp(opt.key_file2, "none") != 0) {
key_cert_init2++;
if ((ret = mbedtls_pk_parse_keyfile(&pkey2, opt.key_file2,
- opt.key_pwd2, rng_get, &rng)) != 0) {
+ opt.key_pwd2)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n",
(unsigned int) -ret);
goto exit;
@@ -2686,8 +2689,7 @@
}
if ((ret = mbedtls_pk_parse_key(&pkey,
(const unsigned char *) mbedtls_test_srv_key_rsa,
- mbedtls_test_srv_key_rsa_len, NULL, 0,
- rng_get, &rng)) != 0) {
+ mbedtls_test_srv_key_rsa_len, NULL, 0)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
(unsigned int) -ret);
goto exit;
@@ -2704,8 +2706,7 @@
}
if ((ret = mbedtls_pk_parse_key(&pkey2,
(const unsigned char *) mbedtls_test_srv_key_ec,
- mbedtls_test_srv_key_ec_len, NULL, 0,
- rng_get, &rng)) != 0) {
+ mbedtls_test_srv_key_ec_len, NULL, 0)) != 0) {
mbedtls_printf(" failed\n ! pk_parse_key2 returned -0x%x\n\n",
(unsigned int) -ret);
goto exit;
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 1be335c..f09e938 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -109,9 +109,7 @@
mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */
} opt;
-static int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+static int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file)
{
int ret;
FILE *f;
@@ -119,7 +117,7 @@
size_t len = 0;
memset(output_buf, 0, 4096);
- if ((ret = mbedtls_x509write_csr_pem(req, output_buf, 4096, f_rng, p_rng)) < 0) {
+ if ((ret = mbedtls_x509write_csr_pem(req, output_buf, 4096)) < 0) {
return ret;
}
@@ -454,8 +452,7 @@
mbedtls_printf(" . Loading the private key ...");
fflush(stdout);
- ret = mbedtls_pk_parse_keyfile(&key, opt.filename, opt.password,
- mbedtls_ctr_drbg_random, &ctr_drbg);
+ ret = mbedtls_pk_parse_keyfile(&key, opt.filename, opt.password);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned %d", ret);
@@ -472,8 +469,7 @@
mbedtls_printf(" . Writing the certificate request ...");
fflush(stdout);
- if ((ret = write_certificate_request(&req, opt.output_file,
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ if ((ret = write_certificate_request(&req, opt.output_file)) != 0) {
mbedtls_printf(" failed\n ! write_certificate_request %d", ret);
goto exit;
}
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 5993f24..9776dc1 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -206,9 +206,7 @@
int format; /* format */
} opt;
-static int write_certificate(mbedtls_x509write_cert *crt, const char *output_file,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+static int write_certificate(mbedtls_x509write_cert *crt, const char *output_file)
{
int ret;
FILE *f;
@@ -218,8 +216,7 @@
memset(output_buf, 0, 4096);
if (opt.format == FORMAT_DER) {
- ret = mbedtls_x509write_crt_der(crt, output_buf, 4096,
- f_rng, p_rng);
+ ret = mbedtls_x509write_crt_der(crt, output_buf, 4096);
if (ret < 0) {
return ret;
}
@@ -227,8 +224,7 @@
len = ret;
output_start = output_buf + 4096 - len;
} else {
- ret = mbedtls_x509write_crt_pem(crt, output_buf, 4096,
- f_rng, p_rng);
+ ret = mbedtls_x509write_crt_pem(crt, output_buf, 4096);
if (ret < 0) {
return ret;
}
@@ -780,7 +776,7 @@
fflush(stdout);
ret = mbedtls_pk_parse_keyfile(&loaded_subject_key, opt.subject_key,
- opt.subject_pwd, mbedtls_ctr_drbg_random, &ctr_drbg);
+ opt.subject_pwd);
if (ret != 0) {
mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile "
@@ -795,7 +791,7 @@
fflush(stdout);
ret = mbedtls_pk_parse_keyfile(&loaded_issuer_key, opt.issuer_key,
- opt.issuer_pwd, mbedtls_ctr_drbg_random, &ctr_drbg);
+ opt.issuer_pwd);
if (ret != 0) {
mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile "
@@ -806,8 +802,7 @@
// Check if key and issuer certificate match
//
if (strlen(opt.issuer_crt)) {
- if (mbedtls_pk_check_pair(&issuer_crt.pk, issuer_key,
- mbedtls_ctr_drbg_random, &ctr_drbg) != 0) {
+ if (mbedtls_pk_check_pair(&issuer_crt.pk, issuer_key) != 0) {
mbedtls_printf(" failed\n ! issuer_key does not match "
"issuer certificate\n\n");
goto exit;
@@ -984,8 +979,7 @@
mbedtls_printf(" . Writing the certificate...");
fflush(stdout);
- if ((ret = write_certificate(&crt, opt.output_file,
- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ if ((ret = write_certificate(&crt, opt.output_file)) != 0) {
mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(" failed\n ! write_certificate -0x%04x - %s\n\n",
(unsigned int) -ret, buf);