6 Apr
2021
6 Apr
'21
12:42 p.m.
Hi Jeff,
It looks like you're using an old version of Mbed TLS. mbedtls_hmac_drbg_seed used to set ctx->entropy_len to entropy_len * 3 / 2, but this changed (https://github.com/ARMmbed/mbed-crypto/pull/238) to making a call to mbedtls_entropy_func for entropy_len and then one again for entropy_len / 2, precisely to avoid the scenario you're describing where the HMAC_DRBG module would request more entropy than the entropy can deliver in a single call.
Please upgrade to the latest release of Mbed TLS, or the latest 2.16 release if you want a long-time support branch. The version you're using is old and has known vulnerabilities.
--
Gilles Peskine
Mbed TLS developer
On 06/04/2021 13:59, Thompson, Jeff via mbed-tls wrote:
>
> �
>
> The call flow is mbedtls_hmac_drbg -> mbedtls_hmac_drbg_reseed ->
> mbedtls_entropy_func where the parameter, len, is 48 and
> MBEDTLS_ENTROPY_BLOCK_SIZE is 32. I see that mbedtls_hmac_drbg_seed
> sets �ctx->entropy_len = entropy_len * 3 / 2, which explains the size
> difference. I�ve probably mis-configured (see attached) in order to
> use TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, because other ciphers take too
> long.
>
> �
>
> *Jeff Thompson*�| �Senior Electrical Engineer-Firmware
> +1 704 752 6513 x1394
> www.invue.com <www.invue.com>
>
> �
>
>