[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 102/173: mbedtls: implement CTR-DRBG and HAVEGE ran
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 102/173: mbedtls: implement CTR-DRBG and HAVEGE random generators |
Date: |
Fri, 24 Feb 2017 14:02:04 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to annotated tag gnurl-7.53.1
in repository gnurl.
commit a90a5bccd47ba5425949a51e6d77b91a2a1e7fe6
Author: Antoine Aubert <address@hidden>
AuthorDate: Fri Jan 27 08:39:28 2017 +0100
mbedtls: implement CTR-DRBG and HAVEGE random generators
closes #1227
---
lib/vtls/mbedtls.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++-
lib/vtls/mbedtls.h | 9 ++++-----
2 files changed, 54 insertions(+), 6 deletions(-)
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index 213a58fca..748828023 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -6,7 +6,7 @@
* \___|\___/|_| \_\_____|
*
* Copyright (C) 2010 - 2011, Hoi-Ho Chan, <address@hidden>
- * Copyright (C) 2012 - 2016, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 2012 - 2017, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -734,6 +734,55 @@ size_t Curl_mbedtls_version(char *buffer, size_t size)
(version>>16)&0xff, (version>>8)&0xff);
}
+CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy,
+ size_t length)
+{
+#if defined(MBEDTLS_CTR_DRBG_C)
+ int ret = -1;
+ char errorbuf[128];
+ mbedtls_entropy_context ctr_entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_entropy_init(&ctr_entropy);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ errorbuf[0]=0;
+
+ ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
+ &ctr_entropy, NULL, 0);
+
+ if(ret) {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* MBEDTLS_ERROR_C */
+ failf(data, "Failed - mbedTLS: ctr_drbg_seed returned (-0x%04X) %s\n",
+ -ret, errorbuf);
+ }
+ else {
+ ret = mbedtls_ctr_drbg_random(&ctr_drbg, entropy, length);
+
+ if(ret) {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* MBEDTLS_ERROR_C */
+ failf(data, "mbedTLS: ctr_drbg_init returned (-0x%04X) %s\n",
+ -ret, errorbuf);
+ }
+ }
+
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&ctr_entropy);
+
+ return ret == 0 ? CURLE_OK : CURLE_FAILED_INIT;
+#elif defined(MBEDTLS_HAVEGE_C)
+ mbedtls_havege_state hs;
+ mbedtls_havege_init(&hs);
+ mbedtls_havege_random(&hs, entropy, length);
+ mbedtls_havege_free(&hs);
+ return CURLE_OK;
+#else
+ return CURLE_NOT_BUILT_IN;
+#endif
+}
+
static CURLcode
mbed_connect_common(struct connectdata *conn,
int sockindex,
diff --git a/lib/vtls/mbedtls.h b/lib/vtls/mbedtls.h
index 1021d5461..5b0bcf6d7 100644
--- a/lib/vtls/mbedtls.h
+++ b/lib/vtls/mbedtls.h
@@ -50,6 +50,9 @@ void Curl_mbedtls_session_free(void *ptr);
size_t Curl_mbedtls_version(char *buffer, size_t size);
int Curl_mbedtls_shutdown(struct connectdata *conn, int sockindex);
+CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy,
+ size_t length);
+
/* this backends supports CURLOPT_PINNEDPUBLICKEY */
#define have_curlssl_pinnedpubkey 1
@@ -70,11 +73,7 @@ int Curl_mbedtls_shutdown(struct connectdata *conn, int
sockindex);
#define curlssl_data_pending(x,y) Curl_mbedtls_data_pending(x, y)
#define CURL_SSL_BACKEND CURLSSLBACKEND_MBEDTLS
#define curlssl_sha256sum(a,b,c,d) mbedtls_sha256(a,b,c,0)
-
-/* This might cause libcurl to use a weeker random!
- TODO: implement proper use of Polarssl's CTR-DRBG or HMAC-DRBG and use that
-*/
-#define curlssl_random(x,y,z) (x=x, y=y, z=z, CURLE_NOT_BUILT_IN)
+#define curlssl_random(x,y,z) Curl_mbedtls_random(x, y, z)
#endif /* USE_MBEDTLS */
#endif /* HEADER_CURL_MBEDTLS_H */
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 142/173: docs: fix timeout handling in multi-uv example, (continued)
- [GNUnet-SVN] [gnurl] 142/173: docs: fix timeout handling in multi-uv example, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 116/173: http2: reset push header counter fixes crash, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 157/173: url: Improve CURLOPT_PROXY_CAPATH error handling, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 121/173: http_proxy: Fix tiny memory leak upon edge case connecting to proxy, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 140/173: http: fix missing 'Content-Length: 0' while negotiating auth, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 87/173: contri*.sh: cut off parentheses from names too, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 143/173: speed caps: update the timeouts if the speed is too low/high, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 91/173: VC: remove the makefile.vc6 build infra, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 156/173: cyassl: fix typo, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 86/173: RELEASE-NOTES: synced with 01ab7c30bba6f, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 102/173: mbedtls: implement CTR-DRBG and HAVEGE random generators,
gnunet <=
- [GNUnet-SVN] [gnurl] 161/173: docs: gitignore curl.1, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 122/173: http_proxy: avoid freeing static memory, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 145/173: string formatting: fix 4 printf-style format strings, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 163/173: bump: 7.53.1 coming up, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 117/173: THANKS-filter: polish some recent contributors, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 148/173: sftp: improved checks for create dir failures, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 164/173: tests: Set CHARSET & LANG to UTF-8 in 1035, 2046 and 2047, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 155/173: release: 7.53.0, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 111/173: schannel: Remove incorrect SNI disabled message, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 147/173: digest_sspi: Fix nonce-count generation in HTTP digest, gnunet, 2017/02/24