[PATCH v2] net: lwip: provide entropy to MBed TLS in one go

Ilias Apalodimas ilias.apalodimas at linaro.org
Thu Nov 14 15:29:15 CET 2024


We currently provide entropy to mbedTLS using 8b chunks.
Take into account the 'len' parameter passed by MBed TLS to the entropy
gathering function instead. Note that the current code works because len
is always 128 (defined at compile time), therefore mbedtls_hardware_poll()
is called repeatedly and the buffer is filled correctly. But passing 'len'
to dm_rng_read() is both better and simpler.

Reviewed-by: Jerome Forissier <jerome.forissier at linaro.org>
Suggested-by: Simon Glass <sjg at chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
---

Changes since v1:
- Update the commit message and title and picked up r-b from Jerome
- v1 can be found here https://lore.kernel.org/u-boot/42870ab3-1621-491f-a221-8ced932ed703@linaro.org/

 net/lwip/wget.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/net/lwip/wget.c b/net/lwip/wget.c
index ba8579899002..4fd552fd306e 100644
--- a/net/lwip/wget.c
+++ b/net/lwip/wget.c
@@ -42,7 +42,6 @@ int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len,
 			  size_t *olen)
 {
 	struct udevice *dev;
-	u64 rng = 0;
 	int ret;

 	*olen = 0;
@@ -52,12 +51,11 @@ int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len,
 		log_err("Failed to get an rng: %d\n", ret);
 		return ret;
 	}
-	ret = dm_rng_read(dev, &rng, sizeof(rng));
+	ret = dm_rng_read(dev, output, len);
 	if (ret)
 		return ret;

-	memcpy(output, &rng, len);
-	*olen = sizeof(rng);
+	*olen = len;

 	return 0;
 }
--
2.45.2



More information about the U-Boot mailing list