[mbedtls] configure max entropy sources to 1 to save RAM (#2441)

- Reduces the number of maximum entropy sources from 20 to 1 to save RAM. - Explicitly add platform-specific entropy source.
2026-06-06 05:24:51 +00:00 · 2018-01-04 17:01:30 +00:00
parent 5ed108d9cf
commit 9f49148e7e
12 changed files with 43 additions and 70 deletions
@@ -54,7 +54,6 @@
    </ClCompile>
  </ItemDefinitionGroup>
  <ItemGroup>
-    <ClCompile Include="..\..\third_party\mbedtls\hardware_entropy.c" />
    <ClCompile Include="..\..\third_party\mbedtls\repo.patched\library\aes.c" />
    <ClCompile Include="..\..\third_party\mbedtls\repo.patched\library\bignum.c" />
    <ClCompile Include="..\..\third_party\mbedtls\repo.patched\library\ccm.c" />
@@ -13,9 +13,6 @@
    </Filter>
  </ItemGroup>
  <ItemGroup>
-    <ClCompile Include="..\..\third_party\mbedtls\hardware_entropy.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
    <ClCompile Include="..\..\third_party\mbedtls\repo.patched\library\aes.c">
      <Filter>Source Files\repo.patched\library</Filter>
    </ClCompile>
@@ -57,7 +57,6 @@
    </ClCompile>
  </ItemDefinitionGroup>
  <ItemGroup>
-    <ClCompile Include="..\..\third_party\mbedtls\hardware_entropy.c" />
    <ClCompile Include="..\..\third_party\mbedtls\repo.patched\library\aes.c" />
    <ClCompile Include="..\..\third_party\mbedtls\repo.patched\library\bignum.c" />
    <ClCompile Include="..\..\third_party\mbedtls\repo.patched\library\ccm.c" />
@@ -13,9 +13,6 @@
    </Filter>
  </ItemGroup>
  <ItemGroup>
-    <ClCompile Include="..\..\third_party\mbedtls\hardware_entropy.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
    <ClCompile Include="..\..\third_party\mbedtls\repo.patched\library\aes.c">
      <Filter>Source Files\repo.patched\library</Filter>
    </ClCompile>
@@ -295,7 +295,7 @@
 *
 * Uncomment to use your own hardware entropy collector.
 */
-#define MBEDTLS_ENTROPY_HARDWARE_ALT
+//#define MBEDTLS_ENTROPY_HARDWARE_ALT

 /**
 * \def MBEDTLS_AES_ROM_TABLES
@@ -776,7 +776,7 @@
 *
 * Uncomment this macro to prevent loading of default entropy functions.
 */
-//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES

 /**
 * \def MBEDTLS_NO_PLATFORM_ENTROPY
@@ -2461,7 +2461,7 @@
 #define MBEDTLS_ECP_FIXED_POINT_OPTIM      0 /**< Enable fixed-point speed-up */

 /* Entropy options */
-//#define MBEDTLS_ENTROPY_MAX_SOURCES                20 /**< Maximum number of sources supported */
+#define MBEDTLS_ENTROPY_MAX_SOURCES                1 /**< Maximum number of sources supported */
 //#define MBEDTLS_ENTROPY_MAX_GATHER                128 /**< Maximum amount requested from entropy sources */

 /* Memory buffer allocator options */
@@ -295,7 +295,7 @@
 *
 * Uncomment to use your own hardware entropy collector.
 */
-#define MBEDTLS_ENTROPY_HARDWARE_ALT
+//#define MBEDTLS_ENTROPY_HARDWARE_ALT

 /**
 * \def MBEDTLS_AES_ROM_TABLES
@@ -776,7 +776,7 @@
 *
 * Uncomment this macro to prevent loading of default entropy functions.
 */
-//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES

 /**
 * \def MBEDTLS_NO_PLATFORM_ENTROPY
@@ -2461,7 +2461,7 @@
 #define MBEDTLS_ECP_FIXED_POINT_OPTIM      0 /**< Enable fixed-point speed-up */

 /* Entropy options */
-//#define MBEDTLS_ENTROPY_MAX_SOURCES                20 /**< Maximum number of sources supported */
+#define MBEDTLS_ENTROPY_MAX_SOURCES                1 /**< Maximum number of sources supported */
 //#define MBEDTLS_ENTROPY_MAX_GATHER                128 /**< Maximum amount requested from entropy sources */

 /* Memory buffer allocator options */
@@ -342,7 +342,7 @@ __inline int windows_kernel_snprintf(char * s, size_t n, const char * format, ..
 *
 * Uncomment to use your own hardware entropy collector.
 */
-#define MBEDTLS_ENTROPY_HARDWARE_ALT
+//#define MBEDTLS_ENTROPY_HARDWARE_ALT

 /**
 * \def MBEDTLS_AES_ROM_TABLES
@@ -823,7 +823,7 @@ __inline int windows_kernel_snprintf(char * s, size_t n, const char * format, ..
 *
 * Uncomment this macro to prevent loading of default entropy functions.
 */
-//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES

 /**
 * \def MBEDTLS_NO_PLATFORM_ENTROPY
@@ -2539,7 +2539,7 @@ __inline int windows_kernel_snprintf(char * s, size_t n, const char * format, ..
 #define MBEDTLS_ECP_FIXED_POINT_OPTIM      0 /**< Enable fixed-point speed-up */

