[PATCH] mbedtls: remove MBEDTLS_HAVE_TIME

Jerome Forissier jerome.forissier at linaro.org
Fri Dec 6 15:33:32 CET 2024 


On 12/6/24 11:56, Ilias Apalodimas wrote:
> When MbedTLS TLS features were added MBEDTLS_HAVE_TIME was defined as part
> of enabling https:// support. However that pointed to the wrong function
> which could crash if it received a NULL pointer.
> 
> Looking closer that function is not really needed, as it only seems to
> increase the RNG entropy by using 4b of the current time and date. 
> The reason that was enabled is that lwIP was unconditionally requiring it,
> although it's configurable and can be turned off.
> 
> Since lwIP doesn't use that field anywhere else, make it conditional and
> disable it from our config.
> 
> Fixes: commit a564f5094f62 ("mbedtls: Enable TLS 1.2 support")
> Reported-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
> Signed-off-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> ---
>  lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c | 2 ++
>  lib/mbedtls/mbedtls_def_config.h                     | 3 ---
>  2 files changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c b/lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c
> index 6643b05ee94d..46421588fef8 100644
> --- a/lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c
> +++ b/lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c
> @@ -692,7 +692,9 @@ altcp_tls_set_session(struct altcp_pcb *conn, struct altcp_tls_session *session)
>    if (session && conn && conn->state) {
>      altcp_mbedtls_state_t *state = (altcp_mbedtls_state_t *)conn->state;
>      int ret = -1;
> +#ifdef MBEDTLS_HAVE_TIME
>      if (session->data.MBEDTLS_PRIVATE(start))
> +#endif

Should this part be sent upstream? Maybe as a followup patch in [1]?

[1] https://github.com/lwip-tcpip/lwip/pull/47

>        ret = mbedtls_ssl_set_session(&state->ssl_context, &session->data);
>      return ret < 0 ? ERR_VAL : ERR_OK;
>    }
> diff --git a/lib/mbedtls/mbedtls_def_config.h b/lib/mbedtls/mbedtls_def_config.h
> index d27f017d0847..1d2314e90e4d 100644
> --- a/lib/mbedtls/mbedtls_def_config.h
> +++ b/lib/mbedtls/mbedtls_def_config.h
> @@ -92,9 +92,6 @@
>  
>  /* Generic options */
>  #define MBEDTLS_ENTROPY_HARDWARE_ALT
> -#define MBEDTLS_HAVE_TIME
> -#define MBEDTLS_PLATFORM_MS_TIME_ALT
> -#define MBEDTLS_PLATFORM_TIME_MACRO rtc_mktime
>  #define MBEDTLS_PLATFORM_C
>  #define MBEDTLS_SSL_CLI_C
>  #define MBEDTLS_SSL_TLS_C

Acked-by: Jerome Forissier <jerome.forissier at linaro.org>

Thanks,
-- 
Jerome

More information about the U-Boot mailing list