Disable the insecure PSA test RNG by default

To reduce the risk of people accidentally using the test implementation of mbedtls_psa_external_get_random(), which is insecure, require the user to explicitly call mbedtls_test_enable_insecure_external_rng() first. Disabling the test implementation of mbedtls_psa_external_get_random() will also allow negative testing for MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG, which will be added in a subsequent commit. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-24 18:39:12 +01:00 · 2020-11-24 18:39:12 +01:00 · 76175ba785
commit 76175ba785
parent f6be590bf6
3 changed files with 47 additions and 1 deletions
--- a/tests/src/psa_crypto_helpers.c
+++ b/tests/src/psa_crypto_helpers.c
@ -72,13 +72,29 @@ psa_status_t mbedtls_test_record_status( psa_status_t status,
 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
 #include <test/random.h>

+static int test_insecure_external_rng_enabled = 0;
+
+void mbedtls_test_enable_insecure_external_rng( void )
+{
+    test_insecure_external_rng_enabled = 1;
+}
+
+void mbedtls_test_disable_insecure_external_rng( void )
+{
+    test_insecure_external_rng_enabled = 0;
+}
+
 psa_status_t mbedtls_psa_external_get_random(
    mbedtls_psa_external_random_context_t *context,
    uint8_t *output, size_t output_size, size_t *output_length )
 {
+    (void) context;
+
+    if( !test_insecure_external_rng_enabled )
+        return( PSA_ERROR_INSUFFICIENT_ENTROPY );
+
    /* This implementation is for test purposes only!
     * Use the libc non-cryptographic random generator. */
-    (void) context;
    mbedtls_test_rnd_std_rand( NULL, output, output_size );
    *output_length = output_size;
    return( PSA_SUCCESS );