mbedtls_hardware_poll should have a public prototype #9881
Labels
bug
component-crypto
Crypto primitives and low-level interfaces
size-xs
Estimated task size: extra small (a few hours at most)
Comments
gilles-peskine-arm
added
bug
component-crypto
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In Mbed TLS 3, the function
mbedtls_hardware_poll()is the main way to set up an entropy source on a platform. Integrators enableMBEDTLS_ENTROPY_HARDWARE_ALTand define a function which “must be calledmbedtls_hardware_poll(), have the same prototype as declared inlibrary/entropy_poll.h, and acceptNULLas first argument”.library/entropy_poll.his not a public header, so there's no way for the compiler to validate thatmbedtls_hardware_poll()has the correct type. Furthermore there's no way to tell howmbedtls_hardware_poll()should behave, or even what its prototype is, without looking at the source code of Mbed TLS.The declaration and documentation of
mbedtls_hardware_poll()should be in a public header, like we do for ALT interfaces.This only affects Mbed TLS 3.6. In 2.28,
entropy_poll.hwas private. In TF-PSA-Crypto, this interface will change and we intend to declare the function in a public header.Note: since no integrator has complained about this (to my knowledge), we are likely to treat this as a low-priority issue.
The text was updated successfully, but these errors were encountered: