result_t crypto_base::pseudoRandomBytes(int32_t size, obj_ptr<Buffer_base> &retVal, AsyncEvent *ac) { if (!ac) return CHECK_ERROR(CALL_E_NOSYNC); int32_t i, ret; mbedtls_entropy_context entropy; unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; qstring strBuf; strBuf.resize(size); mbedtls_entropy_init(&entropy); for (i = 0; i < size; i += sizeof(buf)) { ret = mbedtls_entropy_func(&entropy, buf, sizeof(buf)); if (ret != 0) { mbedtls_entropy_free(&entropy); return CHECK_ERROR(_ssl::setError(ret)); } memcpy(&strBuf[i], buf, size - i > (int32_t)sizeof(buf) ? (int32_t)sizeof(buf) : size - i); } mbedtls_entropy_free(&entropy); retVal = new Buffer(strBuf); return 0; }
static void free_dukf_ssl_context(dukf_ssl_context_t *dukf_ssl_context) { mbedtls_ssl_free(&dukf_ssl_context->ssl); mbedtls_ssl_config_free(&dukf_ssl_context->conf); mbedtls_ctr_drbg_free(&dukf_ssl_context->ctr_drbg); mbedtls_entropy_free(&dukf_ssl_context->entropy); free(dukf_ssl_context); } // free_ssl_socket
static void mbedtls_msg_free(pmbedtls_msg *msg) { lwIP_ASSERT(msg); lwIP_ASSERT(*msg); /*to prevent memory leaks, ensure that each allocated is deleted at every handshake*/ if ((*msg)->psession){ mbedtls_session_free(&((*msg)->psession)); } #if defined(ESP8266_PLATFORM) if ((*msg)->quiet && (*msg)->ssl.out_buf) { mbedtls_zeroize((*msg)->ssl.out_buf, MBEDTLS_SSL_OUTBUFFER_LEN); os_free((*msg)->ssl.out_buf); (*msg)->ssl.out_buf = NULL; } #endif mbedtls_entropy_free(&(*msg)->entropy); mbedtls_ssl_free(&(*msg)->ssl); mbedtls_ssl_config_free(&(*msg)->conf); mbedtls_ctr_drbg_free(&(*msg)->ctr_drbg); os_free(*msg); *msg = NULL; }
static void mbedtls_msg_server_step(pmbedtls_msg msg) { lwIP_ASSERT(msg); /*to prevent memory leaks, ensure that each allocated is deleted at every handshake*/ if (msg->psession){ mbedtls_session_free(&msg->psession); } #if defined(ESP8266_PLATFORM) if (msg->quiet && msg->ssl.out_buf) { mbedtls_zeroize(msg->ssl.out_buf, MBEDTLS_SSL_OUTBUFFER_LEN); os_free(msg->ssl.out_buf); msg->ssl.out_buf = NULL; } #endif mbedtls_entropy_free(&msg->entropy); mbedtls_ssl_free(&msg->ssl); mbedtls_ssl_config_free(&msg->conf); mbedtls_ctr_drbg_free(&msg->ctr_drbg); /*New connection ensure that each initial for next handshake */ os_bzero(msg, sizeof(mbedtls_msg)); msg->psession = mbedtls_session_new(); if (msg->psession){ mbedtls_net_init(&msg->fd); mbedtls_ssl_init(&msg->ssl); mbedtls_ssl_config_init(&msg->conf); mbedtls_ctr_drbg_init(&msg->ctr_drbg); mbedtls_entropy_init(&msg->entropy); } }
int DeviceKey::generate_key_by_random(uint32_t *output, size_t size) { int ret = DEVICEKEY_GENERATE_RANDOM_ERROR; if (DEVICE_KEY_16BYTE > size) { return DEVICEKEY_BUFFER_TOO_SMALL; } else if (DEVICE_KEY_16BYTE != size && DEVICE_KEY_32BYTE != size) { return DEVICEKEY_INVALID_PARAM; } #if defined(DEVICE_TRNG) || defined(MBEDTLS_ENTROPY_NV_SEED) uint32_t test_buff[DEVICE_KEY_32BYTE / sizeof(int)]; mbedtls_entropy_context *entropy = new mbedtls_entropy_context; mbedtls_entropy_init(entropy); memset(output, 0, size); memset(test_buff, 0, size); ret = mbedtls_entropy_func(entropy, (unsigned char *)output, size); if (ret != MBED_SUCCESS || mbedtls_ssl_safer_memcmp(test_buff, (unsigned char *)output, size) == 0) { ret = DEVICEKEY_GENERATE_RANDOM_ERROR; } else { ret = DEVICEKEY_SUCCESS; } mbedtls_entropy_free(entropy); delete entropy; #endif return ret; }
static void ssl_free( SSLExt* ext ) { mbedtls_net_free( &ext->nc ); mbedtls_ssl_free( &ext->sc ); mbedtls_ssl_config_free( &ext->conf ); mbedtls_ctr_drbg_free( &ext->ctr_drbg ); mbedtls_entropy_free( &ext->entropy ); }
static void tls_server_free(struct server *s) { mbedtls_net_free(&s->fd); mbedtls_pk_free(&s->pkey); mbedtls_x509_crt_free(&s->srvcert); mbedtls_x509_crt_free(&s->cacert); mbedtls_ssl_config_free(&s->conf); mbedtls_ctr_drbg_free(&s->ctr_drbg); mbedtls_entropy_free(&s->entropy); }
void websocket_tls_release(int param, mbedtls_ssl_config *conf, mbedtls_x509_crt *cert, mbedtls_pk_context *pkey, mbedtls_entropy_context *entropy, mbedtls_ctr_drbg_context *ctr_drbg, mbedtls_ssl_cache_context *cache) { if (!param) { mbedtls_ssl_cache_free(cache); } mbedtls_ctr_drbg_free(ctr_drbg); mbedtls_entropy_free(entropy); mbedtls_pk_free(pkey); mbedtls_x509_crt_free(cert); mbedtls_ssl_config_free(conf); }
void ssh_crypto_finalize(void) { if (!libmbedcrypto_initialized) { return; } mbedtls_ctr_drbg_free(&ssh_mbedtls_ctr_drbg); mbedtls_entropy_free(&ssh_mbedtls_entropy); libmbedcrypto_initialized = 0; }
static int generate_salt(unsigned char *salt, size_t len) { unsigned char buf[32]; mbedtls_entropy_context ent; mbedtls_entropy_init(&ent); if (mbedtls_entropy_func(&ent, buf, sizeof(buf)) != 0) { mbedtls_entropy_free(&ent); return -1; } mbedtls_entropy_free(&ent); if (mbedtls_base64_encode(salt, len, &len, buf, sizeof(buf)) != 0) { return -1; } return 0; }
int ssl_destroy(SSLConnection* conn) { mbedtls_net_free(&conn->net_ctx); mbedtls_ssl_free(&conn->ssl_ctx); mbedtls_ssl_config_free(&conn->ssl_conf); mbedtls_ctr_drbg_free(&conn->drbg_ctx); mbedtls_entropy_free(&conn->entropy_ctx); mbedtls_x509_crt_free(&conn->ca_cert); mbedtls_x509_crt_free(&conn->client_cert); mbedtls_pk_free(&conn->client_key); return 0; }
/** * @brief free SSL low-level object */ void ssl_pm_free(SSL *ssl) { struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg); mbedtls_entropy_free(&ssl_pm->entropy); mbedtls_ssl_config_free(&ssl_pm->conf); mbedtls_ssl_free(&ssl_pm->ssl); ssl_mem_free(ssl_pm); ssl->ssl_pm = NULL; }
void Curl_mbedtls_close(struct connectdata *conn, int sockindex) { mbedtls_pk_free(&conn->ssl[sockindex].pk); mbedtls_x509_crt_free(&conn->ssl[sockindex].clicert); mbedtls_x509_crt_free(&conn->ssl[sockindex].cacert); mbedtls_x509_crl_free(&conn->ssl[sockindex].crl); mbedtls_ssl_config_free(&conn->ssl[sockindex].config); mbedtls_ssl_free(&conn->ssl[sockindex].ssl); mbedtls_ctr_drbg_free(&conn->ssl[sockindex].ctr_drbg); #ifndef THREADING_SUPPORT mbedtls_entropy_free(&conn->ssl[sockindex].entropy); #endif /* THREADING_SUPPORT */ }
static void coap_security_handler_reset(coap_security_t *sec){ #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_free(&sec->_cacert); mbedtls_x509_crt_free(&sec->_owncert); #endif mbedtls_pk_free(&sec->_pkey); mbedtls_entropy_free( &sec->_entropy ); mbedtls_ctr_drbg_free( &sec->_ctr_drbg ); mbedtls_ssl_config_free(&sec->_conf); mbedtls_ssl_free(&sec->_ssl); }
int iot_tls_destroy(Network *pNetwork) { mbedtls_net_free(&server_fd); mbedtls_x509_crt_free(&clicert); mbedtls_x509_crt_free(&cacert); mbedtls_pk_free(&pkey); mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); return 0; }
void StreamPeerMbedTLS::disconnect_from_stream() { if (!connected) return; mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); base = Ref<StreamPeer>(); connected = false; status = STATUS_DISCONNECTED; }
STATIC mp_uint_t socket_ioctl(mp_obj_t o_in, mp_uint_t request, uintptr_t arg, int *errcode) { mp_obj_ssl_socket_t *self = MP_OBJ_TO_PTR(o_in); if (request == MP_STREAM_CLOSE) { mbedtls_pk_free(&self->pkey); mbedtls_x509_crt_free(&self->cert); mbedtls_x509_crt_free(&self->cacert); mbedtls_ssl_free(&self->ssl); mbedtls_ssl_config_free(&self->conf); mbedtls_ctr_drbg_free(&self->ctr_drbg); mbedtls_entropy_free(&self->entropy); } // Pass all requests down to the underlying socket return mp_get_stream(self->sock)->ioctl(self->sock, request, arg, errcode); }
static void Curl_mbedtls_close(struct connectdata *conn, int sockindex) { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; mbedtls_pk_free(&BACKEND->pk); mbedtls_x509_crt_free(&BACKEND->clicert); mbedtls_x509_crt_free(&BACKEND->cacert); mbedtls_x509_crl_free(&BACKEND->crl); mbedtls_ssl_config_free(&BACKEND->config); mbedtls_ssl_free(&BACKEND->ssl); mbedtls_ctr_drbg_free(&BACKEND->ctr_drbg); #ifndef THREADING_SUPPORT mbedtls_entropy_free(&BACKEND->entropy); #endif /* THREADING_SUPPORT */ }
int main( int argc, char *argv[] ) { FILE *f; int i, k, ret = 1; int exit_code = MBEDTLS_EXIT_FAILURE; mbedtls_entropy_context entropy; unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; if( argc < 2 ) { mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] ); return( exit_code ); } if( ( f = fopen( argv[1], "wb+" ) ) == NULL ) { mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] ); return( exit_code ); } mbedtls_entropy_init( &entropy ); for( i = 0, k = 768; i < k; i++ ) { ret = mbedtls_entropy_func( &entropy, buf, sizeof( buf ) ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_entropy_func returned -%04X\n", ret ); goto cleanup; } fwrite( buf, 1, sizeof( buf ), f ); mbedtls_printf( "Generating %ldkb of data in file '%s'... %04.1f" \ "%% done\r", (long)(sizeof(buf) * k / 1024), argv[1], (100 * (float) (i + 1)) / k ); fflush( stdout ); } exit_code = MBEDTLS_EXIT_SUCCESS; cleanup: mbedtls_printf( "\n" ); fclose( f ); mbedtls_entropy_free( &entropy ); return( exit_code ); }
IoT_Error_t iot_tls_destroy(Network *pNetwork) { TLSDataParams *tlsDataParams = &(pNetwork->tlsDataParams); mbedtls_net_free(&(tlsDataParams->server_fd)); mbedtls_x509_crt_free(&(tlsDataParams->clicert)); mbedtls_x509_crt_free(&(tlsDataParams->cacert)); mbedtls_pk_free(&(tlsDataParams->pkey)); mbedtls_ssl_free(&(tlsDataParams->ssl)); mbedtls_ssl_config_free(&(tlsDataParams->conf)); mbedtls_ctr_drbg_free(&(tlsDataParams->ctr_drbg)); mbedtls_entropy_free(&(tlsDataParams->entropy)); return SUCCESS; }
static CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy, size_t length) { #if defined(MBEDTLS_CTR_DRBG_C) int ret = -1; char errorbuf[128]; mbedtls_entropy_context ctr_entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_entropy_init(&ctr_entropy); mbedtls_ctr_drbg_init(&ctr_drbg); errorbuf[0]=0; ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &ctr_entropy, NULL, 0); if(ret) { #ifdef MBEDTLS_ERROR_C mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); #endif /* MBEDTLS_ERROR_C */ failf(data, "Failed - mbedTLS: ctr_drbg_seed returned (-0x%04X) %s\n", -ret, errorbuf); } else { ret = mbedtls_ctr_drbg_random(&ctr_drbg, entropy, length); if(ret) { #ifdef MBEDTLS_ERROR_C mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); #endif /* MBEDTLS_ERROR_C */ failf(data, "mbedTLS: ctr_drbg_init returned (-0x%04X) %s\n", -ret, errorbuf); } } mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&ctr_entropy); return ret == 0 ? CURLE_OK : CURLE_FAILED_INIT; #elif defined(MBEDTLS_HAVEGE_C) mbedtls_havege_state hs; mbedtls_havege_init(&hs); mbedtls_havege_random(&hs, entropy, length); mbedtls_havege_free(&hs); return CURLE_OK; #else return CURLE_NOT_BUILT_IN; #endif }
static int global_deinit(global_context *gc) { int ret = 0; mbedtls_net_free(&gc->listen_fd); mbedtls_x509_crt_free(&gc->cacert); mbedtls_ssl_config_free(&gc->conf); mbedtls_ssl_cookie_free(&gc->cookie_ctx); #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_free(&gc->cache); #endif mbedtls_ctr_drbg_free(&gc->ctr_drbg); mbedtls_entropy_free(&gc->entropy); return ret == 0 ? 0 : 1; }
void Dtls::FreeMbedtls(void) { #ifdef MBEDTLS_SSL_COOKIE_C mbedtls_ssl_cookie_free(&mCookieCtx); #endif #if OPENTHREAD_ENABLE_APPLICATION_COAP_SECURE #ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED mbedtls_x509_crt_free(&mCaChain); mbedtls_x509_crt_free(&mOwnCert); mbedtls_pk_free(&mPrivateKey); #endif // MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #endif // OPENTHREAD_ENABLE_APPLICATION_COAP_SECURE mbedtls_entropy_free(&mEntropy); mbedtls_ctr_drbg_free(&mCtrDrbg); mbedtls_ssl_config_free(&mConf); mbedtls_ssl_free(&mSsl); }
void ssl_socket_free(void *state_data) { struct ssl_state *state = (struct ssl_state*)state_data; if (!state) return; mbedtls_ssl_free(&state->ctx); mbedtls_ssl_config_free(&state->conf); mbedtls_ctr_drbg_free(&state->ctr_drbg); mbedtls_entropy_free(&state->entropy); #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_free(&state->ca); #endif free(state); }
static void https_shutdown(struct http_client_ctx *ctx) { if (!ctx->https.tid) { return; } /* Empty the fifo just in case there is any received packets * still there. */ while (1) { struct rx_fifo_block *rx_data; rx_data = k_fifo_get(&ctx->https.mbedtls.ssl_ctx.rx_fifo, K_NO_WAIT); if (!rx_data) { break; } net_pkt_unref(rx_data->pkt); k_mem_pool_free(&rx_data->block); } k_fifo_cancel_wait(&ctx->https.mbedtls.ssl_ctx.rx_fifo); /* Let the ssl_rx() run if there is anything there waiting */ k_yield(); mbedtls_ssl_close_notify(&ctx->https.mbedtls.ssl); mbedtls_ssl_free(&ctx->https.mbedtls.ssl); mbedtls_ssl_config_free(&ctx->https.mbedtls.conf); mbedtls_ctr_drbg_free(&ctx->https.mbedtls.ctr_drbg); mbedtls_entropy_free(&ctx->https.mbedtls.entropy); #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_free(&ctx->https.mbedtls.ca_cert); #endif tcp_disconnect(ctx); NET_DBG("HTTPS thread %p stopped for %p", ctx->https.tid, ctx); k_thread_abort(ctx->https.tid); ctx->https.tid = 0; }
