mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2024-07-04 20:08:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

altcp_tls_mbedtls: use mbedtls_entropy_func for mbedtls_ctr_drbg_seed

Browse Source 
This is the default way for mbedTLS. Add entropy sources via defines (see
mbedtls_entropy_init).

This removes the use of ALTCP_MBEDTLS_RNG_FN

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
This commit is contained in:
Simon Goldschmidt 2018-11-06 21:28:01 +01:00
parent fe05be110d
commit 153c295b6f
1 changed files with 3 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/apps/altcp_tls/altcp_tls_mbedtls.c
View File

@ -40,8 +40,8 @@
* track of the ratio of application data and TLS overhead would be too much.
*
* Mandatory security-related configuration:
* - define ALTCP_MBEDTLS_RNG_FN to a custom GOOD rng function returning 0 on success:
* int my_rng_fn(void *ctx, unsigned char *buffer , size_t len)
* - ensure to add at least one strong entropy source to your mbedtls port (implement
* mbedtls_platform_entropy_poll or mbedtls_hardware_poll providing strong entropy)
* - define ALTCP_MBEDTLS_ENTROPY_PTR and ALTCP_MBEDTLS_ENTROPY_LEN to something providing
* GOOD custom entropy
*
@ -647,22 +647,6 @@ altcp_mbedtls_debug(void *ctx, int level, const char *file, int line, const char
}
#endif
#ifndef ALTCP_MBEDTLS_RNG_FN
/** ATTENTION: It is *really* important to *NOT* use this dummy RNG in production code!!!! */
static int
dummy_rng(void *ctx, unsigned char *buffer, size_t len)
{
static size_t ctr;
size_t i;
LWIP_UNUSED_ARG(ctx);
for (i = 0; i < len; i++) {
buffer[i] = (unsigned char)++ctr;
}
return 0;
}
#define ALTCP_MBEDTLS_RNG_FN dummy_rng
#endif /* ALTCP_MBEDTLS_RNG_FN */
/** Create new TLS configuration
* ATTENTION: Server certificate and private key have to be added outside this function!
*/
@ -714,7 +698,7 @@ altcp_tls_create_config(int is_server, int have_cert, int have_pkey, int have_ca
mbedtls_ctr_drbg_init(&conf->ctr_drbg);
/* Seed the RNG */
ret = mbedtls_ctr_drbg_seed(&conf->ctr_drbg, ALTCP_MBEDTLS_RNG_FN, &conf->entropy, ALTCP_MBEDTLS_ENTROPY_PTR, ALTCP_MBEDTLS_ENTROPY_LEN);
ret = mbedtls_ctr_drbg_seed(&conf->ctr_drbg, mbedtls_entropy_func, &conf->entropy, ALTCP_MBEDTLS_ENTROPY_PTR, ALTCP_MBEDTLS_ENTROPY_LEN);
if (ret != 0) {
LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("mbedtls_ctr_drbg_seed failed: %d\n", ret));
altcp_mbedtls_free_config(conf);