Merge remote-tracking branch 'public/mbedtls-2.28' into merge-2.28
* public/mbedtls-2.28: (88 commits)
tests/ssl_helpers: Check that message queue is popped
Upgrade python dependencies in requirements file
Fix some typo for include folder
Adjust TLS protocol cases for 2.28
Fix copypasta
Declare the new generated files
Add generated config tests
Remove some settings that don't exist in 2.28
Adjust generate_config_tests.py for 2.28
Terminology: use "dependencies" for a list of settings
Terminology: consistently use "setting", not "option"
Explain why we require TLS client and server simultaneously
Fix missing negation
Pacify mypy
Detect sub-options
Generate config test cases for single options
Anchor relative paths
New test suite to report configuration options
Recognize that a double-inclusion guard is not a config setting
Add and update some .gitignore files
...
diff --git a/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt b/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt
new file mode 100644
index 0000000..079cd74
--- /dev/null
+++ b/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt
@@ -0,0 +1,4 @@
+Security
+ * Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does
+ not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when
+ MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 4842fd4..406ae3f 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -4020,11 +4020,18 @@
* Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the
* PSA crypto subsystem.
*
- * If this option is unset:
- * - If CTR_DRBG is available, the PSA subsystem uses it rather than HMAC_DRBG.
- * - Otherwise, the PSA subsystem uses HMAC_DRBG with either
- * #MBEDTLS_MD_SHA512 or #MBEDTLS_MD_SHA256 based on availability and
- * on unspecified heuristics.
+ * If this option is unset, the library chooses a hash (currently between
+ * #MBEDTLS_MD_SHA512 and #MBEDTLS_MD_SHA256) based on availability and
+ * unspecified heuristics.
+ *
+ * \note The PSA crypto subsystem uses the first available mechanism amongst
+ * the following:
+ * - #MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG if enabled;
+ * - Entropy from #MBEDTLS_ENTROPY_C plus CTR_DRBG with AES
+ * if #MBEDTLS_CTR_DRBG_C is enabled;
+ * - Entropy from #MBEDTLS_ENTROPY_C plus HMAC_DRBG.
+ *
+ * A future version may reevaluate the prioritization of DRBG mechanisms.
*/
//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
diff --git a/library/psa_crypto_random_impl.h b/library/psa_crypto_random_impl.h
index 6150fee..d47e057 100644
--- a/library/psa_crypto_random_impl.h
+++ b/library/psa_crypto_random_impl.h
@@ -39,13 +39,10 @@
#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
/* Choose a DRBG based on configuration and availability */
-#if defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE)
-
-#include "mbedtls/hmac_drbg.h"
-
-#elif defined(MBEDTLS_CTR_DRBG_C)
+#if defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/ctr_drbg.h"
+#undef MBEDTLS_PSA_HMAC_DRBG_MD_TYPE
#elif defined(MBEDTLS_HMAC_DRBG_C)
@@ -67,9 +64,11 @@
#error "No hash algorithm available for HMAC_DBRG."
#endif
-#else
+#else /* !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C*/
+
#error "No DRBG module available for the psa_crypto module."
-#endif
+
+#endif /* !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C*/
#include "mbedtls/entropy.h"