mirror of https://github.com/ARMmbed/mbed-os.git
more error handling added for ctr and hmac
Antti Kauppila
parent
abb37c09be
commit
7904ff05b3
|
|
@ -102,17 +102,15 @@ struct altcp_tls_config {
|
|||
#if defined(MBEDTLS_CTR_DRBG_C)
|
||||
mbedtls_ctr_drbg_context _drbg;
|
||||
#define DRBG_INIT mbedtls_ctr_drbg_init
|
||||
#define DRBG_SEED mbedtls_ctr_drbg_seed
|
||||
#define DRBG_SEED_ERROR "mbedtls_ctr_drbg_seed failed: %d\n"
|
||||
#define DRBG_RANDOM mbedtls_ctr_drbg_random
|
||||
#elif defined(MBEDTLS_HMAC_DRBG_C)
|
||||
mbedtls_hmac_drbg_context _drbg;
|
||||
#define DRBG_INIT mbedtls_hmac_drbg_init
|
||||
#define DRBG_SEED mbedtls_hmac_drbg_seed
|
||||
#define DRBG_SEED_ERROR "mbedtls_hmac_drbg_seed failed: %d\n"
|
||||
#define DRBG_RANDOM mbedtls_hmac_drbg_random
|
||||
#else
|
||||
#error "CTR or HMAC must be defined for coap_security_handler!"
|
||||
#error "CTR or HMAC must be defined for altcp_tls_mbedtls!"
|
||||
#endif
|
||||
mbedtls_x509_crt *cert;
|
||||
mbedtls_pk_context *pkey;
|
||||
|
|
@ -740,7 +738,16 @@ altcp_tls_create_config(int is_server, int have_cert, int have_pkey, int have_ca
|
|||
DRBG_INIT(&conf->_drbg);
|
||||
|
||||
/* Seed the RNG */
|
||||
ret = DRBG_SEED(&conf->_drbg, ALTCP_MBEDTLS_RNG_FN, &conf->entropy, ALTCP_MBEDTLS_ENTROPY_PTR, ALTCP_MBEDTLS_ENTROPY_LEN);
|
||||
#if defined(MBEDTLS_CTR_DRBG_C)
|
||||
ret = mbedtls_ctr_drbg_seed(&conf->_drbg, ALTCP_MBEDTLS_RNG_FN,
|
||||
&conf->entropy, ALTCP_MBEDTLS_ENTROPY_PTR, ALTCP_MBEDTLS_ENTROPY_LEN);
|
||||
#elif defined(MBEDTLS_HMAC_DRBG_C)
|
||||
ret = mbedtls_hmac_drbg_seed(&conf->_drbg, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
|
||||
ALTCP_MBEDTLS_RNG_FN, &conf->entropy,
|
||||
ALTCP_MBEDTLS_ENTROPY_PTR, ALTCP_MBEDTLS_ENTROPY_LEN);
|
||||
#else
|
||||
#error "CTR or HMAC must be defined for altcp_tls_mbedtls!"
|
||||
#endif
|
||||
|
||||
if (ret != 0) {
|
||||
LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, (DRBG_SEED_ERROR, ret));
|
||||
|
|
|
|||
|
|
@ -44,8 +44,14 @@ struct coap_security_s {
|
|||
|
||||
#if defined(MBEDTLS_CTR_DRBG_C)
|
||||
mbedtls_ctr_drbg_context _drbg;
|
||||
#define DRBG_INIT mbedtls_ctr_drbg_init
|
||||
#define DRBG_RANDOM mbedtls_ctr_drbg_random
|
||||
#define DRBG_FREE mbedtls_ctr_drbg_free
|
||||
#elif defined(MBEDTLS_HMAC_DRBG_C)
|
||||
mbedtls_hmac_drbg_context _drbg;
|
||||
#define DRBG_INIT mbedtls_hmac_drbg_init
|
||||
#define DRBG_RANDOM mbedtls_hmac_drbg_random
|
||||
#define DRBG_FREE mbedtls_hmac_drbg_free
|
||||
#else
|
||||
#error "CTR or HMAC must be defined for coap_security_handler!"
|
||||
#endif
|
||||
|
|
@ -122,11 +128,7 @@ static int coap_security_handler_init(coap_security_t *sec)
|
|||
|
||||
mbedtls_ssl_init(&sec->_ssl);
|
||||
mbedtls_ssl_config_init(&sec->_conf);
|
||||
#if defined(MBEDTLS_CTR_DRBG_C)
|
||||
mbedtls_ctr_drbg_init(&sec->_drbg);
|
||||
#elif defined(MBEDTLS_HMAC_DRBG_C)
|
||||
mbedtls_hmac_drbg_init(&sec->_drbg);
|
||||
#endif
|
||||
DRBG_INIT(&sec->_drbg);
|
||||
mbedtls_entropy_init(&sec->_entropy);
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
|
|
@ -157,6 +159,8 @@ static int coap_security_handler_init(coap_security_t *sec)
|
|||
strlen(pers))) != 0) {
|
||||
return -1;
|
||||
}
|
||||
#else
|
||||
#error "CTR or HMAC must be defined for coap_security_handler!"
