diff mbox series

[v2] net: lwip: provide entropy to MBed TLS in one go

Message ID 20241114142917.481564-1-ilias.apalodimas@linaro.org
State New
Headers show
Series [v2] net: lwip: provide entropy to MBed TLS in one go | expand

Commit Message

Ilias Apalodimas Nov. 14, 2024, 2:29 p.m. UTC
We currently provide entropy to mbedTLS using 8b chunks.
Take into account the 'len' parameter passed by MBed TLS to the entropy
gathering function instead. Note that the current code works because len
is always 128 (defined at compile time), therefore mbedtls_hardware_poll()
is called repeatedly and the buffer is filled correctly. But passing 'len'
to dm_rng_read() is both better and simpler.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Suggested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---

Changes since v1:
- Update the commit message and title and picked up r-b from Jerome
- v1 can be found here https://lore.kernel.org/u-boot/42870ab3-1621-491f-a221-8ced932ed703@linaro.org/

 net/lwip/wget.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

--
2.45.2

Comments

Simon Glass Nov. 15, 2024, 2:20 p.m. UTC | #1
On Thu, 14 Nov 2024 at 07:29, Ilias Apalodimas
<ilias.apalodimas@linaro.org> wrote:
>
> We currently provide entropy to mbedTLS using 8b chunks.
> Take into account the 'len' parameter passed by MBed TLS to the entropy
> gathering function instead. Note that the current code works because len
> is always 128 (defined at compile time), therefore mbedtls_hardware_poll()
> is called repeatedly and the buffer is filled correctly. But passing 'len'
> to dm_rng_read() is both better and simpler.
>
> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
> Suggested-by: Simon Glass <sjg@chromium.org>
> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
> ---
>
> Changes since v1:
> - Update the commit message and title and picked up r-b from Jerome
> - v1 can be found here https://lore.kernel.org/u-boot/42870ab3-1621-491f-a221-8ced932ed703@linaro.org/
>
>  net/lwip/wget.c | 6 ++----
>  1 file changed, 2 insertions(+), 4 deletions(-)

Reviewed-by: Simon Glass <sjg@chromium.org>

Yes this seems better!
Tom Rini Nov. 23, 2024, 2:42 a.m. UTC | #2
On Thu, Nov 14, 2024 at 04:29:15PM +0200, Ilias Apalodimas wrote:

> We currently provide entropy to mbedTLS using 8b chunks.
> Take into account the 'len' parameter passed by MBed TLS to the entropy
> gathering function instead. Note that the current code works because len
> is always 128 (defined at compile time), therefore mbedtls_hardware_poll()
> is called repeatedly and the buffer is filled correctly. But passing 'len'
> to dm_rng_read() is both better and simpler.
> 
> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
> Suggested-by: Simon Glass <sjg@chromium.org>
> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
> Reviewed-by: Simon Glass <sjg@chromium.org>

Applied to u-boot/master, thanks!
diff mbox series

Patch

diff --git a/net/lwip/wget.c b/net/lwip/wget.c
index ba8579899002..4fd552fd306e 100644
--- a/net/lwip/wget.c
+++ b/net/lwip/wget.c
@@ -42,7 +42,6 @@  int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len,
 			  size_t *olen)
 {
 	struct udevice *dev;
-	u64 rng = 0;
 	int ret;

 	*olen = 0;
@@ -52,12 +51,11 @@  int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len,
 		log_err("Failed to get an rng: %d\n", ret);
 		return ret;
 	}
-	ret = dm_rng_read(dev, &rng, sizeof(rng));
+	ret = dm_rng_read(dev, output, len);
 	if (ret)
 		return ret;

-	memcpy(output, &rng, len);
-	*olen = sizeof(rng);
+	*olen = len;

 	return 0;
 }