Description
Description
Bug: psa_generate_random fails with the error PSA_ERROR_NOT_SUPPORTED if asked to generate more than 1024 bytes in one call. This also affects psa_generate_key when generating symmetric keys.
More precisely, the limit is MBEDTLS_CTR_DRBG_MAX_REQUEST. This limit can be configured in config.h, but there is little reason to reduce it since it won't reduce the memory consumption of the library.
Workaround: call psa_generate_random in a loop, retrieving at most 1024 bytes per call.
Affected versions: all versions of Mbed Crypto until this is fixed.
Impact: applications should check the return value of psa_generate_random, so the bug should at least be detectable. But an application that does not check the return value and assumes that psa_generate_random always succeeds would silently operate with non-random data. For psa_generate_key, there is probably no real-world impact since 1024 bytes is well above the usual size of symmetric keys.
Cause: psa_generate_random calls mbedtls_ctr_drbg_random which is unwilling to return more than MBEDTLS_CTR_DRBG_MAX_REQUEST in a single call.
Issue request type
[ ] Question
[ ] Enhancement
[x] Bug