SSL test programs: enable the PSA test external RNG

Currently, MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is tested with a dummy
insecure implementation of mbedtls_psa_external_get_random. This
function needs to be explicitly enabled at runtime. This needs to
happen when the PSA external RNG is used, which currently is the case
in SSL test programs only when MBEDTLS_USE_PSA_CRYPTO is enabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-01-13 23:53:09 +01:00
parent a222434952
commit 2146211204
3 changed files with 14 additions and 0 deletions

View file

@ -760,6 +760,9 @@ int main( int argc, char *argv[] )
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
goto exit; goto exit;
} }
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
mbedtls_test_enable_insecure_external_rng( );
#endif
#endif #endif
if( argc == 0 ) if( argc == 0 )

View file

@ -1412,6 +1412,9 @@ int main( int argc, char *argv[] )
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
goto exit; goto exit;
} }
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
mbedtls_test_enable_insecure_external_rng( );
#endif
#endif #endif
#if !defined(_WIN32) #if !defined(_WIN32)

View file

@ -189,6 +189,14 @@ void rng_free( rng_context_t *rng );
*/ */
int rng_get( void *p_rng, unsigned char *output, size_t output_len ); int rng_get( void *p_rng, unsigned char *output, size_t output_len );
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
/* The test implementation of the PSA external RNG is insecure. When
* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled, before using any PSA crypto
* function that makes use of an RNG, you must call
* mbedtls_test_enable_insecure_external_rng(). */
#include <test/psa_crypto_helpers.h>
#endif
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
int ca_callback( void *data, mbedtls_x509_crt const *child, int ca_callback( void *data, mbedtls_x509_crt const *child,
mbedtls_x509_crt **candidates ); mbedtls_x509_crt **candidates );