Re: [PATCH] mbedtls: remove MBEDTLS_HAVE_TIME

Ilias Apalodimas Fri, 06 Dec 2024 06:40:36 -0800

Hi Jerome,

On Fri, 6 Dec 2024 at 16:33, Jerome Forissier
<jerome.foriss...@linaro.org> wrote:
>
>
>
> On 12/6/24 11:56, Ilias Apalodimas wrote:
> > When MbedTLS TLS features were added MBEDTLS_HAVE_TIME was defined as part
> > of enabling https:// support. However that pointed to the wrong function
> > which could crash if it received a NULL pointer.
> >
> > Looking closer that function is not really needed, as it only seems to
> > increase the RNG entropy by using 4b of the current time and date.
> > The reason that was enabled is that lwIP was unconditionally requiring it,
> > although it's configurable and can be turned off.
> >
> > Since lwIP doesn't use that field anywhere else, make it conditional and
> > disable it from our config.
> >
> > Fixes: commit a564f5094f62 ("mbedtls: Enable TLS 1.2 support")
> > Reported-by: Heinrich Schuchardt <heinrich.schucha...@canonical.com>
> > Signed-off-by: Ilias Apalodimas <ilias.apalodi...@linaro.org>
> > ---
> >  lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c | 2 ++
> >  lib/mbedtls/mbedtls_def_config.h                     | 3 ---
> >  2 files changed, 2 insertions(+), 3 deletions(-)
> >
> > diff --git a/lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c 
> > b/lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c
> > index 6643b05ee94d..46421588fef8 100644
> > --- a/lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c
> > +++ b/lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c
> > @@ -692,7 +692,9 @@ altcp_tls_set_session(struct altcp_pcb *conn, struct 
> > altcp_tls_session *session)
> >    if (session && conn && conn->state) {
> >      altcp_mbedtls_state_t *state = (altcp_mbedtls_state_t *)conn->state;
> >      int ret = -1;
> > +#ifdef MBEDTLS_HAVE_TIME
> >      if (session->data.MBEDTLS_PRIVATE(start))
> > +#endif
>
> Should this part be sent upstream? Maybe as a followup patch in [1]?


Yes it should. I'll open a PR shortly


>
> [1] https://github.com/lwip-tcpip/lwip/pull/47
>
> >        ret = mbedtls_ssl_set_session(&state->ssl_context, &session->data);
> >      return ret < 0 ? ERR_VAL : ERR_OK;
> >    }
> > diff --git a/lib/mbedtls/mbedtls_def_config.h 
> > b/lib/mbedtls/mbedtls_def_config.h
> > index d27f017d0847..1d2314e90e4d 100644
> > --- a/lib/mbedtls/mbedtls_def_config.h
> > +++ b/lib/mbedtls/mbedtls_def_config.h
> > @@ -92,9 +92,6 @@
> >
> >  /* Generic options */
> >  #define MBEDTLS_ENTROPY_HARDWARE_ALT
> > -#define MBEDTLS_HAVE_TIME
> > -#define MBEDTLS_PLATFORM_MS_TIME_ALT
> > -#define MBEDTLS_PLATFORM_TIME_MACRO rtc_mktime
> >  #define MBEDTLS_PLATFORM_C
> >  #define MBEDTLS_SSL_CLI_C
> >  #define MBEDTLS_SSL_TLS_C
>
> Acked-by: Jerome Forissier <jerome.foriss...@linaro.org>

Thanks
/Ilias
>
> Thanks,
> --
> Jerome

Re: [PATCH] mbedtls: remove MBEDTLS_HAVE_TIME

Reply via email to