diff --git a/TESTS/mbed_hal/trng/main.cpp b/TESTS/mbed_hal/trng/main.cpp
index 31be677758..6166219888 100644
--- a/TESTS/mbed_hal/trng/main.cpp
+++ b/TESTS/mbed_hal/trng/main.cpp
@@ -43,6 +43,8 @@
#include "base64b.h"
#include "pithy.h"
#include <stdio.h>
+#include "mbedtls/config.h"
+#include "mbedtls/platform.h"
#if !DEVICE_TRNG
#error [NOT_SUPPORTED] TRNG API not supported for this target
@@ -268,11 +270,17 @@ Specification specification(greentea_test_setup, cases, greentea_test_teardown_h
int main()
{
+ int ret = 0;
+#if defined(MBEDTLS_PLATFORM_C)
+ ret = mbedtls_platform_setup(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
#if (defined(TARGET_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C))
inject_entropy_for_psa();
#endif
- bool ret = !Harness::run(specification);
-
+ ret = !Harness::run(specification);
+#if defined(MBEDTLS_PLATFORM_C)
+ mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
return ret;
}
diff --git a/UNITTESTS/features/lorawan/loramaccrypto/unittest.cmake b/UNITTESTS/features/lorawan/loramaccrypto/unittest.cmake
index e41d668906..a2740df449 100644
--- a/UNITTESTS/features/lorawan/loramaccrypto/unittest.cmake
+++ b/UNITTESTS/features/lorawan/loramaccrypto/unittest.cmake
@@ -35,6 +35,7 @@ set(unittest-test-sources
stubs/cipher_stub.c
stubs/aes_stub.c
stubs/cmac_stub.c
+ ../features/nanostack/coap-service/test/coap-service/unittest/stub/mbedtls_stub.c
)
diff --git a/UNITTESTS/stubs/LoRaMacCrypto_stub.cpp b/UNITTESTS/stubs/LoRaMacCrypto_stub.cpp
index 669e44f64c..c824a16eb2 100644
--- a/UNITTESTS/stubs/LoRaMacCrypto_stub.cpp
+++ b/UNITTESTS/stubs/LoRaMacCrypto_stub.cpp
@@ -30,6 +30,10 @@ LoRaMacCrypto::LoRaMacCrypto()
{
}
+LoRaMacCrypto::~LoRaMacCrypto()
+{
+}
+
int LoRaMacCrypto::compute_mic(const uint8_t *, uint16_t, const uint8_t *, uint32_t, uint32_t,
uint8_t dir, uint32_t, uint32_t *)
{
diff --git a/features/device_key/source/DeviceKey.cpp b/features/device_key/source/DeviceKey.cpp
index 7491add70a..f49ca44e5e 100644
--- a/features/device_key/source/DeviceKey.cpp
+++ b/features/device_key/source/DeviceKey.cpp
@@ -19,6 +19,7 @@
#if DEVICEKEY_ENABLED
#include "mbedtls/config.h"
#include "mbedtls/cmac.h"
+#include "mbedtls/platform.h"
#include "KVStore.h"
#include "TDBStore.h"
#include "KVMap.h"
@@ -59,15 +60,25 @@ namespace mbed {
DeviceKey::DeviceKey()
{
+
int ret = kv_init_storage_config();
if (ret != MBED_SUCCESS) {
tr_error("DeviceKey: Fail to initialize KvStore configuration.");
}
+#if defined(MBEDTLS_PLATFORM_C)
+ ret = mbedtls_platform_setup(NULL);
+ if (ret != MBED_SUCCESS) {
+ tr_error("DeviceKey: Fail in mbedtls_platform_setup.");
+ }
+#endif /* MBEDTLS_PLATFORM_C */
return;
}
DeviceKey::~DeviceKey()
{
+#if defined(MBEDTLS_PLATFORM_C)
+ mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
return;
}
diff --git a/features/lorawan/lorastack/mac/LoRaMacCrypto.cpp b/features/lorawan/lorastack/mac/LoRaMacCrypto.cpp
index 7b66144bae..1050784089 100644
--- a/features/lorawan/lorastack/mac/LoRaMacCrypto.cpp
+++ b/features/lorawan/lorastack/mac/LoRaMacCrypto.cpp
@@ -28,12 +28,26 @@
#include "LoRaMacCrypto.h"
#include "system/lorawan_data_structures.h"
+#include "mbedtls/platform.h"
#if defined(MBEDTLS_CMAC_C) && defined(MBEDTLS_AES_C) && defined(MBEDTLS_CIPHER_C)
LoRaMacCrypto::LoRaMacCrypto()
{
+#if defined(MBEDTLS_PLATFORM_C)
+ int ret = mbedtls_platform_setup(NULL);
