Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove RNG parameters from public X.509 APIs #9929

Open
gilles-peskine-arm opened this issue Jan 24, 2025 · 1 comment
Open

Remove RNG parameters from public X.509 APIs #9929

gilles-peskine-arm opened this issue Jan 24, 2025 · 1 comment
Labels
api-break This issue/PR breaks the API and must wait for a new major version component-x509 needs-design-approval size-s Estimated task size: small (~2d)

Comments

@gilles-peskine-arm
Copy link
Contributor

gilles-peskine-arm commented Jan 24, 2025
edited
Loading

In Mbed TLS 4.0, all RNG calls will go to the PSA RNG. So public functions must no longer take an RNG callback (it would not be honored).

Legacy RNG callbacks have the following form:

int (*f_rng)(void *, unsigned char *, size_t), void *p_rng

The goal of this task is to update all the public functions in Mbed TLS X.509 APIs (include/mbedtls/x509*.h) that take an RNG argument:

  • Remove the f_rng and p_rng arguments from the function prototypes.
  • Also remove f_rng and p_rng arguments in internal functions in the same modules where they're propagated down.
  • Change calls to f_rng to instead call psa_generate_random.
  • Where f_rng and p_rng are passed to a function in another module that takes an RNG argument, pass mbedtls_psa_get_random and MBEDTLS_PSA_RANDOM_STATE from <mbedtls/psa_util.h>.
  • Change calling code accordingly.
  • Optional, may be done in a follow-up: where the calling code is setting up an entropy context and a DRBG context, and those are no longer needed, remove those contexts.
@gilles-peskine-arm gilles-peskine-arm added api-break This issue/PR breaks the API and must wait for a new major version component-x509 size-s Estimated task size: small (~2d) labels Jan 24, 2025
@gilles-peskine-arm gilles-peskine-arm moved this to Implementation needed in Mbed TLS 4.0 planning Jan 24, 2025
@gilles-peskine-arm gilles-peskine-arm moved this from Implementation needed to Design needed in Mbed TLS 4.0 planning Jan 27, 2025
@gilles-peskine-arm
Copy link
Contributor Author

Task on hold during rethink — see Mbed-TLS/TF-PSA-Crypto#168 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api-break This issue/PR breaks the API and must wait for a new major version component-x509 needs-design-approval size-s Estimated task size: small (~2d)
Projects
Mbed TLS 4.0 planning
Status: Design needed
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gilles-peskine-arm