Skip to content

ble_sm_alg: Replace use of CTR DRBG with mbedtls_esp_random #115

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rojer wants to merge 1 commit into
base: nimble-1.6.0-idf
Choose a base branch
from
Open

ble_sm_alg: Replace use of CTR DRBG with mbedtls_esp_random #115

rojer wants to merge 1 commit into from

Conversation

@rojer
Copy link

@rojer rojer commented Jan 6, 2026

Description

ESP has a HW TRNG that produces good quality random numbers without the need to pass them through a PRNG such as CTR DRBG.

mbedtls_esp_random is the RNG function providing access to ESP's HW TRNG.

Dropping usage of CTR DRBG by nimble eliminates it from the firnmware, saving a few K of space.

Related

This PR is similar to the change previously made to wpa_sucpplicant.

Testing

Been using this patch for a while internally.

Checklist

Before submitting a Pull Request, please ensure the following:

  • 🚨 This PR does not introduce breaking changes.
  • All CI checks (GH Actions) pass.
  • Documentation is updated as needed.
  • Tests are updated or added as necessary.
  • Code is well-commented, especially in complex areas.
  • Git history is clean — commits are squashed to the minimum necessary.

@rojer
ble_sm_alg: Replace use of CTR DRBG with mbedtls_esp_random
56a2b3f 
[mbedtls_esp_random](https://github.com/espressif/esp-idf/blob/master/components/mbedtls/port/include/mbedtls/esp_mbedtls_random.h#L28) is the RNG function providing access to ESP's HW TRNG.

This PR is similar to [the change](espressif/esp-idf@f933e51) previously made to wpa_sucpplicant.
@rahult-github
Copy link
Collaborator

rahult-github commented Jan 13, 2026

Thanks for this. Will work to get this merged.

@rahult-github
Copy link
Collaborator

rahult-github commented Jan 29, 2026

@rojer , current IDF master and release/v6.0 code have migrated to mbedTLS v4.0 which uses PSA crypto and would now not fallback to older code. So the change is not applicable for these branches anymore. However, we will take the change and backport it to relevant branches

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rojer @rahult-github