Allow compile-time configuration of PRNG in SSL module

Introduces MBEDTLS_SSL_CONF_RNG to allow configuring the RNG to be used by the SSL module at compile-time. Impact on code-size: | | GCC 8.2.1 | ARMC5 5.06 | ARMC6 6.12 | | --- | --- | --- | --- | | `libmbedtls.a` before | 23535 | 24089 | 27103 | | `libmbedtls.a` after | 23471 | 24077 | 27045 | | gain in Bytes | 64 | 12 | 58 |
2026-04-04 22:19:05 +00:00 · 2019-06-13 15:39:27 +01:00 · 2019-06-13 15:39:27 +01:00 · ece325c8dd
commit ece325c8dd
parent 1841f84c79
12 changed files with 153 additions and 34 deletions
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@ -209,7 +209,11 @@ int main( void )
        goto exit;
    }

+#if !defined(MBEDTLS_SSL_CONF_RNG)
    mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
+#else
+    mbedtls_ssl_conf_rng_ctx( &conf, &ctr_drbg );
+#endif

 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
    mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ),
--- a/programs/ssl/query_config.c
+++ b/programs/ssl/query_config.c
@ -2706,6 +2706,14 @@ int query_config( const char *config )
    }
 #endif /* MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID */

+#if defined(MBEDTLS_SSL_CONF_RNG)
+    if( strcmp( "MBEDTLS_SSL_CONF_RNG", config ) == 0 )
+    {
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_RNG );
+        return( 0 );
+    }
+#endif /* MBEDTLS_SSL_CONF_RNG */
+
 #if defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET)
    if( strcmp( "MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET", config ) == 0 )
    {
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -1764,7 +1764,12 @@ int main( int argc, char *argv[] )
        }
 #endif

+#if !defined(MBEDTLS_SSL_CONF_RNG)
    mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
+#else
+    mbedtls_ssl_conf_rng_ctx( &conf, &ctr_drbg );
+#endif
+
    mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );

 #if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT)
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -2570,7 +2570,12 @@ int main( int argc, char *argv[] )
        }
 #endif

+#if !defined(MBEDTLS_SSL_CONF_RNG)
    mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
+#else
+    mbedtls_ssl_conf_rng_ctx( &conf, &ctr_drbg );
+#endif
+
    mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );

 #if defined(MBEDTLS_SSL_CACHE_C)