Initialise entropy correctly for ssl.

This commit is contained in:
Matthew Parlane 2014-02-27 21:05:18 +13:00
parent 698bf8f2d3
commit e1ec4729b4
2 changed files with 19 additions and 1 deletions

View File

@ -148,7 +148,21 @@ bool CWII_IPC_HLE_Device_net_ssl::IOCtlV(u32 _CommandAddress)
}
entropy_init(&_SSL[sslID].entropy);
ssl_set_rng(&_SSL[sslID].ctx, entropy_func, &_SSL[sslID].entropy);
const char* pers = "dolphin-emu";
ret = ctr_drbg_init(&_SSL[sslID].ctr_drbg, entropy_func,
&_SSL[sslID].entropy,
(const unsigned char*)pers,
strlen(pers));
if (ret)
{
ssl_free(&_SSL[sslID].ctx);
// Cleanup possibly dirty ctx
memset(&_SSL[sslID].ctx, 0, sizeof(ssl_context));
entropy_free(&_SSL[sslID].entropy);
goto _SSL_NEW_ERROR;
}
ssl_set_rng(&_SSL[sslID].ctx, ctr_drbg_random, &_SSL[sslID].ctr_drbg);
// For some reason we can't use TLSv1.2, v1.1 and below are fine!
ssl_set_max_version(&_SSL[sslID].ctx, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_2);
@ -191,6 +205,8 @@ _SSL_NEW_ERROR:
ssl_session_free(&_SSL[sslID].session);
ssl_free(&_SSL[sslID].ctx);
entropy_free(&_SSL[sslID].entropy);
x509_crt_free(&_SSL[sslID].cacert);
x509_crt_free(&_SSL[sslID].clicert);

View File

@ -4,6 +4,7 @@
#pragma once
#include <polarssl/ctr_drbg.h>
#include <polarssl/entropy.h>
#include <polarssl/net.h>
#include <polarssl/ssl.h>
@ -58,6 +59,7 @@ typedef struct
ssl_context ctx;
ssl_session session;
entropy_context entropy;
ctr_drbg_context ctr_drbg;
x509_crt cacert;
x509_crt clicert;
pk_context pk;