Make it possible to enable CTR_DRBG/PSA without a PSA AES driver

Make it possible, but not officially supported, to switch the CTR_DRBG module to PSA mode even if MBEDTLS_AES_C is defined. This is not really useful in practice, but is convenient to test the PSA mode without setting up drivers. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-12-18 17:14:12 +03:00 · 2024-06-20 21:47:31 +02:00
parent dc10825ab9
commit bdd16d4cb1
4 changed files with 47 additions and 25 deletions
--- a/tests/src/psa_crypto_helpers.c
+++ b/tests/src/psa_crypto_helpers.c
@@ -13,6 +13,10 @@
 #include <psa_crypto_slot_management.h>
 #include <test/psa_crypto_helpers.h>

+#if defined(MBEDTLS_CTR_DRBG_C)
+#include <mbedtls/ctr_drbg.h>
+#endif
+
 #if defined(MBEDTLS_PSA_CRYPTO_C)

 #include <psa/crypto.h>
@@ -70,8 +74,9 @@ const char *mbedtls_test_helper_is_psa_leaking(void)

    mbedtls_psa_get_stats(&stats);

-#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C) && \
-    !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) &&                        \
+    defined(MBEDTLS_CTR_DRBG_C) &&                                      \
+    defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
    /* When AES_C is not defined and PSA does not have an external RNG,
     * then CTR_DRBG uses PSA to perform AES-ECB. In this scenario 1 key
     * slot is used internally from PSA to hold the AES key and it should