diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index a19b297129..9250b100af 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -742,8 +742,7 @@ int main( int argc, char *argv[] ) mbedtls_ssl_config_init( &conf ); memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) ); rng_context_t *rng = &rng_context; - mbedtls_ctr_drbg_init( &rng->drbg ); - mbedtls_entropy_init( &rng->entropy ); + rng_init( rng ); #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_init( &cacert ); mbedtls_x509_crt_init( &clicert ); @@ -1536,30 +1535,8 @@ int main( int argc, char *argv[] ) fflush( stdout ); int reproducible = opt.reproducible; - if ( reproducible ) - { - srand( 1 ); - if( ( ret = mbedtls_ctr_drbg_seed( &rng->drbg, dummy_entropy, - &rng->entropy, (const unsigned char *) pers, - strlen( pers ) ) ) != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", - (unsigned int) -ret ); - goto exit; - } - } - else - { - if( ( ret = mbedtls_ctr_drbg_seed( &rng->drbg, mbedtls_entropy_func, - &rng->entropy, (const unsigned char *) pers, - strlen( pers ) ) ) != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", - (unsigned int) -ret ); - goto exit; - } - } - + if( rng_seed( rng, reproducible, pers ) != 0 ) + goto exit; mbedtls_printf( " ok\n" ); #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -3025,8 +3002,7 @@ exit: mbedtls_ssl_session_free( &saved_session ); mbedtls_ssl_free( &ssl ); mbedtls_ssl_config_free( &conf ); - mbedtls_ctr_drbg_free( &rng->drbg ); - mbedtls_entropy_free( &rng->entropy ); + rng_free( rng ); if( session_data != NULL ) mbedtls_platform_zeroize( session_data, session_data_len ); mbedtls_free( session_data ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index bceca54080..0c4c77bd59 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1377,8 +1377,7 @@ int main( int argc, char *argv[] ) mbedtls_ssl_init( &ssl ); mbedtls_ssl_config_init( &conf ); rng_context_t *rng = &rng_context; - mbedtls_ctr_drbg_init( &rng->drbg ); - mbedtls_entropy_init( &rng->entropy ); + rng_init( rng ); #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_init( &cacert ); mbedtls_x509_crt_init( &srvcert ); @@ -2295,30 +2294,8 @@ int main( int argc, char *argv[] ) fflush( stdout ); int reproducible = opt.reproducible; - if ( reproducible ) - { - srand( 1 ); - if( ( ret = mbedtls_ctr_drbg_seed( &rng->drbg, dummy_entropy, - &rng->entropy, (const unsigned char *) pers, - strlen( pers ) ) ) != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", - (unsigned int) -ret ); - goto exit; - } - } - else - { - if( ( ret = mbedtls_ctr_drbg_seed( &rng->drbg, mbedtls_entropy_func, - &rng->entropy, (const unsigned char *) pers, - strlen( pers ) ) ) != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", - (unsigned int) -ret ); - goto exit; - } - } - + if( rng_seed( rng, reproducible, pers ) != 0 ) + goto exit; mbedtls_printf( " ok\n" ); #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -3999,8 +3976,7 @@ exit: mbedtls_ssl_free( &ssl ); mbedtls_ssl_config_free( &conf ); - mbedtls_ctr_drbg_free( &rng->drbg ); - mbedtls_entropy_free( &rng->entropy ); + rng_free( rng ); #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_free( &cache ); diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 22453c19f8..bbb4d4a8d9 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -61,6 +61,52 @@ int dummy_entropy( void *data, unsigned char *output, size_t len ) return( ret ); } +void rng_init( rng_context_t *rng ) +{ + mbedtls_ctr_drbg_init( &rng->drbg ); + mbedtls_entropy_init( &rng->entropy ); +} + +int rng_seed( rng_context_t *rng, int reproducible, const char *pers ) +{ + int ret = 0; + + if ( reproducible ) + { + srand( 1 ); + if( ( ret = mbedtls_ctr_drbg_seed( &rng->drbg, dummy_entropy, + &rng->entropy, (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", + (unsigned int) -ret ); + goto exit; + } + } + else + { + if( ( ret = mbedtls_ctr_drbg_seed( &rng->drbg, mbedtls_entropy_func, + &rng->entropy, (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", + (unsigned int) -ret ); + goto exit; + } + } + + + return( 0 ); +exit: + return( 1 ); +} + +void rng_free( rng_context_t *rng ) +{ + mbedtls_ctr_drbg_free( &rng->drbg ); + mbedtls_entropy_free( &rng->entropy ); +} + #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback( void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates ) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index 9f22ee4d5a..db08a46e67 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -128,7 +128,7 @@ mbedtls_time_t dummy_constant_time( mbedtls_time_t* time ); int dummy_entropy( void *data, unsigned char *output, size_t len ); -/** A context for random generation. +/** A context for random number generation (RNG). */ typedef struct { @@ -136,6 +136,36 @@ typedef struct mbedtls_ctr_drbg_context drbg; } rng_context_t; +/** Initialize the RNG. + * + * This function only initializes the memory used by the RNG context. + * Before using the RNG, it must be seeded with rng_seed(). + */ +void rng_init( rng_context_t *rng ); + +/* Seed the random number generator. + * + * \param rng The RNG context to use. It must have been initialized + * with rng_init(). + * \param reproducible If zero, seed the RNG from entropy. + * If nonzero, use a fixed seed, so that the program + * will produce the same sequence of random numbers + * each time it is invoked. + * \param pers A null-terminated string. Different values for this + * string cause the RNG to emit different output for + * the same seed. + * + * return 0 on success, a negative value on error. + */ +int rng_seed( rng_context_t *rng, int reproducible, const char *pers ); + +/** Deinitialize the RNG. Free any embedded resource. + * + * \param rng The RNG context to deinitialize. It must have been + * initialized with rng_init(). + */ +void rng_free( rng_context_t *rng ); + #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback( void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates );