On 12/09/2023 19:50, Christian Huitema via mbed-tls wrote:
By the way, I have a similar question regarding mbedtls_ctr_drbg_random. I assume that I should use psa_generate_random instead, but I do not see the PSA equivalents of mbedtls_ctr_drbg_seed or mbedtls_entropy_func. Is it correct to assume that these are handled "under the hood", for example by psa_crypto_init?
That's correct. psa_crypto_init() seeds a PRNG. psa_generate_random() produces output from this PRNG and reseeds periodically.
Under the hood, by default, the entropy sources are the same as mbedtls_entropy_func() and the DRBG is the one from the CTR_DRBG module with its default configuration.
By the way, if you have working code using the mbedtls crypto API and you want to migrate to the PSA API, you may be interested in this guide (not yet reviewed): https://github.com/Mbed-TLS/mbedtls/pull/7766
Best regards,