Merge pull request #10037 from bjwtaylor/remove-rng-parameters-from-pk

mpg · web-flow · commit 48d1c149d1c2 · 2025-03-26T10:18:08.000Z
Remove rng parameters from PK and X.509
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
@@ -1140,17 +1140,11 @@ void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx);
  * \param ctx       certificate to write away
  * \param buf       buffer to write to
  * \param size      size of the buffer
- * \param f_rng     RNG function. This must not be \c NULL.
- * \param p_rng     RNG parameter
  *
  * \return          length of data written if successful, or a specific
  *                  error code
- *
- * \note            \p f_rng is used for the signature operation.
  */
-int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng);
+int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size);
 
 #if defined(MBEDTLS_PEM_WRITE_C)
 /**
@@ -1159,16 +1153,11 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, s
  * \param ctx       certificate to write away
  * \param buf       buffer to write to
  * \param size      size of the buffer
- * \param f_rng     RNG function. This must not be \c NULL.
- * \param p_rng     RNG parameter
  *
  * \return          0 if successful, or a specific error code
  *
- * \note            \p f_rng is used for the signature operation.
  */
-int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng);
+int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size);
 #endif /* MBEDTLS_PEM_WRITE_C */
 #endif /* MBEDTLS_X509_CRT_WRITE_C */
 
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
@@ -337,17 +337,12 @@ void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx);
  * \param ctx       CSR to write away
  * \param buf       buffer to write to
  * \param size      size of the buffer
- * \param f_rng     RNG function. This must not be \c NULL.
- * \param p_rng     RNG parameter
  *
  * \return          length of data written if successful, or a specific
  *                  error code
  *
- * \note            \p f_rng is used for the signature operation.
  */
-int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng);
+int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size);
 
 #if defined(MBEDTLS_PEM_WRITE_C)
 /**
@@ -357,16 +352,11 @@ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, si
  * \param ctx       CSR to write away
  * \param buf       buffer to write to
  * \param size      size of the buffer
- * \param f_rng     RNG function. This must not be \c NULL.
- * \param p_rng     RNG parameter
  *
  * \return          0 if successful, or a specific error code
  *
- * \note            \p f_rng is used for the signature operation.
  */
-int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng);
+int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size);
 #endif /* MBEDTLS_PEM_WRITE_C */
 #endif /* MBEDTLS_X509_CSR_WRITE_C */
 
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
@@ -2827,7 +2827,7 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl)
                                            ssl->out_msg + 6 + offset,
                                            out_buf_len - 6 - offset,
                                            &n,
-                                           ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx)) != 0) {
+                                           rs_ctx)) != 0) {
         MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret);
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
         if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
@@ -3035,9 +3035,7 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl,
                                    md_alg, hash, hashlen,
                                    ssl->out_msg + ssl->out_msglen + 2,
                                    out_buf_len - ssl->out_msglen - 2,
-                                   signature_len,
-                                   ssl->conf->f_rng,
-                                   ssl->conf->p_rng)) != 0) {
+                                   signature_len)) != 0) {
             MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret);
             return ret;
         }
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
@@ -978,8 +978,7 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl,
 
         if ((ret = mbedtls_pk_sign_ext(pk_type, own_key,
                                        md_alg, verify_hash, verify_hash_len,
-                                       p + 4, (size_t) (end - (p + 4)), &signature_len,
-                                       ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+                                       p + 4, (size_t) (end - (p + 4)), &signature_len)) != 0) {
             MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature failed with %s",
                                       mbedtls_ssl_sig_alg_to_str(*sig_alg)));
             MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_pk_sign_ext", ret);
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
@@ -379,9 +379,7 @@ static int x509_write_time(unsigned char **p, unsigned char *start,
 }
 
 int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
-                              unsigned char *buf, size_t size,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng)
+                              unsigned char *buf, size_t size)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const char *sig_oid;
@@ -571,8 +569,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
 
 
     if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg,
-                               hash, hash_length, sig, sizeof(sig), &sig_len,
-                               f_rng, p_rng)) != 0) {
+                               hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) {
         return ret;
     }
 
@@ -614,15 +611,12 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
 
 #if defined(MBEDTLS_PEM_WRITE_C)
 int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *crt,
-                              unsigned char *buf, size_t size,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng)
+                              unsigned char *buf, size_t size)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t olen;
 
-    if ((ret = mbedtls_x509write_crt_der(crt, buf, size,
-                                         f_rng, p_rng)) < 0) {
+    if ((ret = mbedtls_x509write_crt_der(crt, buf, size)) < 0) {
         return ret;
     }
 
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
@@ -131,9 +131,7 @@ int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx,
 static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
                                       unsigned char *buf,
                                       size_t size,
-                                      unsigned char *sig, size_t sig_size,
-                                      int (*f_rng)(void *, unsigned char *, size_t),
-                                      void *p_rng)
+                                      unsigned char *sig, size_t sig_size)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const char *sig_oid;
@@ -218,8 +216,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
         return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
     }
     if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0,
-                               sig, sig_size, &sig_len,
-                               f_rng, p_rng)) != 0) {
+                               sig, sig_size, &sig_len)) != 0) {
         return ret;
     }
 
@@ -274,9 +271,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
 }
 
 int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf,
-                              size_t size,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng)
+                              size_t size)
 {
     int ret;
     unsigned char *sig;
@@ -286,8 +281,7 @@ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf,
     }
 
     ret = x509write_csr_der_internal(ctx, buf, size,
-                                     sig, MBEDTLS_PK_SIGNATURE_MAX_SIZE,
-                                     f_rng, p_rng);
+                                     sig, MBEDTLS_PK_SIGNATURE_MAX_SIZE);
 
     mbedtls_free(sig);
 
@@ -298,15 +292,12 @@ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf,
 #define PEM_END_CSR             "-----END CERTIFICATE REQUEST-----\n"
 
 #if defined(MBEDTLS_PEM_WRITE_C)
-int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng)
+int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t olen = 0;
 
-    if ((ret = mbedtls_x509write_csr_der(ctx, buf, size,
-                                         f_rng, p_rng)) < 0) {
+    if ((ret = mbedtls_x509write_csr_der(ctx, buf, size)) < 0) {
         return ret;
     }
 
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
@@ -82,8 +82,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
             return 1;
         }
         if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
-                                 mbedtls_test_srv_key_len, NULL, 0,
-                                 dummy_random, &ctr_drbg) != 0) {
+                                 mbedtls_test_srv_key_len, NULL, 0) != 0) {
             return 1;
         }
 #endif
diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c
@@ -44,8 +44,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
         goto exit;
     }
 
-    ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0,
-                               dummy_random, &ctr_drbg);
+    ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0);
     if (ret == 0) {
 #if defined(MBEDTLS_RSA_C)
         if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
@@ -91,8 +91,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
             return 1;
         }
         if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
-                                 mbedtls_test_srv_key_len, NULL, 0,
-                                 dummy_random, &ctr_drbg) != 0) {
+                                 mbedtls_test_srv_key_len, NULL, 0) != 0) {
             return 1;
         }
 #endif
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
@@ -248,8 +248,7 @@ int main(int argc, char *argv[])
             goto cleanup;
         }
 
-        ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password,
-                                       mbedtls_ctr_drbg_random, &ctr_drbg);
+        ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password);
 
         if (ret != 0) {
             mbedtls_printf(" failed\n  !  mbedtls_pk_parse_keyfile returned -0x%04x\n",
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
@@ -363,8 +363,7 @@ int main(int argc, char *argv[])
             goto exit;
         }
 
-        ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL,
-                                       mbedtls_ctr_drbg_random, &ctr_drbg);
+        ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL);
         if (ret != 0) {
             mbedtls_printf(" failed\n  !  mbedtls_pk_parse_keyfile returned -0x%04x",
                            (unsigned int) -ret);
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
@@ -89,8 +89,7 @@ int main(int argc, char *argv[])
     mbedtls_printf("\n  . Reading private key from '%s'", argv[1]);
     fflush(stdout);
 
-    if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
-                                        mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+    if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
         mbedtls_printf(" failed\n  ! mbedtls_pk_parse_keyfile returned -0x%04x\n",
                        (unsigned int) -ret);
         goto exit;
@@ -119,8 +118,7 @@ int main(int argc, char *argv[])
     mbedtls_printf("\n  . Decrypting the encrypted data");
     fflush(stdout);
 
-    if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result),
-                                  mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+    if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result))) != 0) {
         mbedtls_printf(" failed\n  ! mbedtls_pk_decrypt returned -0x%04x\n",
                        (unsigned int) -ret);
         goto exit;
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
@@ -105,8 +105,7 @@ int main(int argc, char *argv[])
     fflush(stdout);
 
     if ((ret = mbedtls_pk_encrypt(&pk, input, strlen(argv[2]),
-                                  buf, &olen, sizeof(buf),
-                                  mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+                                  buf, &olen, sizeof(buf))) != 0) {
         mbedtls_printf(" failed\n  ! mbedtls_pk_encrypt returned -0x%04x\n",
                        (unsigned int) -ret);
         goto exit;
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
@@ -85,8 +85,7 @@ int main(int argc, char *argv[])
     mbedtls_printf("\n  . Reading private key from '%s'", argv[1]);
     fflush(stdout);
 
-    if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
-                                        mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+    if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
         mbedtls_printf(" failed\n  ! Could not parse '%s'\n", argv[1]);
         goto exit;
     }
@@ -106,8 +105,7 @@ int main(int argc, char *argv[])
     }
 
     if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
-                               buf, sizeof(buf), &olen,
-                               mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+                               buf, sizeof(buf), &olen)) != 0) {
         mbedtls_printf(" failed\n  ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret);
         goto exit;
     }
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
@@ -86,8 +86,7 @@ int main(int argc, char *argv[])
     mbedtls_printf("\n  . Reading private key from '%s'", argv[1]);
     fflush(stdout);
 
-    if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
-                                        mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+    if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
         mbedtls_printf(" failed\n  ! Could not read key from '%s'\n", argv[1]);
         mbedtls_printf("  ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret);
         goto exit;
@@ -120,8 +119,7 @@ int main(int argc, char *argv[])
     }
 
     if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
-                               buf, sizeof(buf), &olen,
-                               mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+                               buf, sizeof(buf), &olen)) != 0) {
         mbedtls_printf(" failed\n  ! mbedtls_pk_sign returned %d\n\n", ret);
         goto exit;
     }
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
@@ -165,9 +165,7 @@ int main(void)
                                 (const unsigned char *) mbedtls_test_srv_key,
                                 mbedtls_test_srv_key_len,
                                 NULL,
-                                0,
-                                mbedtls_ctr_drbg_random,
-                                &ctr_drbg);
+                                0);
     if (ret != 0) {
         printf(" failed\n  !  mbedtls_pk_parse_key returned %d\n\n", ret);
         goto exit;
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
@@ -1736,12 +1736,12 @@ int main(int argc, char *argv[])
     } else
 #if defined(MBEDTLS_FS_IO)
     if (strlen(opt.key_file)) {
-        ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd, rng_get, &rng);
+        ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd);
     } else
 #endif
     { ret = mbedtls_pk_parse_key(&pkey,
                                  (const unsigned char *) mbedtls_test_cli_key,
-                                 mbedtls_test_cli_key_len, NULL, 0, rng_get, &rng); }
+                                 mbedtls_test_cli_key_len, NULL, 0); }
     if (ret != 0) {
         mbedtls_printf(" failed\n  !  mbedtls_pk_parse_key returned -0x%x\n\n",
                        (unsigned int) -ret);
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
@@ -138,8 +138,7 @@ int main(void)
     }
 
     ret =  mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
-                                mbedtls_test_srv_key_len, NULL, 0,
-                                mbedtls_ctr_drbg_random, &ctr_drbg);
+                                mbedtls_test_srv_key_len, NULL, 0);
     if (ret != 0) {
         mbedtls_printf(" failed!  mbedtls_pk_parse_key returned %d\n\n", ret);
         goto exit;
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
@@ -514,8 +514,7 @@ int main(int argc, char *argv[])
 
 #if defined(MBEDTLS_FS_IO)
     if (strlen(opt.key_file)) {
-        ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, "",
-                                       mbedtls_ctr_drbg_random, &ctr_drbg);
+        ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, "");
     } else
 #endif
 #if defined(MBEDTLS_PEM_PARSE_C)
@@ -524,9 +523,7 @@ int main(int argc, char *argv[])
                                    (const unsigned char *) mbedtls_test_cli_key,
                                    mbedtls_test_cli_key_len,
                                    NULL,
-                                   0,
-                                   mbedtls_ctr_drbg_random,
-                                   &ctr_drbg);
+                                   0);
     }
 #else
     {
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
@@ -379,8 +379,7 @@ int main(void)
 
     mbedtls_pk_init(&pkey);
     ret =  mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
-                                mbedtls_test_srv_key_len, NULL, 0,
-                                mbedtls_ctr_drbg_random, &ctr_drbg);
+                                mbedtls_test_srv_key_len, NULL, 0);
     if (ret != 0) {
         mbedtls_printf(" failed\n  !  mbedtls_pk_parse_key returned %d\n\n", ret);
         goto exit;
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
@@ -144,8 +144,7 @@ int main(void)
     }
 
     ret =  mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
-                                mbedtls_test_srv_key_len, NULL, 0,
-                                mbedtls_ctr_drbg_random, &ctr_drbg);
+                                mbedtls_test_srv_key_len, NULL, 0);
     if (ret != 0) {
         mbedtls_printf(" failed\n  !  mbedtls_pk_parse_key returned %d\n\n", ret);
         goto exit;
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
diff --git a/tf-psa-crypto b/tf-psa-crypto

Original file line number	Diff line number	Diff line change
`@@ -82,8 +82,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)`
`82`	`82`	`return 1;`
`83`	`83`	`}`
`84`	`84`	`if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,`
`85`		`- mbedtls_test_srv_key_len, NULL, 0,`
`86`		`- dummy_random, &ctr_drbg) != 0) {`
	`85`	`+ mbedtls_test_srv_key_len, NULL, 0) != 0) {`
`87`	`86`	`return 1;`
`88`	`87`	`}`
`89`	`88`	`#endif`
Original file line number	Diff line number	Diff line change
`@@ -44,8 +44,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)`
`44`	`44`	`goto exit;`
`45`	`45`	`}`
`46`	`46`
`47`		`- ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0,`
`48`		`- dummy_random, &ctr_drbg);`
	`47`	`+ ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0);`
`49`	`48`	`if (ret == 0) {`
`50`	`49`	`#if defined(MBEDTLS_RSA_C)`
`51`	`50`	`if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {`
Original file line number	Diff line number	Diff line change
`@@ -91,8 +91,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)`
`91`	`91`	`return 1;`
`92`	`92`	`}`
`93`	`93`	`if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,`
`94`		`- mbedtls_test_srv_key_len, NULL, 0,`
`95`		`- dummy_random, &ctr_drbg) != 0) {`
	`94`	`+ mbedtls_test_srv_key_len, NULL, 0) != 0) {`
`96`	`95`	`return 1;`
`97`	`96`	`}`
`98`	`97`	`#endif`
Original file line number	Diff line number	Diff line change
`@@ -248,8 +248,7 @@ int main(int argc, char *argv[])`
`248`	`248`	`goto cleanup;`
`249`	`249`	`}`
`250`	`250`
`251`		`- ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password,`
`252`		`- mbedtls_ctr_drbg_random, &ctr_drbg);`
	`251`	`+ ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password);`
`253`	`252`
`254`	`253`	`if (ret != 0) {`
`255`	`254`	`mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n",`
Original file line number	Diff line number	Diff line change
`@@ -363,8 +363,7 @@ int main(int argc, char *argv[])`
`363`	`363`	`goto exit;`
`364`	`364`	`}`
`365`	`365`
`366`		`- ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL,`
`367`		`- mbedtls_ctr_drbg_random, &ctr_drbg);`
	`366`	`+ ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL);`
`368`	`367`	`if (ret != 0) {`
`369`	`368`	`mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x",`
`370`	`369`	`(unsigned int) -ret);`
Original file line number	Diff line number	Diff line change
`@@ -85,8 +85,7 @@ int main(int argc, char *argv[])`
`85`	`85`	`mbedtls_printf("\n . Reading private key from '%s'", argv[1]);`
`86`	`86`	`fflush(stdout);`
`87`	`87`
`88`		`- if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",`
`89`		`- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {`
	`88`	`+ if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {`
`90`	`89`	`mbedtls_printf(" failed\n ! Could not parse '%s'\n", argv[1]);`
`91`	`90`	`goto exit;`
`92`	`91`	`}`
`@@ -106,8 +105,7 @@ int main(int argc, char *argv[])`
`106`	`105`	`}`
`107`	`106`
`108`	`107`	`if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,`
`109`		`- buf, sizeof(buf), &olen,`
`110`		`- mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {`
	`108`	`+ buf, sizeof(buf), &olen)) != 0) {`
`111`	`109`	`mbedtls_printf(" failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret);`
`112`	`110`	`goto exit;`
`113`	`111`	`}`
Original file line number	Diff line number	Diff line change
`@@ -138,8 +138,7 @@ int main(void)`
`138`	`138`	`}`
`139`	`139`
`140`	`140`	`ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,`
`141`		`- mbedtls_test_srv_key_len, NULL, 0,`
`142`		`- mbedtls_ctr_drbg_random, &ctr_drbg);`
	`141`	`+ mbedtls_test_srv_key_len, NULL, 0);`
`143`	`142`	`if (ret != 0) {`
`144`	`143`	`mbedtls_printf(" failed! mbedtls_pk_parse_key returned %d\n\n", ret);`
`145`	`144`	`goto exit;`
Original file line number	Diff line number	Diff line change
`@@ -144,8 +144,7 @@ int main(void)`
`144`	`144`	`}`
`145`	`145`
`146`	`146`	`ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,`
`147`		`- mbedtls_test_srv_key_len, NULL, 0,`
`148`		`- mbedtls_ctr_drbg_random, &ctr_drbg);`
	`147`	`+ mbedtls_test_srv_key_len, NULL, 0);`
`149`	`148`	`if (ret != 0) {`
`150`	`149`	`mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);`
`151`	`150`	`goto exit;`