+ if (ret != 0) {
+ MBED_ASSERT(0 && "LoRaMacCrypto: Fail in mbedtls_platform_setup.");
+ }
+#endif /* MBEDTLS_PLATFORM_C */
+}
+
+LoRaMacCrypto::~LoRaMacCrypto()
+{
+#if defined(MBEDTLS_PLATFORM_C)
+ mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
}
int LoRaMacCrypto::compute_mic(const uint8_t *buffer, uint16_t size,
@@ -291,6 +305,10 @@ LoRaMacCrypto::LoRaMacCrypto()
MBED_ASSERT(0 && "[LoRaCrypto] Must enable AES, CMAC & CIPHER from mbedTLS");
}
+LoRaMacCrypto::~LoRaMacCrypto()
+{
+}
+
// If mbedTLS is not configured properly, these dummies will ensure that
// user knows what is wrong and in addition to that these ensure that
// Mbed-OS compiles properly under normal conditions where LoRaWAN in conjunction
diff --git a/features/lorawan/lorastack/mac/LoRaMacCrypto.h b/features/lorawan/lorastack/mac/LoRaMacCrypto.h
index 845b8ee635..9136ab2d1f 100644
--- a/features/lorawan/lorastack/mac/LoRaMacCrypto.h
+++ b/features/lorawan/lorastack/mac/LoRaMacCrypto.h
@@ -30,6 +30,7 @@ SPDX-License-Identifier: BSD-3-Clause
#ifndef MBED_LORAWAN_MAC_LORAMAC_CRYPTO_H__
#define MBED_LORAWAN_MAC_LORAMAC_CRYPTO_H__
+#include "mbedtls/config.h"
#include "mbedtls/aes.h"
#include "mbedtls/cmac.h"
@@ -41,6 +42,11 @@ public:
*/
LoRaMacCrypto();
+ /**
+ * Destructor
+ */
+ ~LoRaMacCrypto();
+
/**
* Computes the LoRaMAC frame MIC field
*
diff --git a/features/lwipstack/lwip/src/apps/snmp/lwip_snmpv3_mbedtls.c b/features/lwipstack/lwip/src/apps/snmp/lwip_snmpv3_mbedtls.c
index 0b1eefb87e..64ca62a64f 100644
--- a/features/lwipstack/lwip/src/apps/snmp/lwip_snmpv3_mbedtls.c
+++ b/features/lwipstack/lwip/src/apps/snmp/lwip_snmpv3_mbedtls.c
@@ -47,6 +47,7 @@
#include "mbedtls/md5.h"
#include "mbedtls/sha1.h"
+#include "mbedtls/platform.h"
err_t
snmpv3_auth(struct snmp_pbuf_stream* stream, u16_t length,
@@ -59,6 +60,11 @@ snmpv3_auth(struct snmp_pbuf_stream* stream, u16_t length,
struct snmp_pbuf_stream read_stream;
snmp_pbuf_stream_init(&read_stream, stream->pbuf, stream->offset, stream->length);
+#if defined(MBEDTLS_PLATFORM_C)
+ if (mbedtls_platform_setup(NULL) != 0) {
+ return ERR_ARG;
+ }
+#endif /* MBEDTLS_PLATFORM_C */
if (algo == SNMP_V3_AUTH_ALGO_MD5) {
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_MD5);
key_len = SNMP_V3_MD5_LEN;
@@ -66,12 +72,12 @@ snmpv3_auth(struct snmp_pbuf_stream* stream, u16_t length,
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
key_len = SNMP_V3_SHA_LEN;
} else {
- return ERR_ARG;
+ goto platform_teardown;
}
mbedtls_md_init(&ctx);
if(mbedtls_md_setup(&ctx, md_info, 1) != 0) {
- return ERR_ARG;
+ goto platform_teardown;
}
if (mbedtls_md_hmac_starts(&ctx, key, key_len) != 0) {
@@ -95,10 +101,17 @@ snmpv3_auth(struct snmp_pbuf_stream* stream, u16_t length,
}
mbedtls_md_free(&ctx);
+#if defined(MBEDTLS_PLATFORM_C)
+ mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
return ERR_OK;
free_md:
mbedtls_md_free(&ctx);
+platform_teardown:
+#if defined(MBEDTLS_PLATFORM_C)
+ mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
return ERR_ARG;
}
@@ -117,6 +130,11 @@ snmpv3_crypt(struct snmp_pbuf_stream* stream, u16_t length,
struct snmp_pbuf_stream write_stream;
snmp_pbuf_stream_init(&read_stream, stream->pbuf, stream->offset, stream->length);
snmp_pbuf_stream_init(&write_stream, stream->pbuf, stream->offset, stream->length);
+#if defined(MBEDTLS_PLATFORM_C)
+ if (mbedtls_platform_setup(NULL) != 0) {
+ return ERR_ARG;
+ }
+#endif /* MBEDTLS_PLATFORM_C */
mbedtls_cipher_init(&ctx);
if (algo == SNMP_V3_PRIV_ALGO_DES) {
@@ -126,15 +144,15 @@ snmpv3_crypt(struct snmp_pbuf_stream* stream, u16_t length,
/* RFC 3414 mandates padding for DES */
if ((length & 0x07) != 0) {
- return ERR_ARG;
+ goto platform_teardown;
}
cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_DES_CBC);
if(mbedtls_cipher_setup(&ctx, cipher_info) != 0) {
- return ERR_ARG;
+ goto platform_teardown
}
if(mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE) != 0) {
- return ERR_ARG;
+ goto platform_teardown;
}
if(mbedtls_cipher_setkey(&ctx, key, 8*8, (mode == SNMP_V3_PRIV_MODE_ENCRYPT)? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT) != 0) {
goto error;
@@ -174,7 +192,7 @@ snmpv3_crypt(struct snmp_pbuf_stream* stream, u16_t length,
cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CFB128);
if(mbedtls_cipher_setup(&ctx, cipher_info) != 0) {
- return ERR_ARG;
+ goto platform_teardown;
}
if(mbedtls_cipher_setkey(&ctx, key, 16*8, (mode == SNMP_V3_PRIV_MODE_ENCRYPT)? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT) != 0) {
goto error;
@@ -209,7 +227,7 @@ snmpv3_crypt(struct snmp_pbuf_stream* stream, u16_t length,
snmp_pbuf_stream_write(&write_stream, out_byte);
}
} else {
- return ERR_ARG;
+ goto platform_teardown;
}
mbedtls_cipher_free(&ctx);
@@ -217,7 +235,11 @@ snmpv3_crypt(struct snmp_pbuf_stream* stream, u16_t length,
error:
mbedtls_cipher_free(&ctx);
- return ERR_OK;
+platform_teardown:
+#if defined(MBEDTLS_PLATFORM_C)
+ mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
+ return ERR_ARG;
}
#endif /* LWIP_SNMP_V3_CRYPTO */
@@ -237,6 +259,11 @@ snmpv3_password_to_key_md5(
u8_t i;
u32_t count = 0;
+#if defined(MBEDTLS_PLATFORM_C)
+ if (mbedtls_platform_setup(NULL) != 0) {
+ goto end;
+ }
+#endif /* MBEDTLS_PLATFORM_C */
mbedtls_md5_init(&MD); /* initialize MD5 */
mbedtls_md5_starts(&MD);
@@ -272,6 +299,11 @@ snmpv3_password_to_key_md5(
mbedtls_md5_finish(&MD, key);
mbedtls_md5_free(&MD);
+
+end:
+#if defined(MBEDTLS_PLATFORM_C)
+ mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
return;
}
@@ -290,6 +322,11 @@ snmpv3_password_to_key_sha(
u8_t i;
u32_t count = 0;
+#if defined(MBEDTLS_PLATFORM_C)
+ if (mbedtls_platform_setup(NULL) != 0) {
+ goto end;
+ }
+#endif /* MBEDTLS_PLATFORM_C */
mbedtls_sha1_init(&SH); /* initialize SHA */
mbedtls_sha1_starts(&SH);
@@ -325,6 +362,11 @@ snmpv3_password_to_key_sha(
mbedtls_sha1_finish(&SH, key);
mbedtls_sha1_free(&SH);
+
+end:
+#if defined(MBEDTLS_PLATFORM_C)
+ mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
return;
}
diff --git a/features/mbedtls/platform/src/mbed_trng.cpp b/features/mbedtls/platform/src/mbed_trng.cpp
index 53c1c21097..79fed2a7d0 100644
--- a/features/mbedtls/platform/src/mbed_trng.cpp
+++ b/features/mbedtls/platform/src/mbed_trng.cpp
@@ -17,17 +17,19 @@
#if DEVICE_TRNG
#include "hal/trng_api.h"
+#include "platform/SingletonPtr.h"
#include "platform/PlatformMutex.h"
+SingletonPtr<PlatformMutex> mbedtls_mutex;
+
extern "C"
int mbedtls_hardware_poll( void *data, unsigned char *output, size_t len, size_t *olen ) {
- static PlatformMutex trng_mutex;
trng_t trng_obj;
- trng_mutex.lock();
+ mbedtls_mutex->lock();
trng_init(&trng_obj);
int ret = trng_get_bytes(&trng_obj, output, len, olen);
trng_free(&trng_obj);
- trng_mutex.unlock();
+ mbedtls_mutex->unlock();
return ret;
}
diff --git a/features/mbedtls/platform/src/platform_alt.c b/features/mbedtls/platform/src/platform_alt.cpp
similarity index 83%
rename from features/mbedtls/platform/src/platform_alt.c
rename to features/mbedtls/platform/src/platform_alt.cpp
index c0254de9dc..c6f0abce66 100644
--- a/features/mbedtls/platform/src/platform_alt.c
+++ b/features/mbedtls/platform/src/platform_alt.cpp
@@ -20,33 +20,38 @@
#include "mbedtls/platform.h"
#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
-#include "mbed_critical.h"
+#include "platform/SingletonPtr.h"
+#include "platform/PlatformMutex.h"
mbedtls_platform_context plat_ctx = { { 0 } };
+extern SingletonPtr<PlatformMutex> mbedtls_mutex;
int mbedtls_platform_setup( mbedtls_platform_context *unused_ctx )
{
int ret = 0;
-
- core_util_atomic_incr_u32( ( volatile uint32_t * )&plat_ctx.reference_count, 1 );
+ mbedtls_mutex->lock();
+ ++plat_ctx.reference_count;
if( plat_ctx.reference_count == 1 )
{
/* call platform specific code to setup crypto driver */
ret = crypto_platform_setup( &plat_ctx.platform_impl_ctx );
}
+ mbedtls_mutex->unlock();
return ( ret );
}
void mbedtls_platform_teardown( mbedtls_platform_context *unused_ctx )
{
- core_util_atomic_decr_u32( ( volatile uint32_t * )&plat_ctx.reference_count, 1 );
+ mbedtls_mutex->lock();
+ --plat_ctx.reference_count;
if( plat_ctx.reference_count < 1 )
{
/* call platform specific code to terminate crypto driver */
crypto_platform_terminate( &plat_ctx.platform_impl_ctx );
plat_ctx.reference_count = 0;
}
+ mbedtls_mutex->unlock();
}
#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT*/
diff --git a/features/nanostack/coap-service/source/coap_security_handler.c b/features/nanostack/coap-service/source/coap_security_handler.c
index 0cd28220bf..cf124ddf12 100644
--- a/features/nanostack/coap-service/source/coap_security_handler.c
+++ b/features/nanostack/coap-service/source/coap_security_handler.c
@@ -102,6 +102,11 @@ static int coap_security_handler_init(coap_security_t *sec)
const int entropy_source_type = MBEDTLS_ENTROPY_SOURCE_WEAK;
#endif
+#if defined(MBEDTLS_PLATFORM_C)
+ if (mbedtls_platform_setup(NULL) != 0)
+ return -1;
+#endif /* MBEDTLS_PLATFORM_C */
+
mbedtls_ssl_init(&sec->_ssl);
mbedtls_ssl_config_init(&sec->_conf);
mbedtls_ctr_drbg_init(&sec->_ctr_drbg);
@@ -153,6 +158,9 @@ static void coap_security_handler_reset(coap_security_t *sec)
mbedtls_ctr_drbg_free(&sec->_ctr_drbg);
mbedtls_ssl_config_free(&sec->_conf);
mbedtls_ssl_free(&sec->_ssl);
+#if defined(MBEDTLS_PLATFORM_C)
+ mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
}
diff --git a/features/nanostack/coap-service/test/coap-service/unittest/stub/mbedtls_stub.c b/features/nanostack/coap-service/test/coap-service/unittest/stub/mbedtls_stub.c
index ba97c62e9f..f4ee36e69b 100644
--- a/features/nanostack/coap-service/test/coap-service/unittest/stub/mbedtls_stub.c
+++ b/features/nanostack/coap-service/test/coap-service/unittest/stub/mbedtls_stub.c
@@ -386,3 +386,15 @@ int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl)
void mbedtls_strerror( int ret, char *buf, size_t buflen ){
}
+
+int mbedtls_platform_setup( mbedtls_platform_context *ctx )
+{
+ (void)ctx;
+
+ return( 0 );
+}
+
+void mbedtls_platform_teardown( mbedtls_platform_context *ctx )
+{
+ (void)ctx;
+}
diff --git a/features/nanostack/coap-service/test/coap-service/unittest/stub/mbedtls_stub.h b/features/nanostack/coap-service/test/coap-service/unittest/stub/mbedtls_stub.h
index b5a6b00620..2ad72cb939 100644
--- a/features/nanostack/coap-service/test/coap-service/unittest/stub/mbedtls_stub.h
+++ b/features/nanostack/coap-service/test/coap-service/unittest/stub/mbedtls_stub.h
@@ -28,7 +28,7 @@
#include "mbedtls/sha256.h"
#include "mbedtls/entropy.h"
#include "mbedtls/pk.h"
-
+#include "mbedtls/platform.h"
#define HANDSHAKE_FINISHED_VALUE 8888
diff --git a/features/nanostack/nanostack-hal-mbed-cmsis-rtos/arm_hal_random.c b/features/nanostack/nanostack-hal-mbed-cmsis-rtos/arm_hal_random.c
index 7ba0aae6f8..804f1485ab 100644
--- a/features/nanostack/nanostack-hal-mbed-cmsis-rtos/arm_hal_random.c
+++ b/features/nanostack/nanostack-hal-mbed-cmsis-rtos/arm_hal_random.c
@@ -27,9 +27,15 @@ uint32_t arm_random_seed_get(void)
{
uint32_t result = 0;
#ifdef MBEDTLS_ENTROPY_HARDWARE_ALT
+#if defined(MBEDTLS_PLATFORM_C)
+ mbedtls_platform_setup(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
/* Grab a seed from a function we provide for mbedtls */
size_t len;
mbedtls_hardware_poll(NULL, (uint8_t *) &result, sizeof result, &len);
+#if defined(MBEDTLS_PLATFORM_C)
+ mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
#endif
return result;
}
diff --git a/features/netsocket/TLSSocketWrapper.cpp b/features/netsocket/TLSSocketWrapper.cpp
index c58947564e..6a81f3ea46 100644
--- a/features/netsocket/TLSSocketWrapper.cpp
+++ b/features/netsocket/TLSSocketWrapper.cpp
@@ -23,6 +23,7 @@
#define TRACE_GROUP "TLSW"
#include "mbed-trace/mbed_trace.h"
#include "mbedtls/debug.h"
+#include "mbedtls/platform.h"
#include "mbed_error.h"
#include "Kernel.h"
@@ -45,6 +46,12 @@ TLSSocketWrapper::TLSSocketWrapper(Socket *transport, const char *hostname, cont
_clicert_allocated(false),
_ssl_conf_allocated(false)
{
+#if defined(MBEDTLS_PLATFORM_C)
+ int ret = mbedtls_platform_setup(NULL);
+ if (ret != 0) {
+ print_mbedtls_error("mbedtls_platform_setup()", ret);
+ }
+#endif /* MBEDTLS_PLATFORM_C */
mbedtls_entropy_init(&_entropy);
mbedtls_ctr_drbg_init(&_ctr_drbg);
mbedtls_ssl_init(&_ssl);
@@ -71,6 +78,9 @@ TLSSocketWrapper::~TLSSocketWrapper()
set_ca_chain(NULL);
#endif
set_ssl_config(NULL);
+#if defined(MBEDTLS_PLATFORM_C)
+ mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
}
void TLSSocketWrapper::set_hostname(const char *hostname)
diff --git a/features/storage/kvstore/securestore/SecureStore.cpp b/features/storage/kvstore/securestore/SecureStore.cpp
index 20cfeca0c9..17207481a7 100644
--- a/features/storage/kvstore/securestore/SecureStore.cpp
+++ b/features/storage/kvstore/securestore/SecureStore.cpp
@@ -22,6 +22,7 @@
#include "aes.h"
#include "cmac.h"
+#include "mbedtls/platform.h"
#include "entropy.h"
#include "DeviceKey.h"
#include "mbed_assert.h"
@@ -737,6 +738,12 @@ int SecureStore::init()
MBED_ASSERT(!(scratch_buf_size % enc_block_size));
_mutex.lock();
+#if defined(MBEDTLS_PLATFORM_C)
+ ret = mbedtls_platform_setup(NULL);
+ if (ret) {
+ goto fail;
+ }
+#endif /* MBEDTLS_PLATFORM_C */
_entropy = new mbedtls_entropy_context;
mbedtls_entropy_init(static_cast<mbedtls_entropy_context *>(_entropy));
@@ -775,6 +782,9 @@ int SecureStore::deinit()
}
_is_initialized = false;
+#if defined(MBEDTLS_PLATFORM_C)
+ mbedtls_platform_teardown(NULL);
+#endif /* MBEDTLS_PLATFORM_C */
_mutex.unlock();
return MBED_SUCCESS;