more error handling added for ctr and hmac

Antti Kauppila · Antti Kauppila · commit 7904ff05b3ef · 2020-03-31T15:59:56.000+03:00
diff --git a/features/lwipstack/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c b/features/lwipstack/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c
@@ -102,17 +102,15 @@ struct altcp_tls_config {
 #if defined(MBEDTLS_CTR_DRBG_C)
     mbedtls_ctr_drbg_context    _drbg;
 #define DRBG_INIT mbedtls_ctr_drbg_init
-#define DRBG_SEED mbedtls_ctr_drbg_seed
 #define DRBG_SEED_ERROR "mbedtls_ctr_drbg_seed failed: %d\n"
 #define DRBG_RANDOM mbedtls_ctr_drbg_random
 #elif defined(MBEDTLS_HMAC_DRBG_C)
     mbedtls_hmac_drbg_context   _drbg;
 #define DRBG_INIT mbedtls_hmac_drbg_init
-#define DRBG_SEED mbedtls_hmac_drbg_seed
 #define DRBG_SEED_ERROR "mbedtls_hmac_drbg_seed failed: %d\n"
 #define DRBG_RANDOM mbedtls_hmac_drbg_random
 #else
-#error "CTR or HMAC must be defined for coap_security_handler!"
+#error "CTR or HMAC must be defined for altcp_tls_mbedtls!"
 #endif
   mbedtls_x509_crt *cert;
   mbedtls_pk_context *pkey;
@@ -740,7 +738,16 @@ altcp_tls_create_config(int is_server, int have_cert, int have_pkey, int have_ca
   DRBG_INIT(&conf->_drbg);
 
   /* Seed the RNG */
-  ret = DRBG_SEED(&conf->_drbg, ALTCP_MBEDTLS_RNG_FN, &conf->entropy, ALTCP_MBEDTLS_ENTROPY_PTR, ALTCP_MBEDTLS_ENTROPY_LEN);
+#if defined(MBEDTLS_CTR_DRBG_C)
+    ret = mbedtls_ctr_drbg_seed(&conf->_drbg, ALTCP_MBEDTLS_RNG_FN,
+                                &conf->entropy, ALTCP_MBEDTLS_ENTROPY_PTR, ALTCP_MBEDTLS_ENTROPY_LEN);
+#elif defined(MBEDTLS_HMAC_DRBG_C)
+    ret = mbedtls_hmac_drbg_seed(&conf->_drbg, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+                                 ALTCP_MBEDTLS_RNG_FN, &conf->entropy,
+                                 ALTCP_MBEDTLS_ENTROPY_PTR, ALTCP_MBEDTLS_ENTROPY_LEN);
+#else
+#error "CTR or HMAC must be defined for altcp_tls_mbedtls!"
+#endif
 
   if (ret != 0) {
     LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, (DRBG_SEED_ERROR, ret));
diff --git a/features/nanostack/coap-service/source/coap_security_handler.c b/features/nanostack/coap-service/source/coap_security_handler.c
@@ -44,8 +44,14 @@ struct coap_security_s {
 
 #if defined(MBEDTLS_CTR_DRBG_C)
     mbedtls_ctr_drbg_context    _drbg;
+#define DRBG_INIT mbedtls_ctr_drbg_init
+#define DRBG_RANDOM mbedtls_ctr_drbg_random
+#define DRBG_FREE mbedtls_ctr_drbg_free
 #elif defined(MBEDTLS_HMAC_DRBG_C)
     mbedtls_hmac_drbg_context   _drbg;
+#define DRBG_INIT mbedtls_hmac_drbg_init
+#define DRBG_RANDOM mbedtls_hmac_drbg_random
+#define DRBG_FREE mbedtls_hmac_drbg_free
 #else
 #error "CTR or HMAC must be defined for coap_security_handler!"
 #endif
@@ -122,11 +128,7 @@ static int coap_security_handler_init(coap_security_t *sec)
 
     mbedtls_ssl_init(&sec->_ssl);
     mbedtls_ssl_config_init(&sec->_conf);
-#if defined(MBEDTLS_CTR_DRBG_C)
-    mbedtls_ctr_drbg_init(&sec->_drbg);
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-    mbedtls_hmac_drbg_init(&sec->_drbg);
-#endif
+    DRBG_INIT(&sec->_drbg);
     mbedtls_entropy_init(&sec->_entropy);
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -157,6 +159,8 @@ static int coap_security_handler_init(coap_security_t *sec)
                                strlen(pers))) != 0) {
         return -1;
     }
+#else
+#error "CTR or HMAC must be defined for coap_security_handler!"
 #endif
     return 0;
 }
@@ -180,11 +184,9 @@ static void coap_security_handler_reset(coap_security_t *sec)
 #endif
 
     mbedtls_entropy_free(&sec->_entropy);
-#if defined(MBEDTLS_CTR_DRBG_C)
-    mbedtls_ctr_drbg_free(&sec->_drbg);
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-    mbedtls_hmac_drbg_free(&sec->_drbg);
-#endif
+
+    DRBG_FREE(&sec->_drbg);
+
     mbedtls_ssl_config_free(&sec->_conf);
     mbedtls_ssl_free(&sec->_ssl);
 #if defined(MBEDTLS_PLATFORM_C)
@@ -421,11 +423,7 @@ int coap_security_handler_connect_non_blocking(coap_security_t *sec, bool is_ser
     }
 
