From 6e99bb203fa710333d3498adb2b1fdb5e01aadcd Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Tue, 6 Feb 2024 15:27:49 +0000
Subject: [PATCH 1/4] Add buffer copying to psa_generate_random()

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 library/psa_crypto.c | 98 +++++++++++++++++++++++++++-----------------
 1 file changed, 60 insertions(+), 38 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 5b7a838a50..16e3447fa7 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -4190,6 +4190,54 @@ psa_status_t mbedtls_psa_verify_hash_abort(
         * defined( MBEDTLS_ECP_RESTARTABLE ) */
 }
 
+static psa_status_t psa_generate_random_internal(uint8_t *output,
+                                                 size_t output_size)
+{
+    GUARD_MODULE_INITIALIZED;
+
+    psa_status_t status;
+
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+
+    size_t output_length = 0;
+    status = mbedtls_psa_external_get_random(&global_data.rng,
+                                             output, output_size,
+                                             &output_length);
+    if (status != PSA_SUCCESS) {
+        goto exit;
+    }
+    /* Breaking up a request into smaller chunks is currently not supported
+     * for the external RNG interface. */
+    if (output_length != output_size) {
+        status = PSA_ERROR_INSUFFICIENT_ENTROPY;
+        goto exit;
+    }
+    status = PSA_SUCCESS;
+
+#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
+
+    while (output_size > 0) {
+        size_t request_size =
+            (output_size > MBEDTLS_PSA_RANDOM_MAX_REQUEST ?
+             MBEDTLS_PSA_RANDOM_MAX_REQUEST :
+             output_size);
+        int ret = mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
+                                         output, request_size);
+        if (ret != 0) {
+            status = mbedtls_to_psa_error(ret);
+            goto exit;
+        }
+        output_size -= request_size;
+        output += request_size;
+    }
+    status = PSA_SUCCESS;
+#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
+
+exit:
+    return status;
+}
+
+
 /****************************************************************/
 /* Symmetric cryptography */
 /****************************************************************/
@@ -4308,7 +4356,7 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
         goto exit;
     }
 
-    status = psa_generate_random(local_iv, default_iv_length);
+    status = psa_generate_random_internal(local_iv, default_iv_length);
     if (status != PSA_SUCCESS) {
         goto exit;
     }
@@ -4497,7 +4545,7 @@ psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key,
             goto exit;
         }
 
-        status = psa_generate_random(local_iv, default_iv_length);
+        status = psa_generate_random_internal(local_iv, default_iv_length);
         if (status != PSA_SUCCESS) {
             goto exit;
         }
@@ -5003,7 +5051,7 @@ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
         goto exit;
     }
 
-    status = psa_generate_random(local_nonce, required_nonce_size);
+    status = psa_generate_random_internal(local_nonce, required_nonce_size);
     if (status != PSA_SUCCESS) {
         goto exit;
     }
@@ -7517,7 +7565,7 @@ exit:
          * some constant data such as zeros, which would result in the data
          * being protected with a reproducible, easily knowable key.
          */
-        psa_generate_random(output, output_size);
+        psa_generate_random_internal(output, output_size);
         *output_length = output_size;
     }
 
@@ -7527,7 +7575,6 @@ exit:
 }
 
 
-
 /****************************************************************/
 /* Random generation */
 /****************************************************************/
@@ -7596,44 +7643,19 @@ static psa_status_t mbedtls_psa_random_seed(mbedtls_psa_random_context_t *rng)
 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 }
 
-psa_status_t psa_generate_random(uint8_t *output,
+psa_status_t psa_generate_random(uint8_t *output_external,
                                  size_t output_size)
 {
-    GUARD_MODULE_INITIALIZED;
+    psa_status_t status;
 
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+    LOCAL_OUTPUT_DECLARE(output_external, output);
+    LOCAL_OUTPUT_ALLOC(output_external, output_size, output);
 
-    size_t output_length = 0;
-    psa_status_t status = mbedtls_psa_external_get_random(&global_data.rng,
-                                                          output, output_size,
-                                                          &output_length);
-    if (status != PSA_SUCCESS) {
-        return status;
-    }
-    /* Breaking up a request into smaller chunks is currently not supported
-     * for the external RNG interface. */
-    if (output_length != output_size) {
-        return PSA_ERROR_INSUFFICIENT_ENTROPY;
-    }
-    return PSA_SUCCESS;
+    status = psa_generate_random_internal(output, output_size);
 
-#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-
-    while (output_size > 0) {
-        size_t request_size =
-            (output_size > MBEDTLS_PSA_RANDOM_MAX_REQUEST ?
-             MBEDTLS_PSA_RANDOM_MAX_REQUEST :
-             output_size);
-        int ret = mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
-                                         output, request_size);
-        if (ret != 0) {
-            return mbedtls_to_psa_error(ret);
-        }
-        output_size -= request_size;
-        output += request_size;
-    }
-    return PSA_SUCCESS;
-#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
+exit:
+    LOCAL_OUTPUT_FREE(output_external, output);
+    return status;
 }
 
 /* Wrapper function allowing the classic API to use the PSA RNG.

From 075c5fb76fd7e5f92e44fc25d61c44654962c49b Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Tue, 6 Feb 2024 15:44:08 +0000
Subject: [PATCH 2/4] Generate test wrappers for psa_generate_random()

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 tests/scripts/generate_psa_wrappers.py | 2 ++
 tests/src/psa_test_wrappers.c          | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/tests/scripts/generate_psa_wrappers.py b/tests/scripts/generate_psa_wrappers.py
index cdc798db9e..a6c340cc1f 100755
--- a/tests/scripts/generate_psa_wrappers.py
+++ b/tests/scripts/generate_psa_wrappers.py
@@ -163,6 +163,8 @@ class PSAWrapperGenerator(c_wrapper_generator.Base):
                              'psa_hash_verify',
                              'psa_hash_compute',
                              'psa_hash_compare'):
+
+        if function_name == 'psa_generate_random':
             return True
         return False
 
diff --git a/tests/src/psa_test_wrappers.c b/tests/src/psa_test_wrappers.c
index 5f0a3dd08c..fa9a8d6f02 100644
--- a/tests/src/psa_test_wrappers.c
+++ b/tests/src/psa_test_wrappers.c
@@ -542,7 +542,13 @@ psa_status_t mbedtls_test_wrap_psa_generate_random(
     uint8_t *arg0_output,
     size_t arg1_output_size)
 {
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+    MBEDTLS_TEST_MEMORY_POISON(arg0_output, arg1_output_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
     psa_status_t status = (psa_generate_random)(arg0_output, arg1_output_size);
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
+    MBEDTLS_TEST_MEMORY_UNPOISON(arg0_output, arg1_output_size);
+#endif /* defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) */
     return status;
 }
 

From e097bbdcf3f4d489adea1b0dec425b0cf9d2a84b Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Wed, 28 Feb 2024 14:17:10 +0000
Subject: [PATCH 3/4] Add missing guards around exit label

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 library/psa_crypto.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 16e3447fa7..e0ae088b76 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -7653,7 +7653,9 @@ psa_status_t psa_generate_random(uint8_t *output_external,
 
     status = psa_generate_random_internal(output, output_size);
 
+#if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS)
 exit:
+#endif
     LOCAL_OUTPUT_FREE(output_external, output);
     return status;
 }

From 7581363122d7e441c5db79c324a25e75e1025b00 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Wed, 28 Feb 2024 15:16:44 +0000
Subject: [PATCH 4/4] Fix incorrect conflict resolution

A return statement was missing in the wrapper generation script.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 tests/scripts/generate_psa_wrappers.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/generate_psa_wrappers.py b/tests/scripts/generate_psa_wrappers.py
index a6c340cc1f..852fd6e7fa 100755
--- a/tests/scripts/generate_psa_wrappers.py
+++ b/tests/scripts/generate_psa_wrappers.py
@@ -163,7 +163,7 @@ class PSAWrapperGenerator(c_wrapper_generator.Base):
                              'psa_hash_verify',
                              'psa_hash_compute',
                              'psa_hash_compare'):
-
+            return True
         if function_name == 'psa_generate_random':
             return True
         return False