Set MBEDTLS_PLATFORM_DEV_RANDOM to /dev/urandom for thingino-mbedtls

themactep · Copilot · themactep · commit 640bb8a9d850 · 2026-04-21T03:49:19.000-04:00
Co-authored-by: Copilot &lt;223556219+Copilot@users.noreply.github.com&gt;
diff --git a/package/thingino-mbedtls/mbedtls-override.mk b/package/thingino-mbedtls/mbedtls-override.mk
@@ -124,6 +124,7 @@ define MBEDTLS_ENABLE_HTTP2_FEATURES
 
 	$(SED) "s://#define PSA_WANT_ECC_SECP_R1_521:#define PSA_WANT_ECC_SECP_R1_521:" \
 		$(@D)/include/psa/crypto_config.h || true
+
 endef
 
 # Disable problematic programs and tests that are causing linking issues
@@ -135,4 +136,47 @@ override MBEDTLS_CONF_OPTS += -DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF
 override MBEDTLS_CONF_OPTS += -DUSE_SHARED_MBEDTLS_LIBRARY=ON -DUSE_STATIC_MBEDTLS_LIBRARY=OFF
 
 # Add the HTTP/2 configuration hook to mbedtls
-MBEDTLS_PRE_CONFIGURE_HOOKS += MBEDTLS_ENABLE_HTTP2_FEATURES
+MBEDTLS_PRE_CONFIGURE_HOOKS += MBEDTLS_ENABLE_HTTP2_FEATURES
+
+# mbedTLS 3.6.6 defaults MBEDTLS_PLATFORM_DEV_RANDOM to /dev/random.
+# On low-entropy systems this can block indefinitely in libcurl/uhttpd.
+define MBEDTLS_USE_URANDOM
+	$(SED) 's:#define MBEDTLS_PLATFORM_DEV_RANDOM "/dev/random":#define MBEDTLS_PLATFORM_DEV_RANDOM "/dev/urandom":' \
+		$(@D)/include/mbedtls/platform.h
+endef
+MBEDTLS_PRE_CONFIGURE_HOOKS += MBEDTLS_USE_URANDOM
+
+################################################################################
+#
+# jz-crypto AES_ALT / CCM_ALT / GCM_ALT — hardware AES via /dev/aes on all
+# Ingenic T-series SoCs. The ALT sources live in alt/ next to this file
+# (vendored snapshot of jz-crypto/aes/). Runtime requires jz-aes.ko, which
+# is built and installed by the ingenic-sdk package.
+#
+################################################################################
+
+define MBEDTLS_INSTALL_JZ_CRYPTO_ALT
+	# Enable ALT hooks in mbedtls_config.h
+	$(SED) "s://#define MBEDTLS_AES_ALT:#define MBEDTLS_AES_ALT:" \
+		$(@D)/include/mbedtls/mbedtls_config.h
+	$(SED) "s://#define MBEDTLS_CCM_ALT:#define MBEDTLS_CCM_ALT:" \
+		$(@D)/include/mbedtls/mbedtls_config.h
+	$(SED) "s://#define MBEDTLS_GCM_ALT:#define MBEDTLS_GCM_ALT:" \
+		$(@D)/include/mbedtls/mbedtls_config.h
+
+	# Install ALT headers + sources
+	cp $(THINGINO_EXTERNAL_PATH)/package/thingino-mbedtls/alt/aes_alt.h $(@D)/include/mbedtls/
+	cp $(THINGINO_EXTERNAL_PATH)/package/thingino-mbedtls/alt/ccm_alt.h $(@D)/include/mbedtls/
+	cp $(THINGINO_EXTERNAL_PATH)/package/thingino-mbedtls/alt/gcm_alt.h $(@D)/include/mbedtls/
+	cp $(THINGINO_EXTERNAL_PATH)/package/thingino-mbedtls/alt/aes_alt.c $(@D)/library/
+	cp $(THINGINO_EXTERNAL_PATH)/package/thingino-mbedtls/alt/ccm_alt.c $(@D)/library/
+	cp $(THINGINO_EXTERNAL_PATH)/package/thingino-mbedtls/alt/gcm_alt.c $(@D)/library/
+
+	# Add ALT .c files to the src_crypto build list (after aes.c)
+	$(SED) '/^    aes\.c$$/a\    aes_alt.c\n    ccm_alt.c\n    gcm_alt.c' \
+		$(@D)/library/CMakeLists.txt
+endef
+
+ifeq ($(BR2_PACKAGE_THINGINO_MBEDTLS_JZ_CRYPTO_ALT),y)
+MBEDTLS_PRE_CONFIGURE_HOOKS += MBEDTLS_INSTALL_JZ_CRYPTO_ALT
+endif
