From 88d71da23f500cd19d2dabdd50224afd46e30cab Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Wed, 28 May 2025 12:03:48 +0530 Subject: [PATCH] fix(mbedtls): Addressed comments on PR15679 --- components/mbedtls/port/esp_hardware.c | 3 +- .../port/include/mbedtls/esp_mbedtls_random.h | 32 +++++++++++++++++++ .../mbedtls/port/include/mbedtls/esp_random.h | 29 ----------------- .../test_apps/main/test_ds_sign_and_decrypt.c | 2 +- .../src/crypto/crypto_mbedtls-bignum.c | 2 +- .../src/crypto/crypto_mbedtls-ec.c | 2 +- .../src/crypto/crypto_mbedtls-rsa.c | 2 +- .../esp_supplicant/src/crypto/tls_mbedtls.c | 2 +- 8 files changed, 39 insertions(+), 35 deletions(-) create mode 100644 components/mbedtls/port/include/mbedtls/esp_mbedtls_random.h delete mode 100644 components/mbedtls/port/include/mbedtls/esp_random.h diff --git a/components/mbedtls/port/esp_hardware.c b/components/mbedtls/port/esp_hardware.c index 4168b3c9d3..5633cccf3a 100644 --- a/components/mbedtls/port/esp_hardware.c +++ b/components/mbedtls/port/esp_hardware.c @@ -9,7 +9,7 @@ #include #include #include "esp_random.h" -#include "mbedtls/esp_random.h" +#include "mbedtls/esp_mbedtls_random.h" #include @@ -27,6 +27,7 @@ int mbedtls_hardware_poll( void *data, int mbedtls_esp_random(void *ctx, unsigned char *buf, size_t len) { + (void) ctx; // unused esp_fill_random(buf, len); return 0; } diff --git a/components/mbedtls/port/include/mbedtls/esp_mbedtls_random.h b/components/mbedtls/port/include/mbedtls/esp_mbedtls_random.h new file mode 100644 index 0000000000..a89575c2dc --- /dev/null +++ b/components/mbedtls/port/include/mbedtls/esp_mbedtls_random.h @@ -0,0 +1,32 @@ +/* + * SPDX-FileCopyrightText: 2025 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ +#pragma once + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief MbedTLS-compatible RNG function + * + * @note Suitable for passing as f_rng to various MbedTLS APIs that require it. + * It uses esp_fill_random internally, and the caller must ensure that the + * entropy sources of the RNG peripheral are enabled correctly. See the RNG + * chapter in the TRM for more details. + * + * @param ctx User-supplied context + * @param buf Pointer to a buffer to fill with random numbers + * @param len Length of the buffer in bytes + * + * @return 0 on success + */ +int mbedtls_esp_random(void *ctx, unsigned char *buf, size_t len); + +#ifdef __cplusplus +} +#endif diff --git a/components/mbedtls/port/include/mbedtls/esp_random.h b/components/mbedtls/port/include/mbedtls/esp_random.h deleted file mode 100644 index 7e5e7a1d4c..0000000000 --- a/components/mbedtls/port/include/mbedtls/esp_random.h +++ /dev/null @@ -1,29 +0,0 @@ -/* - * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD - * - * SPDX-License-Identifier: Apache-2.0 - */ -#pragma once - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * @brief MbedTLS-compatible RNG function - * - * @note Suitable for passing as f_rng to various Mbed-TLS APIs that require it. - * - * @param ctx User-supplied context - * @param buf Pointer to buffer to fill with random numbers. - * @param len Length of buffer in bytes - * - * @return 0 (success) - */ -int mbedtls_esp_random(void *ctx, unsigned char *buf, size_t len); - -#ifdef __cplusplus -} -#endif diff --git a/components/mbedtls/test_apps/main/test_ds_sign_and_decrypt.c b/components/mbedtls/test_apps/main/test_ds_sign_and_decrypt.c index 0f1ce9b1c2..2ea61fa5fc 100644 --- a/components/mbedtls/test_apps/main/test_ds_sign_and_decrypt.c +++ b/components/mbedtls/test_apps/main/test_ds_sign_and_decrypt.c @@ -21,7 +21,7 @@ static heap_trace_record_t trace_record[NUM_RECORDS]; // This buffer must be in #include "esp_ds.h" #include "esp_ds/esp_ds_rsa.h" -int mbedtls_esp_random(void *ctx, unsigned char *output, size_t len) +static int mbedtls_esp_random(void *ctx, unsigned char *output, size_t len) { if (len == 0 || output == NULL) { return -1; diff --git a/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-bignum.c b/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-bignum.c index 895bdfd803..6328136a91 100644 --- a/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-bignum.c +++ b/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-bignum.c @@ -7,7 +7,7 @@ #ifdef ESP_PLATFORM #include "esp_system.h" #include "mbedtls/bignum.h" -#include "mbedtls/esp_random.h" +#include "mbedtls/esp_mbedtls_random.h" #endif #include "utils/includes.h" diff --git a/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-ec.c b/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-ec.c index 32ec4bb76c..b7c9fab697 100644 --- a/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-ec.c +++ b/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-ec.c @@ -7,7 +7,7 @@ #ifdef ESP_PLATFORM #include "esp_system.h" #include "mbedtls/bignum.h" -#include "mbedtls/esp_random.h" +#include "mbedtls/esp_mbedtls_random.h" #endif #include "utils/includes.h" diff --git a/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-rsa.c b/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-rsa.c index 6de2e81a1c..649e860a3c 100644 --- a/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-rsa.c +++ b/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-rsa.c @@ -6,7 +6,7 @@ #ifdef ESP_PLATFORM #include "mbedtls/bignum.h" -#include "mbedtls/esp_random.h" +#include "mbedtls/esp_mbedtls_random.h" #endif #include "utils/includes.h" diff --git a/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c b/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c index df828e0160..4eef749d73 100644 --- a/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c +++ b/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c @@ -13,7 +13,7 @@ #include "crypto/sha256.h" #include "crypto/sha384.h" -#include "mbedtls/esp_random.h" +#include "mbedtls/esp_mbedtls_random.h" /* TODO: Remove this once the appropriate solution is found *