 /* Entropy options */
-//#define MBEDTLS_ENTROPY_MAX_SOURCES                20 /**< Maximum number of sources supported */
+#define MBEDTLS_ENTROPY_MAX_SOURCES                1 /**< Maximum number of sources supported */
 //#define MBEDTLS_ENTROPY_MAX_GATHER                128 /**< Maximum amount requested from entropy sources */
 //#define MBEDTLS_ENTROPY_MIN_HARDWARE               32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */

@@ -80,6 +80,31 @@ Dtls::Dtls(Instance &aInstance):
    mProvisioningUrl.Init();
 }

+int Dtls::HandleMbedtlsEntropyPoll(void *aData, unsigned char *aOutput, size_t aInLen, size_t *aOutLen)
+{
+    otError error;
+    int rval = 0;
+
+    OT_UNUSED_VARIABLE(aData);
+
+    error = otPlatRandomGetTrue((uint8_t *)aOutput, (uint16_t)aInLen);
+    SuccessOrExit(error);
+
+    if (aOutLen != NULL)
+    {
+        *aOutLen = aInLen;
+    }
+
+exit:
+
+    if (error != OT_ERROR_NONE)
+    {
+        rval = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+    }
+
+    return rval;
+}
+
 otError Dtls::Start(bool aClient, ConnectedHandler aConnectedHandler, ReceiveHandler aReceiveHandler,
                    SendHandler aSendHandler, void *aContext)
 {
@@ -99,6 +124,9 @@ otError Dtls::Start(bool aClient, ConnectedHandler aConnectedHandler, ReceiveHan
    mbedtls_ssl_config_init(&mConf);
    mbedtls_ctr_drbg_init(&mCtrDrbg);
    mbedtls_entropy_init(&mEntropy);
+    rval = mbedtls_entropy_add_source(&mEntropy, &Dtls::HandleMbedtlsEntropyPoll, NULL,
+                                      MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_SOURCE_STRONG);
+    VerifyOrExit(rval == 0);

    // mbedTLS's debug level is almost the same as OpenThread's
    mbedtls_debug_set_threshold(OPENTHREAD_CONFIG_LOG_LEVEL);
@@ -40,6 +40,7 @@

 #include <mbedtls/ssl.h>
 #include <mbedtls/entropy.h>
+#include <mbedtls/entropy_poll.h>
 #include <mbedtls/ctr_drbg.h>
 #include <mbedtls/error.h>
 #include <mbedtls/certs.h>
@@ -231,6 +232,8 @@ private:
    static void HandleTimer(Timer &aTimer);
    void HandleTimer(void);

+    static int HandleMbedtlsEntropyPoll(void *aData, unsigned char *aOutput, size_t aInLen, size_t *aOutLen);
+
    void Close(void);
    void Process(void);

@@ -41,7 +41,6 @@ libmbedcrypto_a_CPPFLAGS                      = \
    $(NULL)

 libmbedcrypto_a_SOURCES                       = \
-    hardware_entropy.c                          \
    repo.patched/library/md.c                   \
    repo.patched/library/md_wrap.c              \
    repo.patched/library/memory_buffer_alloc.c  \
@@ -1,49 +0,0 @@
-/*
- *    Copyright 2016 The OpenThread Authors. All Rights Reserved.
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-
-/**
- * @file
- *   This file implements to use hardware entropy source.
- *   uncomment MBEDTLS_ENTROPY_HARDWARE_ALT in mbedtls/mbedtls_config.h to use this.
- */
-
-#include <stddef.h>
-
-#include "openthread/types.h"
-#include "openthread/platform/random.h"
-
-#include "mbedtls/entropy.h"
-
-int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len, size_t *olen)
-{
-    otError error;
-
-    (void)data;
-
-    error = otPlatRandomGetTrue((uint8_t *)output, (uint16_t)len);
-
-    if (error != OT_ERROR_NONE)
-    {
-        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
-    }
-
-    if (olen != NULL)
-    {
-        *olen = len;
-    }
-
-    return 0;
-}
@@ -341,7 +341,7 @@ __inline int windows_kernel_snprintf(char * s, size_t n, const char * format, ..
 *
 * Uncomment to use your own hardware entropy collector.
 */
-#define MBEDTLS_ENTROPY_HARDWARE_ALT
+//#define MBEDTLS_ENTROPY_HARDWARE_ALT

 /**
 * \def MBEDTLS_AES_ROM_TABLES
@@ -822,7 +822,7 @@ __inline int windows_kernel_snprintf(char * s, size_t n, const char * format, ..
 *
 * Uncomment this macro to prevent loading of default entropy functions.
 */
-//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES

 /**
 * \def MBEDTLS_NO_PLATFORM_ENTROPY
@@ -2538,7 +2538,7 @@ __inline int windows_kernel_snprintf(char * s, size_t n, const char * format, ..
 #define MBEDTLS_ECP_FIXED_POINT_OPTIM      0 /**< Enable fixed-point speed-up */

 /* Entropy options */
-//#define MBEDTLS_ENTROPY_MAX_SOURCES                20 /**< Maximum number of sources supported */
+#define MBEDTLS_ENTROPY_MAX_SOURCES                1 /**< Maximum number of sources supported */
 //#define MBEDTLS_ENTROPY_MAX_GATHER                128 /**< Maximum amount requested from entropy sources */
 //#define MBEDTLS_ENTROPY_MIN_HARDWARE               32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */