Add fall-back to hash-based KDF for internal ECP DRBG

The dependency on a DRBG module was perhaps a bit strict for LTS branches, so
let's have an option that works with no DRBG when at least one SHA module is
present.

This changes the internal API of ecp_drbg_seed() by adding the size of the
MPI as a parameter. Re-computing the size from the number of limbs doesn't
work too well here as we're writing out to a fixed-size buffer and for some
curves (P-521) that would round up too much. Using mbedtls_mpi_get_len() is
not entirely satisfactory either as it would mean using a variable-length
encoding, with could open side channels.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

tests/scripts/all.sh

@@ -814,6 +814,69 @@ component_test_no_hmac_drbg () {
     # so there's little value in running those lengthy tests here.
 }
 
+component_test_no_drbg_all_hashes () {
+    # this tests the internal ECP DRBG using a KDF based on SHA-512
+    msg "build: Default minus DRBGs"
+    scripts/config.pl unset MBEDTLS_CTR_DRBG_C
+    scripts/config.pl unset MBEDTLS_HMAC_DRBG_C
+    scripts/config.pl unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
+    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_C # requires a DRBG
+    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto
+
+    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+    make
+
+    msg "test: Default minus DRBGs"
+    make test
+
+    # no SSL tests as they all depend on having a DRBG
+}
+
+component_test_no_drbg_no_sha512 () {
+    # this tests the internal ECP DRBG using a KDF based on SHA-256
+    msg "build: Default minus DRBGs minus SHA-512"
+    scripts/config.pl unset MBEDTLS_CTR_DRBG_C
+    scripts/config.pl unset MBEDTLS_HMAC_DRBG_C
+    scripts/config.pl unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
+    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_C # requires a DRBG
+    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto
+    scripts/config.pl unset MBEDTLS_SHA512_C
+
+    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+    make
+
+    msg "test: Default minus DRBGs minus SHA-512"
+    make test
+
+    # no SSL tests as they all depend on having a DRBG
+}
+
+component_test_no_drbg_no_sha2 () {
+    # this tests the internal ECP DRBG using a KDF based on SHA-1
+    msg "build: Default minus DRBGs minus SHA-2"
+    scripts/config.pl unset MBEDTLS_CTR_DRBG_C
+    scripts/config.pl unset MBEDTLS_HMAC_DRBG_C
+    scripts/config.pl unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
+    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_C # requires a DRBG
+    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto
+    scripts/config.pl unset MBEDTLS_SHA512_C
+    scripts/config.pl unset MBEDTLS_SHA256_C
+    scripts/config.pl unset MBEDTLS_ENTROPY_C # requires SHA-2
+    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_C # requires Entropy
+    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto
+    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_SE_C # requires PSA Crypto
+    scripts/config.pl unset MBEDTLS_USE_PSA_CRYPTO # requires PSA Crypto
+    scripts/config.pl unset MBEDTLS_SSL_PROTO_TLS1_2 # requires SHA-2
+
+    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+    make
+
+    msg "test: Default minus DRBGs minus SHA-2"
+    make test
+
+    # no SSL tests as they all depend on having a DRBG
+}
+
 component_test_ecp_no_internal_rng () {
     msg "build: Default plus ECP_NO_INTERNAL_RNG minus DRBG modules"
     scripts/config.pl set MBEDTLS_ECP_NO_INTERNAL_RNG