/* * Checkup routine for HMAC_DRBG with SHA-1 */ int mbedtls_hmac_drbg_self_test( int verbose ) { mbedtls_hmac_drbg_context ctx; unsigned char buf[OUTPUT_LEN]; const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ); mbedtls_hmac_drbg_init( &ctx ); /* * PR = True */ if( verbose != 0 ) mbedtls_printf( " HMAC_DRBG (PR = True) : " ); test_offset = 0; CHK( mbedtls_hmac_drbg_seed( &ctx, md_info, hmac_drbg_self_test_entropy, (void *) entropy_pr, NULL, 0 ) ); mbedtls_hmac_drbg_set_prediction_resistance( &ctx, MBEDTLS_HMAC_DRBG_PR_ON ); CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) ); CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) ); CHK( memcmp( buf, result_pr, OUTPUT_LEN ) ); mbedtls_hmac_drbg_free( &ctx ); mbedtls_hmac_drbg_free( &ctx ); if( verbose != 0 ) mbedtls_printf( "passed\n" ); /* * PR = False */ if( verbose != 0 ) mbedtls_printf( " HMAC_DRBG (PR = False) : " ); mbedtls_hmac_drbg_init( &ctx ); test_offset = 0; CHK( mbedtls_hmac_drbg_seed( &ctx, md_info, hmac_drbg_self_test_entropy, (void *) entropy_nopr, NULL, 0 ) ); CHK( mbedtls_hmac_drbg_reseed( &ctx, NULL, 0 ) ); CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) ); CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) ); CHK( memcmp( buf, result_nopr, OUTPUT_LEN ) ); mbedtls_hmac_drbg_free( &ctx ); mbedtls_hmac_drbg_free( &ctx ); if( verbose != 0 ) mbedtls_printf( "passed\n" ); if( verbose != 0 ) mbedtls_printf( "\n" ); return( 0 ); }
static int conn_link_mbedtls_initialize(void) { if (g_https_data.initialized) return 0; g_https_data.mbedtls = calloc(1, sizeof(*g_https_data.mbedtls)); if (!g_https_data.mbedtls) return -1; mbedtls_platform_set_calloc_free(conn_link_mbedtls_calloc, conn_link_mbedtls_free); mbedtls_ssl_config_init(&g_https_data.mbedtls->conf); mbedtls_ssl_session_init(&g_https_data.mbedtls->saved_session); mbedtls_entropy_init(&g_https_data.mbedtls->entropy); #ifdef CONFIG_MBEDTLS_ENABLE_CTR_DRBG mbedtls_ctr_drbg_init(&g_https_data.mbedtls->drbg); if (mbedtls_ctr_drbg_seed(&g_https_data.mbedtls->drbg, mbedtls_entropy_func, &g_https_data.mbedtls->entropy, (const void *)"sfx", 3) != 0) { goto err_free; } #else const mbedtls_md_info_t *md_info = NULL; #ifdef MBEDTLS_SHA1_C md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1); #elif defined(MBEDTLS_SHA256_C) md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); #elif defined(MBEDTLS_SHA512_C) md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); #endif DEBUGASSERT(md_info != NULL); mbedtls_hmac_drbg_init(&g_https_data.mbedtls->drbg); if (mbedtls_hmac_drbg_seed(&g_https_data.mbedtls->drbg, md_info, mbedtls_entropy_func, &g_https_data.mbedtls->entropy, (const void *)"sfx", 3) != 0) { goto err_free; } #endif if (mbedtls_ssl_config_defaults(&g_https_data.mbedtls->conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT) != 0) { goto err_free; } #ifdef CONFIG_MBEDTLS_ENABLE_CTR_DRBG mbedtls_ssl_conf_rng(&g_https_data.mbedtls->conf, mbedtls_ctr_drbg_random, &g_https_data.mbedtls->drbg); #else mbedtls_ssl_conf_rng(&g_https_data.mbedtls->conf, mbedtls_hmac_drbg_random, &g_https_data.mbedtls->drbg); #endif mbedtls_ssl_conf_authmode(&g_https_data.mbedtls->conf, MBEDTLS_SSL_VERIFY_NONE); #ifdef CONFIG_MBEDTLS_MAX_FRAGMENT mbedtls_ssl_conf_max_frag_len(&g_https_data.mbedtls->conf, MBEDTLS_SSL_MAX_FRAG_LEN_512); #endif #ifdef CONFIG_MBEDTLS_TRUNCATED_HMAC mbedtls_ssl_conf_truncated_hmac(&g_https_data.mbedtls->conf, MBEDTLS_SSL_TRUNC_HMAC_ENABLED); #endif #ifdef CONFIG_MBEDTLS_SESSION_TICKET /* Use SSL out-fragment buffer of at least 384 bytes with session tickets, * preferably at least 512 bytes. */ mbedtls_ssl_conf_session_tickets(&g_https_data.mbedtls->conf, MBEDTLS_SSL_SESSION_TICKETS_ENABLED); #endif g_https_data.initialized = true; return 0; err_free: #ifdef CONFIG_MBEDTLS_ENABLE_CTR_DRBG mbedtls_ctr_drbg_free(&g_https_data.mbedtls->drbg); #else mbedtls_hmac_drbg_free(&g_https_data.mbedtls->drbg); #endif mbedtls_ssl_session_free(&g_https_data.mbedtls->saved_session); mbedtls_ssl_config_free(&g_https_data.mbedtls->conf); free(g_https_data.mbedtls); g_https_data.mbedtls = NULL; mbedtls_platform_set_calloc_free(calloc, free); g_https_data.initialized = false; return -1; }