mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-11 15:35:31 +00:00
Refuse reproducible mode with MBEDTLS_USE_PSA_CRYPTO
With MBEDTLS_USE_PSA_CRYPTO, some of the randomness for the TLS connection is generated inside the PSA crypto subsystem, which has no reproducible mode. Whether there is a nonzero amount of randomness coming from inside the PSA subsystem rather than from the random generator set by mbedtls_ssl_conf_rng() depends on the choice of cipher suite and other connection parameters as well as the level of support for MBEDTLS_USE_PSA_CRYPTO. Rather than give unreliable results, conservatively abort with a clear error message. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
4a23c98506
commit
aaedbdcfd6
|
@ -76,6 +76,14 @@ void rng_init( rng_context_t *rng )
|
||||||
|
|
||||||
int rng_seed( rng_context_t *rng, int reproducible, const char *pers )
|
int rng_seed( rng_context_t *rng, int reproducible, const char *pers )
|
||||||
{
|
{
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
if( reproducible )
|
||||||
|
{
|
||||||
|
mbedtls_fprintf( stderr,
|
||||||
|
"MBEDTLS_USE_PSA_CRYPTO does not support reproducible mode.\n" );
|
||||||
|
return( -1 );
|
||||||
|
}
|
||||||
|
#endif
|
||||||
int ( *f_entropy )( void *, unsigned char *, size_t ) =
|
int ( *f_entropy )( void *, unsigned char *, size_t ) =
|
||||||
( reproducible ? dummy_entropy : mbedtls_entropy_func );
|
( reproducible ? dummy_entropy : mbedtls_entropy_func );
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue