mirror of
https://github.com/lwip-tcpip/lwip.git
synced 2024-12-25 18:14:53 +00:00
altcp_tls_mbedtls: use mbedtls_entropy_func for mbedtls_ctr_drbg_seed
This is the default way for mbedTLS. Add entropy sources via defines (see mbedtls_entropy_init). This removes the use of ALTCP_MBEDTLS_RNG_FN Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
This commit is contained in:
parent
fe05be110d
commit
153c295b6f
@ -40,8 +40,8 @@
|
||||
* track of the ratio of application data and TLS overhead would be too much.
|
||||
*
|
||||
* Mandatory security-related configuration:
|
||||
* - define ALTCP_MBEDTLS_RNG_FN to a custom GOOD rng function returning 0 on success:
|
||||
* int my_rng_fn(void *ctx, unsigned char *buffer , size_t len)
|
||||
* - ensure to add at least one strong entropy source to your mbedtls port (implement
|
||||
* mbedtls_platform_entropy_poll or mbedtls_hardware_poll providing strong entropy)
|
||||
* - define ALTCP_MBEDTLS_ENTROPY_PTR and ALTCP_MBEDTLS_ENTROPY_LEN to something providing
|
||||
* GOOD custom entropy
|
||||
*
|
||||
@ -647,22 +647,6 @@ altcp_mbedtls_debug(void *ctx, int level, const char *file, int line, const char
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef ALTCP_MBEDTLS_RNG_FN
|
||||
/** ATTENTION: It is *really* important to *NOT* use this dummy RNG in production code!!!! */
|
||||
static int
|
||||
dummy_rng(void *ctx, unsigned char *buffer, size_t len)
|
||||
{
|
||||
static size_t ctr;
|
||||
size_t i;
|
||||
LWIP_UNUSED_ARG(ctx);
|
||||
for (i = 0; i < len; i++) {
|
||||
buffer[i] = (unsigned char)++ctr;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
#define ALTCP_MBEDTLS_RNG_FN dummy_rng
|
||||
#endif /* ALTCP_MBEDTLS_RNG_FN */
|
||||
|
||||
/** Create new TLS configuration
|
||||
* ATTENTION: Server certificate and private key have to be added outside this function!
|
||||
*/
|
||||
@ -714,7 +698,7 @@ altcp_tls_create_config(int is_server, int have_cert, int have_pkey, int have_ca
|
||||
mbedtls_ctr_drbg_init(&conf->ctr_drbg);
|
||||
|
||||
/* Seed the RNG */
|
||||
ret = mbedtls_ctr_drbg_seed(&conf->ctr_drbg, ALTCP_MBEDTLS_RNG_FN, &conf->entropy, ALTCP_MBEDTLS_ENTROPY_PTR, ALTCP_MBEDTLS_ENTROPY_LEN);
|
||||
ret = mbedtls_ctr_drbg_seed(&conf->ctr_drbg, mbedtls_entropy_func, &conf->entropy, ALTCP_MBEDTLS_ENTROPY_PTR, ALTCP_MBEDTLS_ENTROPY_LEN);
|
||||
if (ret != 0) {
|
||||
LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("mbedtls_ctr_drbg_seed failed: %d\n", ret));
|
||||
altcp_mbedtls_free_config(conf);
|
||||
|
Loading…
Reference in New Issue
Block a user