Re: [PATCH ustream-ssl] ustream-mbedtls: Use getrandom() instead of /dev/urandom
Hi Hauke! On Sun, 19 Feb 2023 21:06:15 +0100 Hauke Mehrtens wrote: > Hi Torsten, > > Sorry for the late answer, I forgot about this mail thread. No problem. > > On Sun, 29 Jan 2023 17:08:38 +0100 > > Hauke Mehrtens wrote: [...] > ustreamss uses the randomness to generate session keys (including > ephemeral keys), IVs and padding. The long term keys are generated in a > different application. [...] > > I think we should wait with creating TLS sessions till we have enough > random data to do it securely. I tested this on a lantiq xrx200 (MIPS) > device and it was initialized much before the LAN interface was up. ^^^ Yes. Good that it works out this way. Otherwise you'd have had a tough decision to make. > The code in ustream-mbedtls.c was probably initially written when > /dev/random was still blocking when too much entropy was read out of the > pool. I guess so, too. > I will rename the function. Cool. You can add my review tag if you want... Torsten ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH ustream-ssl v2] ustream-mbedtls: Use getrandom() instead of /dev/urandom
On Sun, 19 Feb 2023 21:11:12 +0100
Hauke Mehrtens wrote:
> Instead of keeping a file descriptor open just use the getrandom syscall
> to get random data. This is supported by the musl, glibc and Linux for
> some time now.
>
> This also improves the error handling in case this function returns not
> as many bytes as expected.
>
> Signed-off-by: Hauke Mehrtens
Reviewed-by: Torsten Duwe
> ---
> ustream-mbedtls.c | 25 ++---
> 1 file changed, 6 insertions(+), 19 deletions(-)
>
> changes since v1:
> * rename _urandom to _random
>
> diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c
> index e79e37b..7fc7874 100644
> --- a/ustream-mbedtls.c
> +++ b/ustream-mbedtls.c
> @@ -17,6 +17,7 @@
> */
>
> #include
> +#include
> #include
> #include
> #include
> @@ -25,8 +26,6 @@
> #include "ustream-ssl.h"
> #include "ustream-internal.h"
>
> -static int urandom_fd = -1;
> -
> static int s_ustream_read(void *ctx, unsigned char *buf, size_t len)
> {
> struct ustream *s = ctx;
> @@ -66,21 +65,12 @@ __hidden void ustream_set_io(struct ustream_ssl_ctx *ctx,
> void *ssl, struct ustr
> mbedtls_ssl_set_bio(ssl, conn, s_ustream_write, s_ustream_read, NULL);
> }
>
> -static bool urandom_init(void)
> +static int _random(void *ctx, unsigned char *out, size_t len)
> {
> - if (urandom_fd > -1)
> - return true;
> + ssize_t ret;
>
> - urandom_fd = open("/dev/urandom", O_RDONLY);
> - if (urandom_fd < 0)
> - return false;
> -
> - return true;
> -}
> -
> -static int _urandom(void *ctx, unsigned char *out, size_t len)
> -{
> - if (read(urandom_fd, out, len) < 0)
> + ret = getrandom(out, len, 0);
> + if (ret < 0 || (size_t)ret != len)
> return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
>
> return 0;
> @@ -134,9 +124,6 @@ __ustream_ssl_context_new(bool server)
> mbedtls_ssl_config *conf;
> int ep;
>
> - if (!urandom_init())
> - return NULL;
> -
> ctx = calloc(1, sizeof(*ctx));
> if (!ctx)
> return NULL;
> @@ -159,7 +146,7 @@ __ustream_ssl_context_new(bool server)
>
> mbedtls_ssl_config_defaults(conf, ep, MBEDTLS_SSL_TRANSPORT_STREAM,
> MBEDTLS_SSL_PRESET_DEFAULT);
> - mbedtls_ssl_conf_rng(conf, _urandom, NULL);
> + mbedtls_ssl_conf_rng(conf, _random, NULL);
>
> if (server) {
> mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_NONE);
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: m7621 i2c read failure
On 2/16/23 17:17, Alexander Papazoglou wrote: My first guess would be that your microcontroller code doesn't handle repeated starts properly. All of the i2ctransfer commands you've shown involve at least one repeated start with the new driver but perhaps not with the old one. To verify, you can break them up in such a way that no repeated starts are issued. Since you control the microcontroller, you can add diagnostic code (printfs?) to see what I2C reads/writes are being issued by the MT7621. Yes, understood and thank you. Unfortunately, due to present time constraints, I need to leave this as working "well enough" with the older driver. I strongly suspect I'll be returning to this, but it will be some weeks away. In the meantime, in case someone else stumbles across this, I will add some remaining information that I should have filled in. The MCU is an ARM-based Sinomcu part, which is a clone of some kind. I'm using the Keil SDK and whatever libraries that is pulling in/using. I do have an MCU development board with its own serial port, but in practice on the real hardware, I think the only real debug is going to be i2c itself. I think it is possible to set breakpoints of the debugger (STLink), but not single step for whatever reason. If there's a way to get debug strings of of the STLink, then I haven't discovered it. Thanks again. ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH] mvebu: add support for Buffalo LinkStation LS220DE
The Buffalo LinkStation LS220DE is a dual bay NAS, based on Marvell
Armada 370
Hardware:
SoC: Marvell Armada 88F6707
CPU: Cortex-A9 800 MHz, 1 core
Flash 1: SPI-NOR 1 MiB (U-Boot)
Flash 2: NAND 512 MiB (OS)
RAM: DDR3 256 MiB
Ethernet:1x 1GbE
USB: 1x 2.0
SATA:2x 3Gb/s
LEDs/Input: 5x / 2x (1x button, 1x slide-switch)
Fan: 1x casing
Flash instructions, from hard drive:
1. Get access to the "boot" partition at the hard drive where the stock
firmware is installed. It can be done with acp-commander or by
plugging the hard drive to a computer.
