Remove OpenSSL #955
Remove OpenSSL #955
Conversation
bettio
force-pushed
the
remove-openssl
branch
from
9e979e5 to
5c9be88
Compare
bettio
force-pushed
the
remove-openssl
branch
4 times, most recently
from
c69faf6 to
7510cf5
Compare
|
|
||
| #ifdef ATOMVM_HAS_MBEDTLS | ||
| #ifndef AVM_NO_SMP | ||
| Mutex *entropy_mutex; |
There was a problem hiding this comment.
I understand these mutexes are only used for initialization. We don't even need to acquire them if the boolean is true.
More simply, why don't we initialize the mbed tls contexts in sys_init_platform?
There was a problem hiding this comment.
I gather the info also here: mutex are used for locking when mbedtls is built without threading support.
We also use them for avoding race condition when doing async init.
| #ifndef AVM_NO_SMP | ||
| Mutex *entropy_mutex; | ||
| #endif | ||
| mbedtls_entropy_context entropy_ctx; |
There was a problem hiding this comment.
We probably want the mbed tls contexts to be in GlobalContext and be available in all platforms unless ATOMVM_HAS_MBEDTLS is undefined.
There was a problem hiding this comment.
I'd like to do some further decoupling while iterating over, so I don't like turning GlobalContext into a kitchen sink.
So the plan is, as mentioned in #930, shipping some features using common components and libraries, and then features such as mbedtls are picked up from platforms supporting it (+ implementing the missing pieces).
bettio
force-pushed
the
remove-openssl
branch
2 times, most recently
from
db622ed to
57a12a6
Compare
Minimal implementation of crypto:strong_rand_bytes/1 using mbedtls. Signed-off-by: Davide Bettio <davide@uninstall.it>
Add test for atomvm:random/0 so implementation can be replaced with a different implementation. Signed-off-by: Davide Bettio <davide@uninstall.it>
Use Mbed-TLS based crypto:strong_rand_bytes/1 for generating random numbers rather than OpenSSL. Signed-off-by: Davide Bettio <davide@uninstall.it>
bettio
force-pushed
the
remove-openssl
branch
4 times, most recently
from
9581fea to
10a3195
Compare
| mbedtls_ctr_drbg_init(&platform->random_ctx); | ||
|
|
||
| mbedtls_entropy_context *entropy_ctx = sys_mbedtls_get_entropy_context_lock(global); | ||
| // Safe to unlock it now, sys_mbedtls_entropy_func will lock it again later |
There was a problem hiding this comment.
I do not understand this and the locking pattern here.
- Isn't locking only meant when MBEDTLS_THREADING_C is not defined?
- Are we just fetching entropy context here without locking it? If so, could we simplify the logic?
There was a problem hiding this comment.
We do locking as part of async initialization and because we don't know what the caller will do afterwards.
Since here we just interact with entropy through the entropy function we can just release the lock as the first thing.
|
|
||
| int sys_mbedtls_entropy_func(void *entropy, unsigned char *buf, size_t size) | ||
| { | ||
| #ifndef MBEDTLS_THREADING_C |
There was a problem hiding this comment.
In fact, if we are building for multicore, we should define MBEDTLS_THREADING_C on esp32 & pico for a finer-grained locking directly managed by mbedtls (they know when to lock and unlock).
On esp32, it's disabled by default but it's part of the sdk config.
On Pico, we provide our own mbedtls-config.h, so we can just add it there.
Then we need to define MBEDTLS_THREADING_ALT and call mbedtls_threading_set_alt.
On esp32, this is defined by default.
On Pico, we need to add it to mbedtls-config.h as well.
On generic unix, we don't control how mbedtls was compiled, so it makes sense to keep this logic and handle the locking ourselves if MBEDTLS_THREADING_C is undefined.
There was a problem hiding this comment.
I did a quick check and they don't look much more fine grained than this implementation.
On ESP32 I didn't want to alter the default configuration and I wanted to support both scenarios, since supporting them didn't cost a large effort I just implemented that wrapper function and handled both configurations.
Right now we customize sdkconfig just for partitioning and that's it.
There was a problem hiding this comment.
Right.
Still we probably want to use mbedtls native threading on Pico as we're providing our own config file.
There was a problem hiding this comment.
I would add a TODO, since this requires extra work for providing rp2040 specific synchronization helpers to mbedtls.
bettio
force-pushed
the
remove-openssl
branch
from
10a3195 to
77ff4b8
Compare
| if (!platform->random_is_initialized) { | ||
| mbedtls_ctr_drbg_init(&platform->random_ctx); | ||
|
|
||
| mbedtls_entropy_context *entropy_ctx = sys_mbedtls_get_entropy_context_lock(global); |
There was a problem hiding this comment.
I am still not a fan of this.
If would deadlock if first calling code first gets entropy and then ctr_drbg.
There was a problem hiding this comment.
yes, but even removing this doesn't completely fix the problem: it might be still hidden in implicit use of entropy from ctr_drbg.
My only valid suggestion here is telling very clearly that ctr_drbg shouldn't be used at all when owning entropy lock.
|
|
||
| int sys_mbedtls_entropy_func(void *entropy, unsigned char *buf, size_t size) | ||
| { | ||
| #ifndef MBEDTLS_THREADING_C |
There was a problem hiding this comment.
Right.
Still we probably want to use mbedtls native threading on Pico as we're providing our own config file.
bettio
force-pushed
the
remove-openssl
branch
from
77ff4b8 to
255f18c
Compare
Define also sys_mbedtls.h header and sys_mbedtls_get_entropy_context_lock and sys_mbedtls_get_ctr_drbg_context_lock functions. Signed-off-by: Davide Bettio <davide@uninstall.it>
bettio
force-pushed
the
remove-openssl
branch
from
255f18c to
2052e3d
Compare
Do not depend both on Mbed-TLS and OpenSSL at the same time, just use Mbed-TLS.
Also now the same code base can be both used on generic unix and MCUs.
Closes #950
These changes are made under both the "Apache 2.0" and the "GNU Lesser General
Public License 2.1 or later" license terms (dual license).
SPDX-License-Identifier: Apache-2.0 OR LGPL-2.1-or-later