Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MBEDTLS_PSA_INJECT_ENTROPY breaks the build since 2.26 #7516

Closed
gilles-peskine-arm opened this issue Apr 28, 2023 · 0 comments · Fixed by #7518
Closed

MBEDTLS_PSA_INJECT_ENTROPY breaks the build since 2.26 #7516

gilles-peskine-arm opened this issue Apr 28, 2023 · 0 comments · Fixed by #7518
Assignees
@gilles-peskine-arm
Labels
bug component-psa PSA keystore/dispatch layer (storage, drivers, …) size-s Estimated task size: small (~2d)

Comments

@gilles-peskine-arm
Copy link
Contributor

The build option MBEDTLS_PSA_INJECT_ENTROPY has been broken since Mbed TLS 2.26 (and still is as of 2.28.3 and 3.4.0).

To reproduce:

scripts/config.py set MBEDTLS_PSA_INJECT_ENTROPY
scripts/config.py set MBEDTLS_ENTROPY_NV_SEED
scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
make lib

Expected: success. (Building a program would cause a link error due to missing platform functions, that part is expected.)

Actual:

…
library/psa_crypto.c: In function ‘mbedtls_psa_random_init’:
library/psa_crypto.c:6051:33: error: ‘mbedtls_nv_seed_poll’ undeclared (first use in this function); did you mean ‘mbedtls_nv_seed_read’?
 6051 |                                 mbedtls_nv_seed_poll, NULL,
      |                                 ^~~~~~~~~~~~~~~~~~~~
      |                                 mbedtls_nv_seed_read

This option is tricky to use and not well documented, but it is used in Mbed OS (where it was integrated by people who were on the Mbed Crypto team). We want to replace it by a properly integrated mechanism under the PSA API (which may be backward compatible — TBD), but that mechanism isn't implemented yet. In the meantime, MBEDTLS_PSA_INJECT_ENTROPY as currently implemented needs to work.
@gilles-peskine-arm gilles-peskine-arm added bug component-psa PSA keystore/dispatch layer (storage, drivers, …) size-s Estimated task size: small (~2d) labels Apr 28, 2023
@gilles-peskine-arm gilles-peskine-arm self-assigned this Apr 28, 2023
@gilles-peskine-arm gilles-peskine-arm mentioned this issue Apr 28, 2023
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gilles-peskine-arm gilles-peskine-arm

Labels
bug component-psa PSA keystore/dispatch layer (storage, drivers, …) size-s Estimated task size: small (~2d)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix and test MBEDTLS_PSA_INJECT_ENTROPY gilles-peskine-arm/mbedtls
1 participant
@gilles-peskine-arm