An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
When MBEDTLS_ENTROPY_NV_SEED is enabled, any code that calls mbedtls_entropy_init needs an existing seedfile of sufficient size.
MBEDTLS_ENTROPY_NV_SEED is disabled by default, but it is enabled in the full config.
Several of our test scripts create a seedfile, including all.sh and basic-build-test.sh. So everything just works in CI runs. But when running tests manually, this can be a gotcha.
Historically this has mostly worked invisibly because test_suite_entropy happens not to require a valid seedfile on entry and to leave a valid seedfile behind when it passes, and the other test suites that call the entropy module come after entropy in alphabetical order. But if you enable MBEDTLS_USE_PSA_CRYPTO (which config.py full does) then test_suite_cipher calls psa_crypto_init which obtains entropy and therefore requires a seedfile. Since cipher comes before entropy, if you haven't created a seedfile manually, psa_crypto_init() fails.
Another failure reason is when the seedfile is too small. The size of the seedfile is determined by
the hash that the entropy module uses. If you run tests with either MBEDTLS_SHA512_C disabled or MBEDTLS_ENTROPY_FORCE_SHA256 enabled, and then run tests with MBEDTLS_SHA512_C enabled or MBEDTLS_ENTROPY_FORCE_SHA256 disabled, and MBEDTLS_ENTROPY_NV_SEED enabled in both cases, the second test run starts with a seedfile that's too small, and again it will fail if something needs entropy before test_suite_entropy.
In production, the seedfile should contain cryptographic-quality random data. In tests, this isn't necessary. So I think we should add automatic seedfile creation to the test suite, but not to the sample programs.
The seedfile read/write functions are configurable, and if they're set to non-default values, they might not access a file via stdio. So the test startup code should only work in terms of the mbedtls_nv_seed_write and mbedtls_nv_seed_read abstractions.
yuhaoth
commented
1 year ago
When
MBEDTLS_ENTROPY_NV_SEEDis enabled, any code that callsmbedtls_entropy_initneeds an existing seedfile of sufficient size.MBEDTLS_ENTROPY_NV_SEEDis disabled by default, but it is enabled in thefullconfig.Several of our test scripts create a seedfile, including
all.shandbasic-build-test.sh. So everything just works in CI runs. But when running tests manually, this can be a gotcha.Historically this has mostly worked invisibly because
test_suite_entropyhappens not to require a valid seedfile on entry and to leave a valid seedfile behind when it passes, and the other test suites that call the entropy module come afterentropyin alphabetical order. But if you enableMBEDTLS_USE_PSA_CRYPTO(whichconfig.py fulldoes) thentest_suite_ciphercallspsa_crypto_initwhich obtains entropy and therefore requires a seedfile. Sinceciphercomes beforeentropy, if you haven't created a seedfile manually,psa_crypto_init()fails.Another failure reason is when the seedfile is too small. The size of the seedfile is determined by the hash that the entropy module uses. If you run tests with either
MBEDTLS_SHA512_Cdisabled orMBEDTLS_ENTROPY_FORCE_SHA256enabled, and then run tests withMBEDTLS_SHA512_Cenabled orMBEDTLS_ENTROPY_FORCE_SHA256disabled, andMBEDTLS_ENTROPY_NV_SEEDenabled in both cases, the second test run starts with a seedfile that's too small, and again it will fail if something needs entropy beforetest_suite_entropy.In production, the seedfile should contain cryptographic-quality random data. In tests, this isn't necessary. So I think we should add automatic seedfile creation to the test suite, but not to the sample programs.
The seedfile read/write functions are configurable, and if they're set to non-default values, they might not access a file via stdio. So the test startup code should only work in terms of the
mbedtls_nv_seed_writeandmbedtls_nv_seed_readabstractions.