mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 18:25:35 +00:00
Refuse reproducible mode with MBEDTLS_USE_PSA_CRYPTO
With MBEDTLS_USE_PSA_CRYPTO, some of the randomness for the TLS connection is generated inside the PSA crypto subsystem, which has no reproducible mode. Whether there is a nonzero amount of randomness coming from inside the PSA subsystem rather than from the random generator set by mbedtls_ssl_conf_rng() depends on the choice of cipher suite and other connection parameters as well as the level of support for MBEDTLS_USE_PSA_CRYPTO. Rather than give unreliable results, conservatively abort with a clear error message. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
4a23c98506
commit
aaedbdcfd6
|
@ -76,6 +76,14 @@ void rng_init( rng_context_t *rng )
|
|||
|
||||
int rng_seed( rng_context_t *rng, int reproducible, const char *pers )
|
||||
{
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if( reproducible )
|
||||
{
|
||||
mbedtls_fprintf( stderr,
|
||||
"MBEDTLS_USE_PSA_CRYPTO does not support reproducible mode.\n" );
|
||||
return( -1 );
|
||||
}
|
||||
#endif
|
||||
int ( *f_entropy )( void *, unsigned char *, size_t ) =
|
||||
( reproducible ? dummy_entropy : mbedtls_entropy_func );
|
||||
|
||||
|
|
Loading…
Reference in a new issue