pre-test version of the mbedtls_ssl_conf_rng removal
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index f5ea8dd..96c1a7c 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -801,9 +801,7 @@
int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform,
- mbedtls_record *rec,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng)
+ mbedtls_record *rec)
{
mbedtls_ssl_mode_t ssl_mode;
int auth_done = 0;
@@ -1140,10 +1138,6 @@
* Prepend per-record IV for block cipher in TLS v1.2 as per
* Method 1 (6.2.3.2. in RFC4346 and RFC5246)
*/
- if (f_rng == NULL) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("No PRNG provided to encrypt_record routine"));
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- }
if (rec->data_offset < transform->ivlen) {
MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough"));
@@ -1153,7 +1147,7 @@
/*
* Generate IV
*/
- ret = f_rng(p_rng, transform->iv_enc, transform->ivlen);
+ ret = psa_generate_random(transform->iv_enc, transform->ivlen);
if (ret != 0) {
return ret;
}
@@ -2725,8 +2719,7 @@
rec.cid_len = 0;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- if ((ret = mbedtls_ssl_encrypt_buf(ssl, ssl->transform_out, &rec,
- ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+ if ((ret = mbedtls_ssl_encrypt_buf(ssl, ssl->transform_out, &rec)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "ssl_encrypt_buf", ret);
return ret;
}