Change dhm_calc_secret() prototype

2025-10-30 19:20:40 -04:00 · 2013-09-04 14:22:07 +02:00 · 2013-09-04 14:22:07 +02:00 · 2d627649bf
commit 2d627649bf
parent 07de4b1d08
7 changed files with 21 additions and 10 deletions
--- a/include/polarssl/dhm.h
+++ b/include/polarssl/dhm.h
@ -219,11 +219,15 @@ int dhm_make_public( dhm_context *ctx, int x_size,
 * \param ctx      DHM context
 * \param output   destination buffer
 * \param olen     number of chars written
+ * \param f_rng    RNG function, for blinding purposes
+ * \param p_rng    RNG parameter
 *
 * \return         0 if successful, or an POLARSSL_ERR_DHM_XXX error code
 */
 int dhm_calc_secret( dhm_context *ctx,
-                     unsigned char *output, size_t *olen );
+                     unsigned char *output, size_t *olen,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng );

 /**
 * \brief          Free the components of a DHM key
--- a/library/dhm.c
+++ b/library/dhm.c
@ -249,10 +249,15 @@ cleanup:
 * Derive and export the shared secret (G^Y)^X mod P
 */
 int dhm_calc_secret( dhm_context *ctx,
-                     unsigned char *output, size_t *olen )
+                     unsigned char *output, size_t *olen,
+                     int (*f_rng)(void *, unsigned char *, size_t),
+                     void *p_rng )
 {
    int ret;

+    (void) f_rng;
+    (void) p_rng;
+
    if( ctx == NULL || *olen < ctx->len )
        return( POLARSSL_ERR_DHM_BAD_INPUT_DATA );

--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -1713,7 +1713,8 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )

        if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
                                      ssl->handshake->premaster,
-                                     &ssl->handshake->pmslen ) ) != 0 )
+                                     &ssl->handshake->pmslen,
+                                     ssl->f_rng, ssl->p_rng ) ) != 0 )
        {
            SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
            return( ret );
@ -1842,7 +1843,7 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
        *(p++) = (unsigned char)( ssl->handshake->dhm_ctx.len >> 8 );
        *(p++) = (unsigned char)( ssl->handshake->dhm_ctx.len      );
        if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
-                                      p, &n ) ) != 0 )
+                                      p, &n, ssl->f_rng, ssl->p_rng ) ) != 0 )
        {
            SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
            return( ret );
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -2386,7 +2386,8 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )

        if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
                                      ssl->handshake->premaster,
-                                     &ssl->handshake->pmslen ) ) != 0 )
+                                     &ssl->handshake->pmslen,
+                                      ssl->f_rng, ssl->p_rng ) ) != 0 )
        {
            SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
            return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS );
@ -2472,7 +2473,7 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
        n = ssl->handshake->dhm_ctx.len;

        if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
-                                      p, &n ) ) != 0 )
+                                      p, &n, ssl->f_rng, ssl->p_rng ) ) != 0 )
        {
            SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
            return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS );
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@ -239,7 +239,7 @@ int main( int argc, char *argv[] )
    fflush( stdout );

    n = dhm.len;
-    if( ( ret = dhm_calc_secret( &dhm, buf, &n ) ) != 0 )
+    if( ( ret = dhm_calc_secret( &dhm, buf, &n, NULL, NULL ) ) != 0 )
    {
        printf( " failed\n  ! dhm_calc_secret returned %d\n\n", ret );
        goto exit;
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@ -242,7 +242,7 @@ int main( int argc, char *argv[] )
    printf( "\n  . Shared secret: " );
    fflush( stdout );

-    if( ( ret = dhm_calc_secret( &dhm, buf, &n ) ) != 0 )
+    if( ( ret = dhm_calc_secret( &dhm, buf, &n, NULL, NULL ) ) != 0 )
    {
        printf( " failed\n  ! dhm_calc_secret returned %d\n\n", ret );
        goto exit;
--- a/tests/suites/test_suite_dhm.function
+++ b/tests/suites/test_suite_dhm.function
@ -49,8 +49,8 @@ void dhm_do_dhm( int NOTUSED, int radix_P, char *input_P,

    TEST_ASSERT( dhm_read_public( &ctx_srv, pub_cli, pub_cli_len ) == 0 );

-    TEST_ASSERT( dhm_calc_secret( &ctx_srv, sec_srv, &sec_srv_len ) == 0 );
-    TEST_ASSERT( dhm_calc_secret( &ctx_cli, sec_cli, &sec_cli_len ) == 0 );
+    TEST_ASSERT( dhm_calc_secret( &ctx_srv, sec_srv, &sec_srv_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
+    TEST_ASSERT( dhm_calc_secret( &ctx_cli, sec_cli, &sec_cli_len, NULL, NULL ) == 0 );

    TEST_ASSERT( sec_srv_len == sec_cli_len );
    TEST_ASSERT( sec_srv_len != 0 );