From 3a03000df12fd1ffdda4a3f5398e77d180354d8b Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Thu, 30 Apr 2026 09:56:23 +0200
Subject: [PATCH] Add cancelable key generation

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/rng/random.c    | 15 ++++++++++-----
 src/rng/random.h    |  8 +++++++-
 third-party/mbedtls |  2 +-
 3 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/src/rng/random.c b/src/rng/random.c
index 8956a4d..1cc2083 100644
--- a/src/rng/random.c
+++ b/src/rng/random.c
@@ -79,14 +79,19 @@ const uint8_t *random_bytes_get(size_t len) {
  * Random byte iterator
  */
 int random_fill_iterator(void *arg, unsigned char *out, size_t out_len) {
-    uint8_t *index_p = (uint8_t *) arg;
-    uint8_t index = index_p ? *index_p : 0;
+    random_fill_iterator_ctx_t *ctx = (random_fill_iterator_ctx_t *) arg;
+    uint32_t index = ctx ? ctx->index : 0;
     uint8_t n;
+    int ret = 0;
 
     if (random_mutex_initialized) {
         mutex_enter_blocking(&random_mutex);
     }
     while (out_len) {
+        if (ctx && ctx->cancel) {
+            ret = -1;
+            break;
+        }
         hwrng_wait_full();
 
         n = RANDOM_BYTES_LENGTH - index;
@@ -105,14 +110,14 @@ int random_fill_iterator(void *arg, unsigned char *out, size_t out_len) {
         }
     }
 
-    if (index_p) {
-        *index_p = index;
+    if (ctx) {
+        ctx->index = index;
     }
     if (random_mutex_initialized) {
         mutex_exit(&random_mutex);
     }
 
-    return 0;
+    return ret;
 }
 
 int random_fill_buffer(uint8_t *buf, size_t n) {
diff --git a/src/rng/random.h b/src/rng/random.h
index 69d0963..1ae3953 100644
--- a/src/rng/random.h
+++ b/src/rng/random.h
@@ -22,7 +22,13 @@
 #include <stdlib.h>
 #include <stdint.h>
 
-extern void random_init(void);
+typedef struct {
+    uint32_t index;
+    volatile bool cancel;
+} random_fill_iterator_ctx_t;
+
+extern void
+random_init(void);
 
 extern const uint8_t *random_bytes_get(size_t);
 extern int random_fill_iterator(void *arg, unsigned char *output, size_t output_len);
diff --git a/third-party/mbedtls b/third-party/mbedtls
index 0bebf8b..30fbb3b 160000
--- a/third-party/mbedtls
+++ b/third-party/mbedtls
@@ -1 +1 @@
-Subproject commit 0bebf8b8c7f07abe3571ded48a11aa907a1ffb20
+Subproject commit 30fbb3b712559f84eb30b05ffa08534915339e02