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -180,11 +184,9 @@ static void coap_security_handler_reset(coap_security_t *sec)
|
|||
#endif
|
||||
|
||||
mbedtls_entropy_free(&sec->_entropy);
|
||||
#if defined(MBEDTLS_CTR_DRBG_C)
|
||||
mbedtls_ctr_drbg_free(&sec->_drbg);
|
||||
#elif defined(MBEDTLS_HMAC_DRBG_C)
|
||||
mbedtls_hmac_drbg_free(&sec->_drbg);
|
||||
#endif
|
||||
|
||||
DRBG_FREE(&sec->_drbg);
|
||||
|
||||
mbedtls_ssl_config_free(&sec->_conf);
|
||||
mbedtls_ssl_free(&sec->_ssl);
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
|
|
@ -421,11 +423,7 @@ int coap_security_handler_connect_non_blocking(coap_security_t *sec, bool is_ser
|
|||
}
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_RNG)
|
||||
#if defined(MBEDTLS_CTR_DRBG_C)
|
||||
mbedtls_ssl_conf_rng(&sec->_conf, mbedtls_ctr_drbg_random, &sec->_drbg);
|
||||
#elif defined(MBEDTLS_HMAC_DRBG_C)
|
||||
mbedtls_ssl_conf_rng(&sec->_conf, mbedtls_hmac_drbg_random, &sec->_drbg);
|
||||
#endif
|
||||
mbedtls_ssl_conf_rng(&sec->_conf, DRBG_RANDOM, &sec->_drbg);
|
||||
#endif
|
||||
|
||||
if ((mbedtls_ssl_setup(&sec->_ssl, &sec->_conf)) != 0) {
|
||||
|
|
|
|||
|
|
@ -47,11 +47,7 @@ TLSSocketWrapper::TLSSocketWrapper(Socket *transport, const char *hostname, cont
|
|||
}
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
mbedtls_entropy_init(&_entropy);
|
||||
#if defined(MBEDTLS_CTR_DRBG_C)
|
||||
mbedtls_ctr_drbg_init(&_drbg);
|
||||
#elif defined(MBEDTLS_HMAC_DRBG_C)
|
||||
mbedtls_hmac_drbg_init(&_drbg);
|
||||
#endif
|
||||
DRBG_INIT(&_drbg);
|
||||
|
||||
mbedtls_ssl_init(&_ssl);
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
|
|
@ -69,11 +65,9 @@ TLSSocketWrapper::~TLSSocketWrapper()
|
|||
close();
|
||||
}
|
||||
mbedtls_entropy_free(&_entropy);
|
||||
#if defined(MBEDTLS_CTR_DRBG_C)
|
||||
mbedtls_ctr_drbg_free(&_drbg);
|
||||
#elif defined(MBEDTLS_HMAC_DRBG_C)
|
||||
mbedtls_hmac_drbg_free(&_drbg);
|
||||
#endif
|
||||
|
||||
DRBG_FREE(&_drbg);
|
||||
|
||||
mbedtls_ssl_free(&_ssl);
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
mbedtls_pk_free(&_pkctx);
|
||||
|
|
@ -201,14 +195,12 @@ nsapi_error_t TLSSocketWrapper::start_handshake(bool first_call)
|
|||
print_mbedtls_error("mbedtls_hmac_drbg_seed", ret);
|
||||
return NSAPI_ERROR_AUTH_FAILURE;
|
||||
}
|
||||
#else
|
||||
#error "CTR or HMAC must be defined for TLSSocketWrapper!"
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_RNG)
|
||||
#if defined(MBEDTLS_CTR_DRBG_C)
|
||||
mbedtls_ssl_conf_rng(get_ssl_config(), mbedtls_ctr_drbg_random, &_drbg);
|
||||
#elif defined(MBEDTLS_HMAC_DRBG_C)
|
||||
mbedtls_ssl_conf_rng(get_ssl_config(), mbedtls_hmac_drbg_random, &_drbg);
|
||||
#endif
|
||||
mbedtls_ssl_conf_rng(get_ssl_config(), DRBG_RANDOM, &_drbg);
|
||||
#endif
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -35,6 +35,20 @@
|
|||
// This class requires Mbed TLS SSL/TLS client code
|
||||
#if defined(MBEDTLS_SSL_CLI_C) || defined(DOXYGEN_ONLY)
|
||||
|
||||
#if defined(MBEDTLS_CTR_DRBG_C)
|
||||
#define DRBG_CTX mbedtls_ctr_drbg_context
|
||||
#define DRBG_INIT mbedtls_ctr_drbg_init
|
||||
#define DRBG_RANDOM mbedtls_ctr_drbg_random
|
||||
#define DRBG_FREE mbedtls_ctr_drbg_free
|
||||
#elif defined(MBEDTLS_HMAC_DRBG_C)
|
||||
#define DRBG_CTX mbedtls_hmac_drbg_context
|
||||
#define DRBG_INIT mbedtls_hmac_drbg_init
|
||||
#define DRBG_RANDOM mbedtls_hmac_drbg_random
|
||||
#define DRBG_FREE mbedtls_hmac_drbg_free
|
||||
#else
|
||||
#error "CTR or HMAC must be defined for TLSSocketWrapper!"
|
||||
#endif
|
||||
|
||||
/**
|
||||
* TLSSocket is a wrapper around Socket for interacting with TLS servers.
|
||||
*
|
||||
|
|
@ -295,11 +309,7 @@ private:
|
|||
mbedtls_pk_context _pkctx;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CTR_DRBG_C)
|
||||
mbedtls_ctr_drbg_context _drbg;
|
||||
#elif defined(MBEDTLS_HMAC_DRBG_C)
|
||||
mbedtls_hmac_drbg_context _drbg;
|
||||
#endif
|
||||
DRBG_CTX _drbg;
|
||||
|
||||
mbedtls_entropy_context _entropy;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue