Re: [lwip-devel] [altcp_tls_mbedtls] Entropy and RNG

lwip-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lwip-devel] [altcp_tls_mbedtls] Entropy and RNG

From:	David Girault
Subject:	Re: [lwip-devel] [altcp_tls_mbedtls] Entropy and RNG
Date:	Wed, 09 Oct 2019 11:46:38 +0200
User-agent:	Evolution 3.32.1-2

Le jeudi 22 août 2019 à 18:01 +0200, Giuseppe Modugno a écrit :
> In altcp_tls_mbedtls.c is defined a static pointer
> altcp_tls_entropy_rng 
> to a struct that manages random number generator, so its members are 
> mbedtls_entropy_context and mbedtls_ctr_drbg_context.
> 
> The struct is allocated only one time at the first TLS connection
> setup 
> and shared with all TLS connections. When all TLS connections are
> freed, 
> the struct is freed too.
> 
> This approach is good if altcp_tls_mbedtls is the only module in the 
> application that uses entropy and random number generator. However
> some 
> applications could have the need to generate random numbers for
> other 
> purposes. In this case, I think it's better to share a single
> entropy 
> pool and a single random number generator for all the application.
> 
> I'm thinking to patch altcp_tls_mbedtls adding a macro that removes
> all 
> the code related to "internal" altcp_tls_entropy_rng. In 
> altcp_tls_create_config(), we call mbedtls_ssl_conf_rng() with a
> custom 
> function with a custom argument. Something similar to:
> 
> #ifndef ALTCP_MBEDTLS_RNG_FUNC
> /** Entropy and random generator are shared by all mbedTLS
> configuration */
> struct altcp_tls_entropy_rng {
>    mbedtls_entropy_context entropy;
>    mbedtls_ctr_drbg_context ctr_drbg;
>    int ref;
> };
> static struct altcp_tls_entropy_rng *altcp_tls_entropy_rng;
> #endif
> 
> ...
> 
> #ifdef ALTCP_MBEDTLS_RNG_FUNC
>      mbedtls_ssl_conf_rng(&conf->conf, ALTCP_MBEDTLS_RNG_FUNC,
> #ifdef ALTCP_MEDTLS_RNG_FUNC_ARG
>          ALTCP_MBEDTLS_RNG_FUNC_ARG
> #else
>          NULL
> #endif
>      );
> #else
>      mbedtls_ssl_conf_rng(&conf->conf, mbedtls_ctr_drbg_random, 
> &altcp_tls_entropy_rng->ctr_drbg);
> #endif
> 
> What do you think?

Hi Giuseppe,

I think it's a usefull addition allowing application to do it the way
it want.

I think three new configuration define must be declared in
altcp_tls_mbedtls_opts.h. Something like thay:

#ifdef ALTCP_MBEDTLS_RNG_FUNC
#define ALTCP_MBEDTLS_RNG_FUNC mbedtls_ctr_drbg_random
#endif
#ifdef ALTCP_MBEDTLS_RNG_ARG
#define
ALTCP_MBEDTLS_RNG_ARG &altcp_tls_entropy_rng->ctr_drbg
#else
#define
ALTCP_MBEDTLS_RNG_CUSTOM 1
#endfif

So all dynamic management of the altcp_tls_entropy_rng structure can be
disabled using a #ifndef ALTCP_MBEDTLS_RNG_CUSTOM statement.

And no need to use #ifdef for the mbedtls_ssl_conf_rng call.

Do you already made some patch?

Regards,
David

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [lwip-devel] [altcp_tls_mbedtls] Entropy and RNG, David Girault <=

Prev by Date: [lwip-devel] [patch #9823] altcp_tls_mbedtls.c: add restartable feature
Next by Date: [lwip-devel] [patch #9823] altcp_tls_mbedtls.c: add restartable feature
Previous by thread: [lwip-devel] [patch #9823] altcp_tls_mbedtls.c: add restartable feature
Next by thread: [lwip-devel] [patch #9860] mdns: fixes for Bonjour Conformance Tests
Index(es):
- Date
- Thread