From aa4d15264ae6905d26aa0e7b81e5b33580c4a3ca Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Thu, 6 Jun 2019 21:24:31 +0200 Subject: [PATCH 01/11] SSL reproducible test mode --- programs/ssl/ssl_client2.c | 80 ++++++++++++++++++++++++++++++++++---- programs/ssl/ssl_server2.c | 79 +++++++++++++++++++++++++++++++++---- 2 files changed, 143 insertions(+), 16 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 1e63ee5df9..58c4020612 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -131,6 +131,7 @@ int main( void ) #define DFL_ETM -1 #define DFL_CA_CALLBACK 0 #define DFL_EAP_TLS 0 +#define DFL_REPRODUCIBLE 0 #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: " #define GET_REQUEST_END "\r\n\r\n" @@ -482,6 +483,7 @@ struct options const char *cid_val; /* the CID to use for incoming messages */ const char *cid_val_renego; /* the CID to use for incoming messages * after renegotiation */ + int reproducible; /* make communication reproducible */ } opt; int query_config( const char *config ); @@ -538,6 +540,42 @@ static void my_debug( void *ctx, int level, fflush( (FILE *) ctx ); } + +mbedtls_time_t dummy_constant_time( mbedtls_time_t* time ) +{ + (void) time; + return 0x5af2a056; +} + +int dummy_random( void *p_rng, unsigned char *output, size_t output_len ) +{ + int ret; + size_t i; + + //use mbedtls_ctr_drbg_random to find bugs in it + ret = mbedtls_ctr_drbg_random(p_rng, output, output_len); + for (i=0; i 1 ) goto usage; } + else if( strcmp( p, "reproducible" ) == 0 ) + { + opt.reproducible = 1; + } else goto usage; } @@ -1663,13 +1706,24 @@ int main( int argc, char *argv[] ) fflush( stdout ); mbedtls_entropy_init( &entropy ); - if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, - &entropy, (const unsigned char *) pers, - strlen( pers ) ) ) != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", - -ret ); - goto exit; + if (opt.reproducible) { + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, + &entropy, (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", + -ret ); + goto exit; + } + } else { + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", + -ret ); + goto exit; + } } mbedtls_printf( " ok\n" ); @@ -1949,7 +2003,17 @@ int main( int argc, char *argv[] ) } #endif - mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); + if (opt.reproducible) { + srand(1); + mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg ); +#if defined(MBEDTLS_PLATFORM_TIME_ALT) + mbedtls_platform_set_time( dummy_constant_time ); +#else + fprintf(stderr, "Warning: reprpduce without constant time\n"); +#endif + } else { + mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); + } mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 59d5545f84..586b87119d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -173,6 +173,7 @@ int main( void ) #define DFL_ETM -1 #define DFL_CA_CALLBACK 0 #define DFL_EAP_TLS 0 +#define DFL_REPRODUCIBLE 0 #define LONG_RESPONSE "

01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ @@ -597,6 +598,7 @@ struct options const char *cid_val; /* the CID to use for incoming messages */ const char *cid_val_renego; /* the CID to use for incoming messages * after renegotiation */ + int reproducible; /* make communication reproducible */ } opt; int query_config( const char *config ); @@ -652,6 +654,41 @@ static void my_debug( void *ctx, int level, fflush( (FILE *) ctx ); } +mbedtls_time_t dummy_constant_time( mbedtls_time_t* time ) +{ + (void) time; + return 0x5af2a056; +} + +int dummy_random( void *p_rng, unsigned char *output, size_t output_len ) +{ + int ret; + size_t i; + + //use mbedtls_ctr_drbg_random to find bugs in it + ret = mbedtls_ctr_drbg_random(p_rng, output, output_len); + for (i=0; i 1 ) goto usage; } + else if( strcmp( p, "reproducible" ) == 0 ) + { + opt.reproducible = 1; + } else goto usage; } @@ -2446,13 +2488,24 @@ int main( int argc, char *argv[] ) fflush( stdout ); mbedtls_entropy_init( &entropy ); - if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, - &entropy, (const unsigned char *) pers, - strlen( pers ) ) ) != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", - -ret ); - goto exit; + if (opt.reproducible) { + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, + &entropy, (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", + -ret ); + goto exit; + } + } else { + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", + -ret ); + goto exit; + } } mbedtls_printf( " ok\n" ); @@ -2771,7 +2824,17 @@ int main( int argc, char *argv[] ) } #endif - mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); + if (opt.reproducible) { + srand(1); + mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg ); +#if defined(MBEDTLS_PLATFORM_TIME_ALT) + mbedtls_platform_set_time( dummy_constant_time ); +#else + fprintf(stderr, "Warning: reprpduce without constant time\n"); +#endif + } else { + mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); + } mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); #if defined(MBEDTLS_SSL_CACHE_C) From 986b6f20a9a05932c3a17c0ba23ec041f6d244b5 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Fri, 7 Jun 2019 15:04:32 +0200 Subject: [PATCH 02/11] Style fixes --- programs/ssl/ssl_client2.c | 42 ++++++++++++++++++++++---------------- programs/ssl/ssl_server2.c | 40 ++++++++++++++++++++---------------- 2 files changed, 46 insertions(+), 36 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 58c4020612..5a4baa3dae 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -553,8 +553,9 @@ int dummy_random( void *p_rng, unsigned char *output, size_t output_len ) size_t i; //use mbedtls_ctr_drbg_random to find bugs in it - ret = mbedtls_ctr_drbg_random(p_rng, output, output_len); - for (i=0; i Date: Fri, 7 Jun 2019 22:31:59 +0200 Subject: [PATCH 03/11] Code review Typo rproduce -> reproducible Call mbedtls_entropy_func --- programs/ssl/ssl_client2.c | 6 +++--- programs/ssl/ssl_server2.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 5a4baa3dae..189d0cf5c3 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -567,13 +567,13 @@ int dummy_entropy( void *data, unsigned char *output, size_t len ) size_t i; (void) data; - //ret = mbedtls_entropy_func( data, output, len ); + ret = mbedtls_entropy_func( data, output, len ); for ( i = 0; i < len; i++ ) { //replace result with pseudo random output[i] = (unsigned char) rand(); } - return( 0 ); + return( ret ); } #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) @@ -2013,7 +2013,7 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_PLATFORM_TIME_ALT) mbedtls_platform_set_time( dummy_constant_time ); #else - fprintf( stderr, "Warning: reproduce without constant time\n" ); + fprintf( stderr, "Warning: reproducible without constant time\n" ); #endif } else diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 573b624222..30fa6f5ba0 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -679,12 +679,12 @@ int dummy_entropy( void *data, unsigned char *output, size_t len ) size_t i; (void) data; - //ret = mbedtls_entropy_func( data, output, len ); + ret = mbedtls_entropy_func( data, output, len ); for (i = 0; i < len; i++ ) { //replace result with pseudo random output[i] = (unsigned char) rand(); } - return( 0 ); + return( ret ); } #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) @@ -2832,7 +2832,7 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_PLATFORM_TIME_ALT) mbedtls_platform_set_time( dummy_constant_time ); #else - fprintf( stderr, "Warning: reproduce without constant time\n" ); + fprintf( stderr, "Warning: reproducible without constant time\n" ); #endif } else From 7c9d72497d754f430a9a41e60c145b73326ea9ef Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Tue, 11 Jun 2019 12:11:36 +0200 Subject: [PATCH 04/11] Option used added in string --- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 189d0cf5c3..3bb2e8fdf9 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2013,7 +2013,7 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_PLATFORM_TIME_ALT) mbedtls_platform_set_time( dummy_constant_time ); #else - fprintf( stderr, "Warning: reproducible without constant time\n" ); + fprintf( stderr, "Warning: reproducible option used without constant time\n" ); #endif } else diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 30fa6f5ba0..f79a615ddf 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2832,7 +2832,7 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_PLATFORM_TIME_ALT) mbedtls_platform_set_time( dummy_constant_time ); #else - fprintf( stderr, "Warning: reproducible without constant time\n" ); + fprintf( stderr, "Warning: reproducible option used without constant time\n" ); #endif } else From 0ff84fb6fe4904028ed7be9ee062e9e0a8bebbbf Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Tue, 11 Jun 2019 12:15:17 +0200 Subject: [PATCH 05/11] Only warns if MBEDTLS_HAVE_TIME --- programs/ssl/ssl_client2.c | 2 ++ programs/ssl/ssl_server2.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 3bb2e8fdf9..c32bb70521 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2013,7 +2013,9 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_PLATFORM_TIME_ALT) mbedtls_platform_set_time( dummy_constant_time ); #else +#if defined(MBEDTLS_HAVE_TIME) fprintf( stderr, "Warning: reproducible option used without constant time\n" ); +#endif #endif } else diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index f79a615ddf..96c7c309f0 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2832,7 +2832,9 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_PLATFORM_TIME_ALT) mbedtls_platform_set_time( dummy_constant_time ); #else +#if defined(MBEDTLS_HAVE_TIME) fprintf( stderr, "Warning: reproducible option used without constant time\n" ); +#endif #endif } else From f91b3722cfbf241d9f1440355eb0a4857ba7df4d Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Tue, 11 Jun 2019 16:02:43 +0200 Subject: [PATCH 06/11] More clarity for ifdef orders --- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index c32bb70521..3b7fd67ea3 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2010,10 +2010,10 @@ int main( int argc, char *argv[] ) { srand( 1 ); mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg ); +#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_PLATFORM_TIME_ALT) mbedtls_platform_set_time( dummy_constant_time ); #else -#if defined(MBEDTLS_HAVE_TIME) fprintf( stderr, "Warning: reproducible option used without constant time\n" ); #endif #endif diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 96c7c309f0..e4c992febf 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2829,10 +2829,10 @@ int main( int argc, char *argv[] ) { srand( 1 ); mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg ); +#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_PLATFORM_TIME_ALT) mbedtls_platform_set_time( dummy_constant_time ); #else -#if defined(MBEDTLS_HAVE_TIME) fprintf( stderr, "Warning: reproducible option used without constant time\n" ); #endif #endif From 12e85de964eebca4d213f92178efd6f0fafeccf5 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Tue, 11 Jun 2019 16:07:53 +0200 Subject: [PATCH 07/11] Adds missing ret definition --- programs/ssl/ssl_client2.c | 1 + programs/ssl/ssl_server2.c | 1 + 2 files changed, 2 insertions(+) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 3b7fd67ea3..ef6484810d 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -566,6 +566,7 @@ int dummy_entropy( void *data, unsigned char *output, size_t len ) { size_t i; (void) data; + int ret; ret = mbedtls_entropy_func( data, output, len ); for ( i = 0; i < len; i++ ) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index e4c992febf..b19d8be7c3 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -678,6 +678,7 @@ int dummy_entropy( void *data, unsigned char *output, size_t len ) { size_t i; (void) data; + int ret; ret = mbedtls_entropy_func( data, output, len ); for (i = 0; i < len; i++ ) { From d2235f2a41657fe8f3346ac633e99c15afb52e3b Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Tue, 11 Jun 2019 16:29:28 +0200 Subject: [PATCH 08/11] Commit to C90 style --- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index ef6484810d..f3f9bc9317 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -565,8 +565,8 @@ int dummy_random( void *p_rng, unsigned char *output, size_t output_len ) int dummy_entropy( void *data, unsigned char *output, size_t len ) { size_t i; - (void) data; int ret; + (void) data; ret = mbedtls_entropy_func( data, output, len ); for ( i = 0; i < len; i++ ) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index b19d8be7c3..5d38f11fbb 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -677,8 +677,8 @@ int dummy_random( void *p_rng, unsigned char *output, size_t output_len ) int dummy_entropy( void *data, unsigned char *output, size_t len ) { size_t i; - (void) data; int ret; + (void) data; ret = mbedtls_entropy_func( data, output, len ); for (i = 0; i < len; i++ ) { From 154feb21e8abf388066e2c9fa6ba3c1d28047d83 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Tue, 11 Jun 2019 17:50:23 +0200 Subject: [PATCH 09/11] comment alignment --- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index f3f9bc9317..a291013c9a 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -483,7 +483,7 @@ struct options const char *cid_val; /* the CID to use for incoming messages */ const char *cid_val_renego; /* the CID to use for incoming messages * after renegotiation */ - int reproducible; /* make communication reproducible */ + int reproducible; /* make communication reproducible */ } opt; int query_config( const char *config ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 5d38f11fbb..d5c0cae5b0 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -598,7 +598,7 @@ struct options const char *cid_val; /* the CID to use for incoming messages */ const char *cid_val_renego; /* the CID to use for incoming messages * after renegotiation */ - int reproducible; /* make communication reproducible */ + int reproducible; /* make communication reproducible */ } opt; int query_config( const char *config ); From 738153a0484fc3a403885e3c18f226ecc4ec8585 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Tue, 18 Jun 2019 20:16:43 +0200 Subject: [PATCH 10/11] Adding usage and removing dummy random --- programs/ssl/ssl_client2.c | 22 +++++----------------- programs/ssl/ssl_server2.c | 21 +++++---------------- 2 files changed, 10 insertions(+), 33 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index a291013c9a..67d23e2b94 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -312,6 +312,9 @@ int main( void ) #define USAGE_ETM "" #endif +#define USAGE_REPRODUCIBLE \ + " reproducible=0/1 default: 0 (disabled)\n" + #if defined(MBEDTLS_SSL_RENEGOTIATION) #define USAGE_RENEGO \ " renegotiation=%%d default: 0 (disabled)\n" \ @@ -383,6 +386,7 @@ int main( void ) USAGE_FALLBACK \ USAGE_EMS \ USAGE_ETM \ + USAGE_REPRODUCIBLE \ USAGE_CURVES \ USAGE_RECSPLIT \ USAGE_DHMLEN \ @@ -547,21 +551,6 @@ mbedtls_time_t dummy_constant_time( mbedtls_time_t* time ) return 0x5af2a056; } -int dummy_random( void *p_rng, unsigned char *output, size_t output_len ) -{ - int ret; - size_t i; - - //use mbedtls_ctr_drbg_random to find bugs in it - ret = mbedtls_ctr_drbg_random( p_rng, output, output_len ); - for ( i = 0; i < output_len; i++ ) - { - //replace result with pseudo random - output[i] = (unsigned char) rand(); - } - return( ret ); -} - int dummy_entropy( void *data, unsigned char *output, size_t len ) { size_t i; @@ -1709,6 +1698,7 @@ int main( int argc, char *argv[] ) mbedtls_entropy_init( &entropy ); if (opt.reproducible) { + srand( 1 ); if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) @@ -2009,8 +1999,6 @@ int main( int argc, char *argv[] ) if (opt.reproducible) { - srand( 1 ); - mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg ); #if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_PLATFORM_TIME_ALT) mbedtls_platform_set_time( dummy_constant_time ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index d5c0cae5b0..776e555cdd 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -402,6 +402,9 @@ int main( void ) #define USAGE_ETM "" #endif +#define USAGE_REPRODUCIBLE \ + " reproducible=0/1 default: 0 (disabled)\n" + #if defined(MBEDTLS_SSL_RENEGOTIATION) #define USAGE_RENEGO \ " renegotiation=%%d default: 0 (disabled)\n" \ @@ -470,6 +473,7 @@ int main( void ) "\n" \ USAGE_TICKETS \ USAGE_EAP_TLS \ + USAGE_REPRODUCIBLE \ USAGE_CACHE \ USAGE_MAX_FRAG_LEN \ USAGE_TRUNC_HMAC \ @@ -660,20 +664,6 @@ mbedtls_time_t dummy_constant_time( mbedtls_time_t* time ) return 0x5af2a056; } -int dummy_random( void *p_rng, unsigned char *output, size_t output_len ) -{ - int ret; - size_t i; - - //use mbedtls_ctr_drbg_random to find bugs in it - ret = mbedtls_ctr_drbg_random( p_rng, output, output_len ); - for ( i = 0; i < output_len; i++ ) { - //replace result with pseudo random - output[i] = (unsigned char) rand(); - } - return( ret ); -} - int dummy_entropy( void *data, unsigned char *output, size_t len ) { size_t i; @@ -2489,6 +2479,7 @@ int main( int argc, char *argv[] ) mbedtls_entropy_init( &entropy ); if (opt.reproducible) { + srand( 1 ); if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) @@ -2828,8 +2819,6 @@ int main( int argc, char *argv[] ) if (opt.reproducible) { - srand( 1 ); - mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg ); #if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_PLATFORM_TIME_ALT) mbedtls_platform_set_time( dummy_constant_time ); From b94cf822f38fc71679878de9272d328bdcc49e9d Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Wed, 19 Jun 2019 15:19:38 +0200 Subject: [PATCH 11/11] unconditional mbedtls_ssl_conf_rng --- programs/ssl/ssl_client2.c | 5 +---- programs/ssl/ssl_server2.c | 5 +---- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 67d23e2b94..a5329699b9 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2007,10 +2007,7 @@ int main( int argc, char *argv[] ) #endif #endif } - else - { - mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); - } + mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 776e555cdd..8b1185ade7 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2827,10 +2827,7 @@ int main( int argc, char *argv[] ) #endif #endif } - else - { - mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); - } + mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); #if defined(MBEDTLS_SSL_CACHE_C)