2. Backup the stock uImage:
mv /boot/uImage.buffalo /boot/uImage.buffalo.bak
3. Move and rename the Openwrt initramfs image to the boot partition:
mv openwrt-initramfs-kernel.bin /boot/uImage.buffalo
4. Power on the Linkstation with the hardrive inside. Now Openwrt will
boot, but still not installed.
5. Connect via ssh to OpenWrt:
ssh root@192.168.1.1
6. Rename boot files inside boot partition
mount -t ext3 /dev/sda1 /mnt
mv /mnt/uImage.buffalo /mnt/uImage.buffalo.openwrt.bak
mv /mnt/initrd.buffalo /mnt/initrd.buffalo.bak
7. Format ubi partitions at the NAND flash ("kernel_ubi" and "ubi"):
ubiformat /dev/mtd0 -y
ubidetach -p /dev/mtd1
ubiformat /dev/mtd1 -y
8. Flash the sysupgrade image:
sysupgrade -n openwrt-squashfs-sysupgrade.bin
9. Wait until it finish, the device will reboot with OpenWrt installed
on the NAND flash.
Restore the stock firmware:
1. Take the hard drive used for the installation and restore boot backup
files to their original names:
mount -t ext3 /dev/sda1 /mnt
mv /mnt/uImage.buffalo.bak /mnt/uImage.buffalo
mv /mnt/initrd.buffalo.bak /mnt/initrd.buffalo
2. Boot from the hard drive and perform a stock firmware update using
the Buffalo utility. The NAND will be restored to the original
state.
Signed-off-by: Daniel González Cabanelas
---
package/boot/uboot-envtools/files/mvebu | 1 +
.../base-files/etc/board.d/02_network | 1 +
.../base-files/lib/upgrade/platform.sh| 7 +
.../boot/dts/armada-370-buffalo-ls220de.dts | 380 ++
target/linux/mvebu/image/Makefile | 10 +
target/linux/mvebu/image/cortexa9.mk | 15 +
...set-linkstation-poweroff-add-ls220de.patch | 19 +
7 files changed, 433 insertions(+)
create mode 100644
target/linux/mvebu/files/arch/arm/boot/dts/armada-370-buffalo-ls220de.dts
create mode 100644
target/linux/mvebu/patches-5.15/105-power-reset-linkstation-poweroff-add-ls220de.patch
diff --git a/package/boot/uboot-envtools/files/mvebu
b/package/boot/uboot-envtools/files/mvebu
index cc1c648f24..63b5132608 100644
--- a/package/boot/uboot-envtools/files/mvebu
+++ b/package/boot/uboot-envtools/files/mvebu
@@ -13,6 +13,7 @@ touch /etc/config/ubootenv
board=$(board_name)
case "$board" in
+buffalo,ls220de|\
buffalo,ls421de)
ubootenv_add_uci_config "/dev/mtd3" "0x0" "0x1"
;;
diff --git a/target/linux/mvebu/cortexa9/base-files/etc/board.d/02_network
b/target/linux/mvebu/cortexa9/base-files/etc/board.d/02_network
index c613a3cd60..d2229fe6bf 100644
--- a/target/linux/mvebu/cortexa9/base-files/etc/board.d/02_network
+++ b/target/linux/mvebu/cortexa9/base-files/etc/board.d/02_network
@@ -61,6 +61,7 @@ mvebu_setup_macs()
local label_mac=""
case "$board" in
+ buffalo,ls220de|\
buffalo,ls421de)
lan_mac=$(mtd_get_mac_ascii u-boot-env eth1addr)
;;
diff --git a/target/linux/mvebu/cortexa9/base-files/lib/upgrade/platform.sh
b/target/linux/mvebu/cortexa9/base-files/lib/upgrade/platform.sh
index 18b978d437..9019c1aeff 100755
--- a/target/linux/mvebu/cortexa9/base-files/lib/upgrade/platform.sh
+++ b/target/linux/mvebu/cortexa9/base-files/lib/upgrade/platform.sh
@@ -25,6 +25,13 @@ platform_check_image() {
platform_do_upgrade() {
case "$(board_name)" in
+ buffalo,ls220de)
+ # Kernel UBI volume name must be "boot"
+ CI_KERNPART=boot
+ CI_KERN_UBIPART=ubi_kernel
+ CI_ROOT_UBIPART=ubi
+ nand_do_upgrade "$1"
+ ;;
buffalo,ls421de)
nand_do_upgrade "$1"
;;
diff --git
a/target/linux/mvebu/files/arch/arm/boot/dts/armada-370-buffalo-ls220de.dts
b/target/linux/mvebu/files/arch/arm/boot/dts/armada-370-buffalo-ls220de.dts
new file mode 100644
index 00..3de9ac5473
--- /dev/null
+++ b/target/linux/mvebu/files/arch/arm/boot/dts/armada-370-buffalo-ls220de.dts
@@ -0,0 +1,380 @@
+// SPDX-License-Identifier: (GPL-2.0-or-later OR MIT)
+/*
+ * Device Tree file for Buffalo LinkStation LS220DE
+ *
+ * Copyright (C) 2023 Daniel González Cabanelas
+ */
+
+/dts-v1/;
+
+#include "armada-370.dtsi"
+#include "mvebu-linkst
