Closed AnthonyGrondin closed 1 month ago
Fixes an issue where using some ciphers would cause Mbedtls to fail with MBEDTLS_ERR_SSL_NO_RNG.
MBEDTLS_ERR_SSL_NO_RNG
I found this issue, while trying to save some space, by building with the following options, and running async_server.rs:
async_server.rs
diff --git a/esp-mbedtls-sys/headers/esp32s3/config.h b/esp-mbedtls-sys/headers/esp32s3/config.h index 72e4bba..3b94884 100644 --- a/esp-mbedtls-sys/headers/esp32s3/config.h +++ b/esp-mbedtls-sys/headers/esp32s3/config.h @@ -656,17 +656,17 @@ #define MBEDTLS_ECP_DP_SECP192R1_ENABLED #define MBEDTLS_ECP_DP_SECP224R1_ENABLED #define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_ECP_DP_SECP384R1_ENABLED -#define MBEDTLS_ECP_DP_SECP521R1_ENABLED +// #define MBEDTLS_ECP_DP_SECP384R1_ENABLED +// #define MBEDTLS_ECP_DP_SECP521R1_ENABLED #define MBEDTLS_ECP_DP_SECP192K1_ENABLED #define MBEDTLS_ECP_DP_SECP224K1_ENABLED #define MBEDTLS_ECP_DP_SECP256K1_ENABLED #define MBEDTLS_ECP_DP_BP256R1_ENABLED -#define MBEDTLS_ECP_DP_BP384R1_ENABLED -#define MBEDTLS_ECP_DP_BP512R1_ENABLED +// #define MBEDTLS_ECP_DP_BP384R1_ENABLED +// #define MBEDTLS_ECP_DP_BP512R1_ENABLED /* Montgomery curves (supporting ECP) */ -#define MBEDTLS_ECP_DP_CURVE25519_ENABLED -#define MBEDTLS_ECP_DP_CURVE448_ENABLED +// #define MBEDTLS_ECP_DP_CURVE25519_ENABLED +// #define MBEDTLS_ECP_DP_CURVE448_ENABLED /** * \def MBEDTLS_ECP_NIST_OPTIM @@ -1516,7 +1516,7 @@ * Comment this macro to disable storing the peer's certificate * after the handshake. */ -#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE +// #define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE /** * \def MBEDTLS_SSL_RENEGOTIATION @@ -1605,7 +1605,7 @@ * * Uncomment this macro to enable the support for TLS 1.3. */ -#define MBEDTLS_SSL_PROTO_TLS1_3 +// #define MBEDTLS_SSL_PROTO_TLS1_3 /** * \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE @@ -1840,7 +1840,7 @@ * * Requires: MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -//#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH +#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH /** * \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN @@ -3162,7 +3162,7 @@ * * This module adds support for SHA-512. */ -#define MBEDTLS_SHA512_C +// #define MBEDTLS_SHA512_C /** * \def MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT @@ -3791,7 +3791,7 @@ * * Uncomment to set the maximum plaintext size of the outgoing I/O buffer. */ -//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 +#define MBEDTLS_SSL_OUT_CONTENT_LEN 4096 /** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING *
Fixes an issue where using some ciphers would cause Mbedtls to fail with
MBEDTLS_ERR_SSL_NO_RNG.I found this issue, while trying to save some space, by building with the following options, and running
async_server.rs: