Allow compile-time configuration of PRNG in SSL module
Introduces MBEDTLS_SSL_CONF_RNG to allow configuring the
RNG to be used by the SSL module at compile-time.
Impact on code-size:
| | GCC 8.2.1 | ARMC5 5.06 | ARMC6 6.12 |
| --- | --- | --- | --- |
| `libmbedtls.a` before | 23535 | 24089 | 27103 |
| `libmbedtls.a` after | 23471 | 24077 | 27045 |
| gain in Bytes | 64 | 12 | 58 |
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 91b944c..8c24ee9 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1623,7 +1623,8 @@
/* Write length only when we know the actual value */
if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
p + 2, end - ( p + 2 ), &len,
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+ mbedtls_ssl_conf_get_frng( ssl->conf ),
+ ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
return( ret );
@@ -1644,7 +1645,8 @@
if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen,
p + 2, end - ( p + 2 ),
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+ mbedtls_ssl_conf_get_frng( ssl->conf ),
+ ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
return( ret );
@@ -3941,7 +3943,8 @@
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
if( ( ret = mbedtls_ssl_encrypt_buf( ssl, ssl->transform_out, &rec,
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+ mbedtls_ssl_conf_get_frng( ssl->conf ),
+ ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret );
return( ret );
@@ -8185,6 +8188,7 @@
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#if !defined(MBEDTLS_SSL_CONF_RNG)
void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
@@ -8192,6 +8196,13 @@
conf->f_rng = f_rng;
conf->p_rng = p_rng;
}
+#else
+void mbedtls_ssl_conf_rng_ctx( mbedtls_ssl_config *conf,
+ void *p_rng )
+{
+ conf->p_rng = p_rng;
+}
+#endif
void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
void (*f_dbg)(void *, int, const char *, int, const char *),