From aaedbdcfd665c4ba6c63d92dd5724822108ac59a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Feb 2021 13:55:22 +0100 Subject: [PATCH] Refuse reproducible mode with MBEDTLS_USE_PSA_CRYPTO With MBEDTLS_USE_PSA_CRYPTO, some of the randomness for the TLS connection is generated inside the PSA crypto subsystem, which has no reproducible mode. Whether there is a nonzero amount of randomness coming from inside the PSA subsystem rather than from the random generator set by mbedtls_ssl_conf_rng() depends on the choice of cipher suite and other connection parameters as well as the level of support for MBEDTLS_USE_PSA_CRYPTO. Rather than give unreliable results, conservatively abort with a clear error message. Signed-off-by: Gilles Peskine --- programs/ssl/ssl_test_lib.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 46cea144c..56e94310c 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -76,6 +76,14 @@ void rng_init( rng_context_t *rng ) int rng_seed( rng_context_t *rng, int reproducible, const char *pers ) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if( reproducible ) + { + mbedtls_fprintf( stderr, + "MBEDTLS_USE_PSA_CRYPTO does not support reproducible mode.\n" ); + return( -1 ); + } +#endif int ( *f_entropy )( void *, unsigned char *, size_t ) = ( reproducible ? dummy_entropy : mbedtls_entropy_func );