[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [lwip-devel] [altcp_tls_mbedtls] Entropy and RNG
From: |
David Girault |
Subject: |
Re: [lwip-devel] [altcp_tls_mbedtls] Entropy and RNG |
Date: |
Wed, 09 Oct 2019 11:46:38 +0200 |
User-agent: |
Evolution 3.32.1-2 |
Le jeudi 22 août 2019 à 18:01 +0200, Giuseppe Modugno a écrit :
> In altcp_tls_mbedtls.c is defined a static pointer
> altcp_tls_entropy_rng
> to a struct that manages random number generator, so its members are
> mbedtls_entropy_context and mbedtls_ctr_drbg_context.
>
> The struct is allocated only one time at the first TLS connection
> setup
> and shared with all TLS connections. When all TLS connections are
> freed,
> the struct is freed too.
>
> This approach is good if altcp_tls_mbedtls is the only module in the
> application that uses entropy and random number generator. However
> some
> applications could have the need to generate random numbers for
> other
> purposes. In this case, I think it's better to share a single
> entropy
> pool and a single random number generator for all the application.
>
> I'm thinking to patch altcp_tls_mbedtls adding a macro that removes
> all
> the code related to "internal" altcp_tls_entropy_rng. In
> altcp_tls_create_config(), we call mbedtls_ssl_conf_rng() with a
> custom
> function with a custom argument. Something similar to:
>
> #ifndef ALTCP_MBEDTLS_RNG_FUNC
> /** Entropy and random generator are shared by all mbedTLS
> configuration */
> struct altcp_tls_entropy_rng {
> mbedtls_entropy_context entropy;
> mbedtls_ctr_drbg_context ctr_drbg;
> int ref;
> };
> static struct altcp_tls_entropy_rng *altcp_tls_entropy_rng;
> #endif
>
> ...
>
> #ifdef ALTCP_MBEDTLS_RNG_FUNC
> mbedtls_ssl_conf_rng(&conf->conf, ALTCP_MBEDTLS_RNG_FUNC,
> #ifdef ALTCP_MEDTLS_RNG_FUNC_ARG
> ALTCP_MBEDTLS_RNG_FUNC_ARG
> #else
> NULL
> #endif
> );
> #else
> mbedtls_ssl_conf_rng(&conf->conf, mbedtls_ctr_drbg_random,
> &altcp_tls_entropy_rng->ctr_drbg);
> #endif
>
> What do you think?
Hi Giuseppe,
I think it's a usefull addition allowing application to do it the way
it want.
I think three new configuration define must be declared in
altcp_tls_mbedtls_opts.h. Something like thay:
#ifdef ALTCP_MBEDTLS_RNG_FUNC
#define ALTCP_MBEDTLS_RNG_FUNC mbedtls_ctr_drbg_random
#endif
#ifdef ALTCP_MBEDTLS_RNG_ARG
#define
ALTCP_MBEDTLS_RNG_ARG &altcp_tls_entropy_rng->ctr_drbg
#else
#define
ALTCP_MBEDTLS_RNG_CUSTOM 1
#endfif
So all dynamic management of the altcp_tls_entropy_rng structure can be
disabled using a #ifndef ALTCP_MBEDTLS_RNG_CUSTOM statement.
And no need to use #ifdef for the mbedtls_ssl_conf_rng call.
Do you already made some patch?
Regards,
David
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [lwip-devel] [altcp_tls_mbedtls] Entropy and RNG,
David Girault <=