diff options
| author | Antoine Aubert <a.aubert@overkiz.com> | 2017-01-27 08:39:28 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2017-01-29 11:37:22 +0100 |
| commit | a90a5bccd47ba5425949a51e6d77b91a2a1e7fe6 (patch) | |
| tree | a860289f28afee6e3112f871c44c2548566b67e6 /lib/vtls/mbedtls.c | |
| parent | a1a5dd14d7dd7957903d33f4d9a8f7ce22faa4a3 (diff) | |
mbedtls: implement CTR-DRBG and HAVEGE random generators
closes #1227
Diffstat (limited to 'lib/vtls/mbedtls.c')
| -rw-r--r-- | lib/vtls/mbedtls.c | 51 |
1 files changed, 50 insertions, 1 deletions
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index 213a58fca..748828023 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -6,7 +6,7 @@ * \___|\___/|_| \_\_____| * * Copyright (C) 2010 - 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com> - * Copyright (C) 2012 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -734,6 +734,55 @@ size_t Curl_mbedtls_version(char *buffer, size_t size) (version>>16)&0xff, (version>>8)&0xff); } +CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy, + size_t length) +{ +#if defined(MBEDTLS_CTR_DRBG_C) + int ret = -1; + char errorbuf[128]; + mbedtls_entropy_context ctr_entropy; + mbedtls_ctr_drbg_context ctr_drbg; + mbedtls_entropy_init(&ctr_entropy); + mbedtls_ctr_drbg_init(&ctr_drbg); + errorbuf[0]=0; + + ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, + &ctr_entropy, NULL, 0); + + if(ret) { +#ifdef MBEDTLS_ERROR_C + mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); +#endif /* MBEDTLS_ERROR_C */ + failf(data, "Failed - mbedTLS: ctr_drbg_seed returned (-0x%04X) %s\n", + -ret, errorbuf); + } + else { + ret = mbedtls_ctr_drbg_random(&ctr_drbg, entropy, length); + + if(ret) { +#ifdef MBEDTLS_ERROR_C + mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); +#endif /* MBEDTLS_ERROR_C */ + failf(data, "mbedTLS: ctr_drbg_init returned (-0x%04X) %s\n", + -ret, errorbuf); + } + } + + mbedtls_ctr_drbg_free(&ctr_drbg); + mbedtls_entropy_free(&ctr_entropy); + + return ret == 0 ? CURLE_OK : CURLE_FAILED_INIT; +#elif defined(MBEDTLS_HAVEGE_C) + mbedtls_havege_state hs; + mbedtls_havege_init(&hs); + mbedtls_havege_random(&hs, entropy, length); + mbedtls_havege_free(&hs); + return CURLE_OK; +#else + return CURLE_NOT_BUILT_IN; +#endif +} + static CURLcode mbed_connect_common(struct connectdata *conn, int sockindex, |