Rework mbedtls patch for a entropy pool.

- remove patched in implementation of mbedtls_platform_entropy_poll using oc_random_value
- remove obsolete __OC_RANDOM
- implement mbedtls entropy source using oc_entropy_value and use public API
mbedtls_entropy_add_source to add it to mbedTLS

- add mbedtls_oc_platform-standalone.h.in when building mbedtls with standalone programs
which don't link with iotivity-lite. This file is processed by CMake, which then creates
mbedtls_oc_platform.h. This header is included by mbedtls_config.h and defines some of the
defines needed by mbedTLS configuration which otherwise would be defined from included
iotivity-lite headers.

CMakeLists.txt

@@ -78,7 +78,7 @@ if(UNIX)
         add_link_options(-fsanitize=undefined)
     endif()
 
-    if(CMAKE_CXX_COMPILER_ID STREQUAL "Clang")
+    if(OC_COMPILER_IS_CLANG)
         # using clang
         if(OC_MSAN_ENABLED)
             message(STATUS "Memory sanitizer enabled")
@@ -163,7 +163,7 @@ include(tools/clang-tidy.cmake)
 set(PRIVATE_COMPILE_DEFINITIONS "")
 set(PUBLIC_COMPILE_DEFINITIONS "")
 if(BUILD_MBEDTLS)
-    set(MBEDTLS_COMPILE_DEFINITIONS "__OC_PLATFORM" "__OC_RANDOM")
+    set(MBEDTLS_COMPILE_DEFINITIONS "__OC_PLATFORM")
 endif()
 
 if(OC_PUSH_ENABLED)
@@ -377,15 +377,15 @@ if(OC_SECURITY_ENABLED)
         # Check that the Mbed TLS library is patched
         include(CheckSymbolExists)
         get_target_property(mbedtls_INTERFACE_INCLUDE_DIRECTORIES MbedTLS::mbedtls INTERFACE_INCLUDE_DIRECTORIES)
-        get_target_property(mbedtls_INTERFACE_LINK_LIBRARIES MbedTLS::mbedtls INTERFACE_LINK_LIBRARIES)
         set(CMAKE_REQUIRED_INCLUDES ${mbedtls_INTERFACE_INCLUDE_DIRECTORIES})
-        set(CMAKE_REQUIRED_LIBRARIES ${mbedtls_INTERFACE_LINK_LIBRARIES})
-        check_symbol_exists(mbedtls_x509write_crt_set_subject_alt_names "mbedtls/x509_crt.h" MBEDTLS_PATCHED)
+        check_symbol_exists(MBEDTLS_KEY_EXCHANGE_ECDH_ANON_ENABLED "mbedtls/mbedtls_config.h" MBEDTLS_PATCHED)
         if(NOT MBEDTLS_PATCHED)
             message(FATAL_ERROR "Detected Mbed TLS library is not patched!")
         endif()
         set(MBEDTLS_DEP MbedTLS::mbedtls)
     endif()
+
+    list(APPEND PUBLIC_COMPILE_DEFINITIONS "__OC_PLATFORM")
 endif()
 
 # enable clang-tidy for iotivity targets
@@ -670,9 +670,12 @@ if(BUILD_TESTING AND(UNIX OR MINGW))
     set(CMAKE_CXX_STANDARD 11)
     set(CMAKE_CXX_STANDARD_REQUIRED ON)
     set(CMAKE_CXX_EXTENSIONS OFF)
+    list(APPEND TEST_COMPILE_DEFINITIONS  "OC_CLIENT" "OC_SERVER" "OC_TEST")
     list(APPEND TEST_COMPILE_OPTIONS "-fpermissive" "-Wno-error")
     list(APPEND TEST_LINK_LIBS client-server-static gtest_main)
-
+    if(OC_SECURITY_ENABLED)
+        list(APPEND TEST_LINK_LIBS ${MBEDTLS_DEP})
+    endif()
     if(UNIX)
         list(APPEND TEST_LINK_LIBS Threads::Threads)
     endif()
@@ -689,7 +692,7 @@ if(BUILD_TESTING AND(UNIX OR MINGW))
         add_executable(${TESTNAME} ${ARGN})
         target_compile_options(${TESTNAME} PRIVATE ${TEST_COMPILE_OPTIONS})
         target_compile_features(${TESTNAME} PRIVATE cxx_nullptr)
-        target_compile_definitions(${TESTNAME} PRIVATE ${PUBLIC_COMPILE_DEFINITIONS} ${TEST_COMPILE_DEFINITIONS} "OC_CLIENT" "OC_SERVER" "OC_TEST")
+        target_compile_definitions(${TESTNAME} PRIVATE ${PUBLIC_COMPILE_DEFINITIONS} ${TEST_COMPILE_DEFINITIONS})
         target_include_directories(${TESTNAME} SYSTEM PRIVATE ${PROJECT_SOURCE_DIR}/deps/gtest/include)
         target_include_directories(${TESTNAME} PRIVATE
             ${PROJECT_SOURCE_DIR}
@@ -702,14 +705,16 @@ if(BUILD_TESTING AND(UNIX OR MINGW))
             target_include_directories(${TESTNAME} PRIVATE
                 ${PROJECT_SOURCE_DIR}/security
             )
-            list(APPEND TEST_LINK_LIBS ${MBEDTLS_DEP})
         endif()
 
         if(OC_CLOUD_ENABLED)
             target_include_directories(${TESTNAME} PRIVATE ${PROJECT_SOURCE_DIR}/api/cloud)
         endif()
 
         target_link_libraries(${TESTNAME} PRIVATE ${TEST_LINK_LIBS})
+        if(OC_COMPILER_IS_GCC OR OC_COMPILER_IS_CLANG)
+            target_link_libraries(${TESTNAME} PRIVATE "-Wl,--unresolved-symbols=ignore-in-shared-libs")
+        endif()
         add_test(NAME ${TESTNAME} COMMAND ${TESTNAME})
         set_target_properties(${TESTNAME} PROPERTIES FOLDER unittests)
         set_tests_properties(${TESTNAME} PROPERTIES LABELS oc-unittest)

deps/mbedtls-patch.cmake

@@ -38,22 +38,28 @@ foreach(PATCH IN LISTS PATCHES_COMMON PATCHES_CMAKE)
 	)
 endforeach()
 
