[mbed-tls] Global entropy required for TLS 1.3?

19 May 2023


      The MbedTLS generally allows you to pass in an RNG callback for each function that requires it. This is even explicitly called out in the 3.x migration guide:
...
The RNG parameter is now mandatory for all functions that accept one
https://github.com/Mbed-TLS/mbedtls/blob/a7d454cec2/docs/3.0-migration-guide...
However, TLS 1.3 support requires MBEDTLS_PSA_CRYPTO_C
https://github.com/Mbed-TLS/mbedtls/blob/a7d454cec2/include/mbedtls/check_co...
And MBEDTLS_PSA_CRYPTO_C requires MBEDTLS_ENTROPY_C or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
https://github.com/Mbed-TLS/mbedtls/blob/a7d454cec2/include/mbedtls/check_co...
This seems to go against the general rule that MbedTLS doesn't require any global state. Was this done intentionally?
-- 
Jethro Beekman | Fortanix

2024

2023

2022

2021

2020

[mbed-tls] Global entropy required for TLS 1.3?