search

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
https://www.trustedfirmware.org/projects/mbed-tls/
Other
5.56k stars 2.61k forks source link

MBEDTLS_ENTROPY_HARDWARE_ALT in 4.0 #9618

Open yanesca opened 2 months ago

yanesca commented 2 months ago

Add a parameter to mbedtls_hardware_poll(). And to reduce confusion it shouldn't have the same name, and so the name can be modernized (though it won't be an official PSA API). The parameters should be the same with one addition: the new function should be able to convey the entropy content of the data gathered. (The callers don't need to use this yet, this is to allow future development during 4.x.)

The description of MBEDTLS_ENTROPY_HARDWARE_ALT should spell out the function signature and shouldn't reference an internal header. (MBEDTLS_ENTROPY_HARDWARE_ALT and the corresponding function is part of the stable API, any header in which the function might appear isn't necessarily stable and we should limit the confusion by removing this link.)

gilles-peskine-arm commented 2 months ago

The callers don't need to use this yet, this is to allow future development during 4.x.

The callers do need to use this argument. At least, to preserve current functionality, the caller needs to insist that the callback reports full entropy. For full support of the new functionality, the caller needs to call the callback multiple times in a loop. If we call the entropy callback and it provides only a small amount of entropy, we definitely must not accept that.