-# configure variables for mbedtls_oc_platform.in
-if(OC_DEBUG_ENABLED)
-	set(OC_DEBUG_MACRO "#define OC_DEBUG")
-endif()
+set(MBEDTLS_INCLUDE_DIR "${IOTIVITY_SRC_DIR}/deps/mbedtls/include/mbedtls")
 
-if(OC_DYNAMIC_ALLOCATION_ENABLED)
-	set(OC_DYNAMIC_ALLOCATION_MACRO "#define OC_DYNAMIC_ALLOCATION")
-endif()
+if(ENABLE_TESTING OR ENABLE_PROGRAMS)
+	# configure variables for mbedtls_oc_platform-standalone.in
+	if(OC_DEBUG_ENABLED)
+		set(OC_DEBUG_MACRO "#define OC_DEBUG")
+	endif()
 
-if(OC_PKI_ENABLED)
-	set(OC_PKI_MACRO "#define OC_PKI")
-endif()
+	if(OC_DYNAMIC_ALLOCATION_ENABLED)
+		set(OC_DYNAMIC_ALLOCATION_MACRO "#define OC_DYNAMIC_ALLOCATION")
+	endif()
 
-if(OC_OSCORE_ENABLED)
-	set(OC_OSCORE_MACRO "#define OC_OSCORE")
-endif()
+	if(OC_PKI_ENABLED)
+		set(OC_PKI_MACRO "#define OC_PKI")
+	endif()
 
-set(MBEDTLS_INCLUDE_DIR "${IOTIVITY_SRC_DIR}/deps/mbedtls/include/mbedtls")
-configure_file(${MBEDTLS_INCLUDE_DIR}/mbedtls_oc_platform.h.in ${MBEDTLS_INCLUDE_DIR}/mbedtls_oc_platform.h @ONLY)
+	if(OC_OSCORE_ENABLED)
+		set(OC_OSCORE_MACRO "#define OC_OSCORE")
+	endif()
+
+	# support for compilation of standalone binaries
+	configure_file(${MBEDTLS_INCLUDE_DIR}/mbedtls_oc_platform-standalone.h.in ${MBEDTLS_INCLUDE_DIR}/mbedtls_oc_platform.h @ONLY)
+else()
+	configure_file(${MBEDTLS_INCLUDE_DIR}/mbedtls_oc_platform.h.in ${MBEDTLS_INCLUDE_DIR}/mbedtls_oc_platform.h @ONLY)
+endif()

deps/mbedtls.cmake

@@ -51,8 +51,7 @@ set(mbedtls_targets ${mbedtls_library})
 
 if(ENABLE_TESTING OR ENABLE_PROGRAMS)
     # * abort.c -  MBEDTLS_PLATFORM_STD_EXIT is defined as oc_exit and mbedtls utilities need to include implementation of oc_exit
-    # * random.c - needed by mbedtls_platform_entropy_poll in mbedtls testing programs
-    set(MBEDTLS_SUPPORT_SRC ${PORT_INCLUDE_DIR}/abort.c ${PORT_INCLUDE_DIR}/random.c)
+    set(MBEDTLS_SUPPORT_SRC ${PORT_INCLUDE_DIR}/abort.c)
 
     add_library(mbedtls-support
         OBJECT ${MBEDTLS_SUPPORT_SRC}

patches/01-ocf-x509san-anon-psk.patch

@@ -304,45 +304,6 @@ index 93a7cdcd1..7450dd39b 100644
 
      if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, key,
                                          MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
-diff --git a/library/entropy_poll.c b/library/entropy_poll.c
-index 058c307df..650cea9e0 100644
---- a/library/entropy_poll.c
-+++ b/library/entropy_poll.c
-@@ -42,12 +42,32 @@
- #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
-
- #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
--    !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
-+    !defined(__APPLE__) && !defined(_WIN32) && !defined(__OC_RANDOM) && !defined(__QNXNTO__) && \
-     !defined(__HAIKU__) && !defined(__midipix__)
- #error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in mbedtls_config.h"
- #endif
-
--#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
-+#ifdef __OC_RANDOM
-+#include <string.h>
-+#include "port/oc_random.h"
-+
-+int mbedtls_platform_entropy_poll( void *data,
-+                           unsigned char *output, size_t len, size_t *olen )
-+{
-+    (void) data;
-+    *olen = 0;
-+    do {
-+        unsigned int val = oc_random_value();
-+        size_t l = (len > sizeof(val))?sizeof(val):len;
-+        memcpy(output + *olen, &val, l);
-+        len -= l;
-+        *olen += l;
-+    } while (len > 0);
-+
-+    return 0;
-+}
-+
-+#elif defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
-
- #if !defined(_WIN32_WINNT)
- #define _WIN32_WINNT 0x0400
 diff --git a/library/net_sockets.c b/library/net_sockets.c
 index 17a9e4a57..892f2da69 100644
 --- a/library/net_sockets.c