mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-11-03 20:33:16 +03:00
72177e362b
The dependency on a DRBG module was perhaps a bit strict for LTS branches, so let's have an option that works with no DRBG when at least one SHA module is present. This changes the internal API of ecp_drbg_seed() by adding the size of the MPI as a parameter. Re-computing the size from the number of limbs doesn't work too well here as we're writing out to a fixed-size buffer and for some curves (P-521) that would round up too much. Using mbedtls_mpi_get_len() is not entirely satisfactory either as it would mean using a variable-length encoding, with could open side channels. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>