In builds with only a nonvolatile seed but no actual entropy source, the
naive protection against fork() by reseeding in the child doesn't work:
every child forked from the same RNG state gets the same RNG state. To make
the child's RNG state unique in that case, use a public but unique
personalization string.
The personalization string includes the time. Use `mbedtls_ms_time()` if
available. Fall back to the classic (but obsolescent) `gettimeofday()`
otherwise.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
If a process forks with the PSA subsystem active, the PSA RNG state is
duplicated. This led to the parent process and the child process generating
the same sequence of random numbers.
Fix this by forcing a reseed if the value of `getpid()` changes. This is the
same technique used in OpenSSL ≥1.1.1d.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Move the PSA internal RNG functions (i.e. the parts of the PSA random
generator that are used when `MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` is not
enabled) to a separate source file.
`mbedtls_psa_crypto_configure_entropy_sources` stays where it is, at least
for now, because it accesses global data directly and because I have no
immediate reason to move it.
Refactoring only, no behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
