yamt commented on PR #10925: URL: https://github.com/apache/nuttx/pull/10925#issuecomment-1772204330
> > > It depends on the context, @ThePassionate create this PR just because we found that the application which uses TLS from mbedtls doesn't work as expect, due to forget to enable DEV_RANDOM/DEV_URANDOM. Since it takes time to debug this type of runtime error, and to avoid the similar problem happen again and again, he create this patch. > > > > > > i agree it depends on applications. > > iirc, mdedtls has several ways to source entropy. it depends on configurations if DEV_URANDOM is critical or not. > > if it's known PRNG is critical for an app, you can add something like the following to the app. > > ``` > > #if defined(__NuttX__) && !defined(necessary config) > > #error no PRNG > > #endif > > ``` > > This just can fix mbedtls, there are many places which use getrandom too. medtls/toywasm porting layer could decide how to handle the lack of getrandom(return error code or stop compile), but NuttX libc should report the mismatch from runtime to link/compile time like the static language C/C++. if you prefer that approach, can you consider to introduce a simpler way to find out the availability of getrandom? i don't think it's great to have `defined(CONFIG_DEV_URANDOM) || defined(CONFIG_DEV_RANDOM) || defined(CONFIG_CRYPTO_RANDOM_POOL)` in every apps using getrandom. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
