open /dev/urandom when entropy context is initialized and keep open #323
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Automatic CI verification build not done, please verify manually. |
|
At first glance, looks good to me. In order to accept your contribution, we'll request that you sign our contributor license agreement. Can you please get in touch with @sbutcher-arm or @pjbakker regarding the details? Thanks! |
|
Happy to do the CLA but I'm not sure how to get in touch (neither Sam nor Paul have their email addresses public). Either of them can contact me at the address on my profile. Thanks. |
|
I just sent an email to the three of you. |
|
|
||
| int mbedtls_platform_entropy_init( void ) | ||
| { | ||
| #if !defined(HAVE_GETRANDOM) |
There was a problem hiding this comment.
HAVE_GETRANDOM doesn't guarantee that getrandom is available at runtime (we support older Linux kernel versions that some embedded devices run), so the /dev/urandom code needs to be included regardless.
|
@jkarneges Thank you for your contribution! I've made a new pull request #1545 which builds on your work, fixes the case of getrandom() available at build time but not at runtime, and makes a few related improvements. |
simonbutcher
added
the
component-crypto
|
This PR hasn't been active in a long time, and development work has been pursued in PR #1545. I am therefore closing this PR, and further work can happen there. @jkarneges - if you'd like to pick this up again, please raise a new PR or push to the other PR #1545. |
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbedtls
that referenced
this pull request
Dec 19, 2019
* Mbed-TLS#321: Replace config.pl by config.py * Mbed-TLS#322: Update Mbed Crypto with latest Mbed TLS changes as of 2019-11-15 * Mbed-TLS#308: Small performance improvement of mbedtls_mpi_div_mpi() * Mbed-TLS#324: test_psa_constant_names: support key agreement, better code structure * Mbed-TLS#320: Link to the PSA crypto portal page from README.md * Mbed-TLS#293: Always gather MBEDTLS_ENTROPY_BLOCK_SIZE bytes of entropy * Mbed-TLS#310: Clarify test descriptions in test_suite_memory_buffer_alloc * Mbed-TLS#307: Add ASN.1 ENUMERATED tag support * Mbed-TLS#328: Remove dependency of crypto_values.h on crypto_extra.h * Mbed-TLS#325: Rename psa_asymmetric_{sign_verify} to psa_{sign,verify}_hash * Mbed-TLS#333: Streamline PSA key type encodings: prepare * Mbed-TLS#323: Initialise return values to an error * Mbed-TLS#330: Streamline PSA key type encodings
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbedtls
that referenced
this pull request
Dec 19, 2019
* Mbed-TLS#333: Streamline PSA key type encodings: prepare * Mbed-TLS#323: Initialise return values to an error * Mbed-TLS#330: Streamline PSA key type encodings
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbedtls
that referenced
this pull request
Dec 19, 2019
In a previous submodule update: * Mbed-TLS#333: Streamline PSA key type encodings: prepare * Mbed-TLS#323: Initialise return values to an error In this submodule update: * Mbed-TLS#330: Streamline PSA key type encodings
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbedtls
that referenced
this pull request
Jan 30, 2020
In a previous submodule update: * Mbed-TLS#333: Streamline PSA key type encodings: prepare * Mbed-TLS#323: Initialise return values to an error In this submodule update: * Mbed-TLS#330: Streamline PSA key type encodings
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbedtls
that referenced
this pull request
Jan 30, 2020
Previously in d875285: * Mbed-TLS#333: Streamline PSA key type encodings: prepare * Mbed-TLS#323: Initialise return values to an error Previously in dbcb442: * Mbed-TLS#291: Test MBEDTLS_CTR_DRBG_USE_128_BIT_KEY * Mbed-TLS#334: Fix some pylint warnings Previously in ceceedb: * Mbed-TLS#348: Bump version to Mbed TLS 2.20.0 and crypto SO version to 4 * Mbed-TLS#354: Fix incrementing pointer instead of value In this commit: * Mbed-TLS#349: Fix minor defects found by Coverity * Mbed-TLS#179: Add option to build SHA-512 without SHA-384 * Mbed-TLS#330: Streamline PSA key type and curve encodings
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbedtls
that referenced
this pull request
Jan 31, 2020
Previously in d875285: * Mbed-TLS#333: Streamline PSA key type encodings: prepare * Mbed-TLS#323: Initialise return values to an error Previously in dbcb442: * Mbed-TLS#291: Test MBEDTLS_CTR_DRBG_USE_128_BIT_KEY * Mbed-TLS#334: Fix some pylint warnings Previously in ceceedb: * Mbed-TLS#348: Bump version to Mbed TLS 2.20.0 and crypto SO version to 4 * Mbed-TLS#354: Fix incrementing pointer instead of value In this commit: * Mbed-TLS#349: Fix minor defects found by Coverity * Mbed-TLS#179: Add option to build SHA-512 without SHA-384 * Mbed-TLS#330: Streamline PSA key type and curve encodings
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbedtls
that referenced
this pull request
Jan 31, 2020
Previously in d875285: * Mbed-TLS#333: Streamline PSA key type encodings: prepare * Mbed-TLS#323: Initialise return values to an error Previously in dbcb442: * Mbed-TLS#291: Test MBEDTLS_CTR_DRBG_USE_128_BIT_KEY * Mbed-TLS#334: Fix some pylint warnings Previously in ceceedb: * Mbed-TLS#348: Bump version to Mbed TLS 2.20.0 and crypto SO version to 4 * Mbed-TLS#354: Fix incrementing pointer instead of value In this commit: * Mbed-TLS#349: Fix minor defects found by Coverity * Mbed-TLS#179: Add option to build SHA-512 without SHA-384 * Mbed-TLS#327: Implement psa_hash_compute and psa_hash_compare * Mbed-TLS#330: Streamline PSA key type and curve encodings
Patater
added a commit
to Patater/mbedtls
that referenced
this pull request
Feb 10, 2020
…return-values Initialise return values to an error
hanno-becker
pushed a commit
to hanno-becker/mbedtls
that referenced
this pull request
Jul 30, 2021
…tls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies
iameli
pushed a commit
to livepeer/mbedtls
that referenced
this pull request
Dec 5, 2023
Fix rtpw invocation if srcdir != objdir
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed patch for #322. The user simply calls
entropy_initbefore entering chroot.