 #if !defined(MBEDTLS_SSL_CONF_RNG)
-#if defined(MBEDTLS_CTR_DRBG_C)
-    mbedtls_ssl_conf_rng(&sec->_conf, mbedtls_ctr_drbg_random, &sec->_drbg);
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-    mbedtls_ssl_conf_rng(&sec->_conf, mbedtls_hmac_drbg_random, &sec->_drbg);
-#endif
+    mbedtls_ssl_conf_rng(&sec->_conf, DRBG_RANDOM, &sec->_drbg);
 #endif
 
     if ((mbedtls_ssl_setup(&sec->_ssl, &sec->_conf)) != 0) {
diff --git a/features/netsocket/TLSSocketWrapper.cpp b/features/netsocket/TLSSocketWrapper.cpp
@@ -47,11 +47,7 @@ TLSSocketWrapper::TLSSocketWrapper(Socket *transport, const char *hostname, cont
     }
 #endif /* MBEDTLS_PLATFORM_C */
     mbedtls_entropy_init(&_entropy);
-#if defined(MBEDTLS_CTR_DRBG_C)
-    mbedtls_ctr_drbg_init(&_drbg);
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-    mbedtls_hmac_drbg_init(&_drbg);
-#endif
+    DRBG_INIT(&_drbg);
 
     mbedtls_ssl_init(&_ssl);
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -69,11 +65,9 @@ TLSSocketWrapper::~TLSSocketWrapper()
         close();
     }
     mbedtls_entropy_free(&_entropy);
-#if defined(MBEDTLS_CTR_DRBG_C)
-    mbedtls_ctr_drbg_free(&_drbg);
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-    mbedtls_hmac_drbg_free(&_drbg);
-#endif
+
+    DRBG_FREE(&_drbg);
+
     mbedtls_ssl_free(&_ssl);
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
     mbedtls_pk_free(&_pkctx);
@@ -201,14 +195,12 @@ nsapi_error_t TLSSocketWrapper::start_handshake(bool first_call)
         print_mbedtls_error("mbedtls_hmac_drbg_seed", ret);
         return NSAPI_ERROR_AUTH_FAILURE;
     }
+#else
+#error "CTR or HMAC must be defined for TLSSocketWrapper!"
 #endif
 
 #if !defined(MBEDTLS_SSL_CONF_RNG)
-#if defined(MBEDTLS_CTR_DRBG_C)
-    mbedtls_ssl_conf_rng(get_ssl_config(), mbedtls_ctr_drbg_random, &_drbg);
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-    mbedtls_ssl_conf_rng(get_ssl_config(), mbedtls_hmac_drbg_random, &_drbg);
-#endif
+    mbedtls_ssl_conf_rng(get_ssl_config(), DRBG_RANDOM, &_drbg);
 #endif
 
 
diff --git a/features/netsocket/TLSSocketWrapper.h b/features/netsocket/TLSSocketWrapper.h
@@ -35,6 +35,20 @@
 // This class requires Mbed TLS SSL/TLS client code
 #if defined(MBEDTLS_SSL_CLI_C) || defined(DOXYGEN_ONLY)
 
+#if defined(MBEDTLS_CTR_DRBG_C)
+#define DRBG_CTX mbedtls_ctr_drbg_context
+#define DRBG_INIT mbedtls_ctr_drbg_init
+#define DRBG_RANDOM mbedtls_ctr_drbg_random
+#define DRBG_FREE mbedtls_ctr_drbg_free
+#elif defined(MBEDTLS_HMAC_DRBG_C)
+#define DRBG_CTX mbedtls_hmac_drbg_context
+#define DRBG_INIT mbedtls_hmac_drbg_init
+#define DRBG_RANDOM mbedtls_hmac_drbg_random
+#define DRBG_FREE mbedtls_hmac_drbg_free
+#else
+#error "CTR or HMAC must be defined for TLSSocketWrapper!"
+#endif
+
 /**
  * TLSSocket is a wrapper around Socket for interacting with TLS servers.
  *
@@ -295,11 +309,7 @@ class TLSSocketWrapper : public Socket {
     mbedtls_pk_context _pkctx;
 #endif
 
-#if defined(MBEDTLS_CTR_DRBG_C)
-    mbedtls_ctr_drbg_context _drbg;
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-    mbedtls_hmac_drbg_context _drbg;
-#endif
+    DRBG_CTX _drbg;
 
     mbedtls_entropy_context _entropy;
 