static void mbedtls_cleanup(esp_tls_t *tls) { if (!tls) { return; } if (tls->cacert_ptr != global_cacert) { mbedtls_x509_crt_free(tls->cacert_ptr); } tls->cacert_ptr = NULL; mbedtls_x509_crt_free(&tls->cacert); mbedtls_x509_crt_free(&tls->clientcert); mbedtls_pk_free(&tls->clientkey); mbedtls_entropy_free(&tls->entropy); mbedtls_ssl_config_free(&tls->conf); mbedtls_ctr_drbg_free(&tls->ctr_drbg); mbedtls_ssl_free(&tls->ssl); mbedtls_net_free(&tls->server_fd); }
void dslink_socket_close(Socket *sock) { if (!sock) { return; } if (sock->secure) { SslSocket *s = (SslSocket *) sock; mbedtls_ssl_close_notify(s->ssl); mbedtls_entropy_free(s->entropy); mbedtls_ctr_drbg_free(s->drbg); mbedtls_ssl_free(s->ssl); mbedtls_ssl_config_free(s->conf); free(s->entropy); free(s->drbg); free(s->ssl); free(s->conf); } mbedtls_net_free(sock->socket_fd); free(sock->socket_fd); free(sock); }
int init_aes_key(unsigned char *key, size_t bytes) { mbedtls_ctr_drbg_context ctr_drbg; mbedtls_entropy_context entropy; const uint8_t pers[] = "aes_generate_key"; int ret; mbedtls_entropy_init(&entropy); mbedtls_ctr_drbg_init(&ctr_drbg); if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, pers, sizeof(pers) - 1)) == 0) { ret = mbedtls_ctr_drbg_random(&ctr_drbg, key, bytes); } mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); return ret; }
kaa_error_t rsa_encrypt(const uint8_t *key, size_t key_size, const uint8_t *input, size_t input_len, uint8_t *output) { if (key == NULL || key_size == 0) { return KAA_ERR_BADPARAM; } mbedtls_pk_context pk; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; const uint8_t pers[] = "key_gen"; mbedtls_pk_init(&pk); if (mbedtls_pk_parse_public_key(&pk, key, key_size) != 0) { return KAA_ERR_INVALID_PUB_KEY; } mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_entropy_init(&entropy); int ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, pers, sizeof(pers) - 1); if (!ret) { ret = mbedtls_rsa_rsaes_pkcs1_v15_encrypt(mbedtls_pk_rsa(pk), mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PUBLIC, input_len, input, output); } mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); mbedtls_pk_free(&pk); if (ret) { return KAA_ERR_GENERIC; } return KAA_ERR_NONE; }
int dslink_handshake_generate_key_pair(mbedtls_ecdh_context *ctx) { mbedtls_entropy_context ent; mbedtls_entropy_init(&ent); mbedtls_ecdh_init(ctx); int ret = 0; if ((ret = dslink_handshake_get_group(&ctx->grp)) != 0) { goto exit; } if ((errno = mbedtls_ecp_gen_keypair(&ctx->grp, &ctx->d, &ctx->Q, mbedtls_entropy_func, &ent)) != 0) { ret = DSLINK_CRYPT_KEY_PAIR_GEN_ERR; goto exit; } exit: mbedtls_entropy_free(&ent); return ret; }