Refuse reproducible mode with MBEDTLS_USE_PSA_CRYPTO

With MBEDTLS_USE_PSA_CRYPTO, some of the randomness for the TLS
connection is generated inside the PSA crypto subsystem, which has no
reproducible mode. Whether there is a nonzero amount of randomness
coming from inside the PSA subsystem rather than from the random
generator set by mbedtls_ssl_conf_rng() depends on the choice of
cipher suite and other connection parameters as well as the level of
support for MBEDTLS_USE_PSA_CRYPTO. Rather than give unreliable
results, conservatively abort with a clear error message.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-02-03 13:55:22 +01:00
parent 4a23c98506
commit aaedbdcfd6

View File

@ -76,6 +76,14 @@ void rng_init( rng_context_t *rng )
int rng_seed( rng_context_t *rng, int reproducible, const char *pers ) int rng_seed( rng_context_t *rng, int reproducible, const char *pers )
{ {
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( reproducible )
{
mbedtls_fprintf( stderr,
"MBEDTLS_USE_PSA_CRYPTO does not support reproducible mode.\n" );
return( -1 );
}
#endif
int ( *f_entropy )( void *, unsigned char *, size_t ) = int ( *f_entropy )( void *, unsigned char *, size_t ) =
( reproducible ? dummy_entropy : mbedtls_entropy_func ); ( reproducible ? dummy_entropy : mbedtls_entropy_func );