From 8814fc4a348db5c66f04fafc67bccb4d0648e8c5 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 14 Dec 2020 15:33:44 +0100
Subject: [PATCH] Make mbedtls_psa_get_random more usable outside psa_crypto.c

In the external RNG case, don't make mbedtls_psa_get_random() a
static inline function: this would likely result in identical
instances of this function in every module that uses it. Instead, make
it a single function with external linkage.

In the non-external case, instead of a trivial wrapper function, make
mbedtls_psa_get_random a constant pointer to whichever DRBG function
is being used.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/psa_crypto.c        | 18 ++++++++++++++++++
 library/psa_crypto_random.h | 27 +++++++++------------------
 2 files changed, 27 insertions(+), 18 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index bb38475e8..288e0717e 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -6413,6 +6413,24 @@ psa_status_t psa_generate_random( uint8_t *output,
 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 }
 
+/* Wrapper function allowing the classic API to use the PSA RNG.
+ * In the non-external case, mbedtls_psa_get_random is defined
+ * as a constant function pointer in psa_crypto_random.h.
+ */
+#if defined (MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+int mbedtls_psa_get_random( void *p_rng,
+                            unsigned char *output,
+                            size_t output_size )
+{
+    (void) p_rng;
+    psa_status_t status = psa_generate_random( output, output_size );
+    if( status == PSA_SUCCESS )
+        return( 0 );
+    else
+        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+}
+#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
+
 #if defined(MBEDTLS_PSA_INJECT_ENTROPY)
 #include "mbedtls/entropy_poll.h"
 
diff --git a/library/psa_crypto_random.h b/library/psa_crypto_random.h
index cc1222a39..2482d6bc2 100644
--- a/library/psa_crypto_random.h
+++ b/library/psa_crypto_random.h
@@ -30,17 +30,9 @@
 
 typedef mbedtls_psa_external_random_context_t mbedtls_psa_random_context_t;
 
-static inline int mbedtls_psa_get_random( void *p_rng,
-                                          unsigned char *output,
-                                          size_t output_size )
-{
-    (void) p_rng;
-    psa_status_t status = psa_generate_random( output, output_size );
-    if( status == PSA_SUCCESS )
-        return( 0 );
-    else
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
-}
+int mbedtls_psa_get_random( void *p_rng,
+                            unsigned char *output,
+                            size_t output_size );
 
 #define MBEDTLS_PSA_RANDOM_STATE NULL
 
@@ -144,16 +136,15 @@ typedef struct
  * \return              \c MBEDTLS_ERR_xxx_DRBG_xxx or
  *                      \c MBEDTLS_ERR_PLATFORM_xxx on failure.
  */
-static inline int mbedtls_psa_get_random( void *p_rng,
-                                          unsigned char *output,
-                                          size_t output_len )
-{
 #if defined(MBEDTLS_CTR_DRBG_C)
-    return( mbedtls_ctr_drbg_random( p_rng, output, output_len ) );
+static int ( *const mbedtls_psa_get_random )(
+    void *p_rng, unsigned char *output, size_t output_size ) =
+    mbedtls_ctr_drbg_random;
 #elif defined(MBEDTLS_HMAC_DRBG_C)
-    return( mbedtls_hmac_drbg_random( p_rng, output, output_len ) );
+static int ( *const mbedtls_psa_get_random )(
+    void *p_rng, unsigned char *output, size_t output_size ) =
+    mbedtls_hmac_drbg_random;
 #endif
-}
 
 /** The maximum number of bytes that mbedtls_psa_get_random() is expected to
  * return.