diff options
| author | Simon Goldschmidt <[email protected]> | 2018-11-06 21:28:01 +0100 |
|---|---|---|
| committer | Simon Goldschmidt <[email protected]> | 2019-02-18 13:12:17 +0100 |
| commit | 79732693f3bffdb2aaaad59f7c7674ec09d48ad9 (patch) | |
| tree | 36477e040ca33cba3fdd3691ceaf998d1c79df9c | |
| parent | ef3d12c60efa787587c824dbffe0c3230cc8d379 (diff) | |
altcp_tls_mbedtls: use mbedtls_entropy_func for mbedtls_ctr_drbg_seed
This is the default way for mbedTLS. Add entropy sources via defines (see
mbedtls_entropy_init).
This removes the use of ALTCP_MBEDTLS_RNG_FN
Signed-off-by: Simon Goldschmidt <[email protected]>
(cherry picked from commit 153c295b6faa32697e8794039a69b84b0a9d0652)
| -rw-r--r-- | src/apps/altcp_tls/altcp_tls_mbedtls.c | 22 |
1 files changed, 3 insertions, 19 deletions
diff --git a/src/apps/altcp_tls/altcp_tls_mbedtls.c b/src/apps/altcp_tls/altcp_tls_mbedtls.c index 93def798..f03f97a3 100644 --- a/src/apps/altcp_tls/altcp_tls_mbedtls.c +++ b/src/apps/altcp_tls/altcp_tls_mbedtls.c @@ -40,8 +40,8 @@ * track of the ratio of application data and TLS overhead would be too much. * * Mandatory security-related configuration: - * - define ALTCP_MBEDTLS_RNG_FN to a custom GOOD rng function returning 0 on success: - * int my_rng_fn(void *ctx, unsigned char *buffer , size_t len) + * - ensure to add at least one strong entropy source to your mbedtls port (implement + * mbedtls_platform_entropy_poll or mbedtls_hardware_poll providing strong entropy) * - define ALTCP_MBEDTLS_ENTROPY_PTR and ALTCP_MBEDTLS_ENTROPY_LEN to something providing * GOOD custom entropy * @@ -647,22 +647,6 @@ altcp_mbedtls_debug(void *ctx, int level, const char *file, int line, const char } #endif -#ifndef ALTCP_MBEDTLS_RNG_FN -/** ATTENTION: It is *really* important to *NOT* use this dummy RNG in production code!!!! */ -static int -dummy_rng(void *ctx, unsigned char *buffer, size_t len) -{ - static size_t ctr; - size_t i; - LWIP_UNUSED_ARG(ctx); - for (i = 0; i < len; i++) { - buffer[i] = (unsigned char)++ctr; - } - return 0; -} -#define ALTCP_MBEDTLS_RNG_FN dummy_rng -#endif /* ALTCP_MBEDTLS_RNG_FN */ - /** Create new TLS configuration * ATTENTION: Server certificate and private key have to be added outside this function! */ @@ -714,7 +698,7 @@ altcp_tls_create_config(int is_server, int have_cert, int have_pkey, int have_ca mbedtls_ctr_drbg_init(&conf->ctr_drbg); /* Seed the RNG */ - ret = mbedtls_ctr_drbg_seed(&conf->ctr_drbg, ALTCP_MBEDTLS_RNG_FN, &conf->entropy, ALTCP_MBEDTLS_ENTROPY_PTR, ALTCP_MBEDTLS_ENTROPY_LEN); + ret = mbedtls_ctr_drbg_seed(&conf->ctr_drbg, mbedtls_entropy_func, &conf->entropy, ALTCP_MBEDTLS_ENTROPY_PTR, ALTCP_MBEDTLS_ENTROPY_LEN); if (ret != 0) { LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("mbedtls_ctr_drbg_seed failed: %d\n", ret)); altcp_mbedtls_free_config(conf); |