From bb91bcda0e60f6c106323598e9477b60c6a96507 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Mon, 26 Feb 2024 08:41:33 +0100
Subject: [PATCH 1/7] psa: move mbedtls_psa_get_random() to psa_util.c

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 library/psa_crypto.c | 33 ---------------------------------
 library/psa_util.c   | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 87444e129f..3aed6e6498 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -7394,39 +7394,6 @@ psa_status_t psa_generate_random(uint8_t *output,
 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 }
 
-/* Wrapper function allowing the classic API to use the PSA RNG.
- *
- * `mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, ...)` calls
- * `psa_generate_random(...)`. The state parameter is ignored since the
- * PSA API doesn't support passing an explicit state.
- *
- * In the non-external case, psa_generate_random() calls an
- * `mbedtls_xxx_drbg_random` function which has exactly the same signature
- * and semantics as mbedtls_psa_get_random(). As an optimization,
- * instead of doing this back-and-forth between the PSA API and the
- * classic API, psa_crypto_random_impl.h defines `mbedtls_psa_get_random`
- * as a constant function pointer to `mbedtls_xxx_drbg_random`.
- */
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-int mbedtls_psa_get_random(void *p_rng,
-                           unsigned char *output,
-                           size_t output_size)
-{
-    /* This function takes a pointer to the RNG state because that's what
-     * classic mbedtls functions using an RNG expect. The PSA RNG manages
-     * its own state internally and doesn't let the caller access that state.
-     * So we just ignore the state parameter, and in practice we'll pass
-     * NULL. */
-    (void) p_rng;
-    psa_status_t status = psa_generate_random(output, output_size);
-    if (status == PSA_SUCCESS) {
-        return 0;
-    } else {
-        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
-    }
-}
-#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-
 #if defined(MBEDTLS_PSA_INJECT_ENTROPY)
 psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
                                         size_t seed_size)
diff --git a/library/psa_util.c b/library/psa_util.c
index 125b1734e7..eda6ca8781 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -338,6 +338,39 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family,
 }
 #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
 
+/* Wrapper function allowing the classic API to use the PSA RNG.
+ *
+ * `mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, ...)` calls
+ * `psa_generate_random(...)`. The state parameter is ignored since the
+ * PSA API doesn't support passing an explicit state.
+ *
+ * In the non-external case, psa_generate_random() calls an
+ * `mbedtls_xxx_drbg_random` function which has exactly the same signature
+ * and semantics as mbedtls_psa_get_random(). As an optimization,
+ * instead of doing this back-and-forth between the PSA API and the
+ * classic API, psa_crypto_random_impl.h defines `mbedtls_psa_get_random`
+ * as a constant function pointer to `mbedtls_xxx_drbg_random`.
+ */
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+int mbedtls_psa_get_random(void *p_rng,
+                           unsigned char *output,
+                           size_t output_size)
+{
+    /* This function takes a pointer to the RNG state because that's what
+     * classic mbedtls functions using an RNG expect. The PSA RNG manages
+     * its own state internally and doesn't let the caller access that state.
+     * So we just ignore the state parameter, and in practice we'll pass
+     * NULL. */
+    (void) p_rng;
+    psa_status_t status = psa_generate_random(output, output_size);
+    if (status == PSA_SUCCESS) {
+        return 0;
+    } else {
+        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+    }
+}
+#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
+
 #endif /* MBEDTLS_PSA_CRYPTO_C */
 
 #if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA)

From a53e7a5cb56e8cdc50fb02f31fabf9701792b526 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Mon, 26 Feb 2024 12:03:59 +0100
Subject: [PATCH 2/7] psa: let mbedtls_psa_get_random() always use
 psa_generate_random()

It means that mbedtls_psa_get_random() goes through the PSA interface
all the times. Fallbacks to CTR_DRBG or HMAC_DRBG are still possible,
but that depends on how the crypto provider is built.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 include/mbedtls/psa_util.h       | 57 ++++--------------------
 library/psa_crypto.c             | 10 ++---
 library/psa_crypto_random_impl.h | 76 ++++++++++----------------------
 library/psa_util.c               | 10 +----
 4 files changed, 37 insertions(+), 116 deletions(-)

diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index 984f031549..f79178d7e9 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -23,42 +23,22 @@
 
 #if defined(MBEDTLS_PSA_CRYPTO_C)
 
-/* Expose whatever RNG the PSA subsystem uses to applications using the
- * mbedtls_xxx API. The declarations and definitions here need to be
- * consistent with the implementation in library/psa_crypto_random_impl.h.
- * See that file for implementation documentation. */
-
-
-/* The type of a `f_rng` random generator function that many library functions
- * take.
- *
- * This type name is not part of the Mbed TLS stable API. It may be renamed
- * or moved without warning.
- */
-typedef int mbedtls_f_rng_t(void *p_rng, unsigned char *output, size_t output_size);
-
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-
 /** The random generator function for the PSA subsystem.
  *
  * This function is suitable as the `f_rng` random generator function
- * parameter of many `mbedtls_xxx` functions. Use #MBEDTLS_PSA_RANDOM_STATE
- * to obtain the \p p_rng parameter.
+ * parameter of many `mbedtls_xxx` functions.
  *
  * The implementation of this function depends on the configuration of the
  * library.
  *
- * \note Depending on the configuration, this may be a function or
- *       a pointer to a function.
- *
  * \note This function may only be used if the PSA crypto subsystem is active.
  *       This means that you must call psa_crypto_init() before any call to
  *       this function, and you must not call this function after calling
  *       mbedtls_psa_crypto_free().
  *
- * \param p_rng         The random generator context. This must be
- *                      #MBEDTLS_PSA_RANDOM_STATE. No other state is
- *                      supported.
+ * \param p_rng         This parameter is only kept for backward compatibility
+ *                      reasons with legacy `f_rng` functions and it's ignored.
+ *                      Set to #MBEDTLS_PSA_RANDOM_STATE or NULL.
  * \param output        The buffer to fill. It must have room for
  *                      \c output_size bytes.
  * \param output_size   The number of bytes to write to \p output.
@@ -80,32 +60,11 @@ int mbedtls_psa_get_random(void *p_rng,
 
 /** The random generator state for the PSA subsystem.
  *
- * This macro expands to an expression which is suitable as the `p_rng`
- * random generator state parameter of many `mbedtls_xxx` functions.
- * It must be used in combination with the random generator function
- * mbedtls_psa_get_random().
- *
- * The implementation of this macro depends on the configuration of the
- * library. Do not make any assumption on its nature.
+ * This macro always expands to NULL because the `p_rng` parameter is unused
+ * in mbedtls_psa_get_random(), but it's kept for interface's backward
+ * compatibility.
  */
-#define MBEDTLS_PSA_RANDOM_STATE NULL
-
-#else /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
-
-#if defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/ctr_drbg.h"
-typedef mbedtls_ctr_drbg_context mbedtls_psa_drbg_context_t;
-static mbedtls_f_rng_t *const mbedtls_psa_get_random = mbedtls_ctr_drbg_random;
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-#include "mbedtls/hmac_drbg.h"
-typedef mbedtls_hmac_drbg_context mbedtls_psa_drbg_context_t;
-static mbedtls_f_rng_t *const mbedtls_psa_get_random = mbedtls_hmac_drbg_random;
-#endif
-extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state;
-
-#define MBEDTLS_PSA_RANDOM_STATE mbedtls_psa_random_state
-
-#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
+#define MBEDTLS_PSA_RANDOM_STATE    NULL
 
 /** \defgroup psa_tls_helpers TLS helper functions
  * @{
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 3aed6e6498..c37133920f 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -102,7 +102,7 @@ typedef struct {
 static psa_global_data_t global_data;
 
 #if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state =
+mbedtls_psa_drbg_context_t *const mbedtls_psa_drbg_ctx =
     &global_data.rng.drbg;
 #endif
 
@@ -7322,7 +7322,7 @@ static void mbedtls_psa_random_init(mbedtls_psa_random_context_t *rng)
                                MBEDTLS_ENTROPY_SOURCE_STRONG);
 #endif
 
-    mbedtls_psa_drbg_init(MBEDTLS_PSA_RANDOM_STATE);
+    mbedtls_psa_drbg_init(MBEDTLS_PSA_DRBG_CTX);
 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 }
 
@@ -7333,7 +7333,7 @@ static void mbedtls_psa_random_free(mbedtls_psa_random_context_t *rng)
 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
     memset(rng, 0, sizeof(*rng));
 #else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-    mbedtls_psa_drbg_free(MBEDTLS_PSA_RANDOM_STATE);
+    mbedtls_psa_drbg_free(MBEDTLS_PSA_DRBG_CTX);
     rng->entropy_free(&rng->entropy);
 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 }
@@ -7382,8 +7382,8 @@ psa_status_t psa_generate_random(uint8_t *output,
             (output_size > MBEDTLS_PSA_RANDOM_MAX_REQUEST ?
              MBEDTLS_PSA_RANDOM_MAX_REQUEST :
              output_size);
-        int ret = mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
-                                         output, request_size);
+        int ret = mbedtls_psa_legacy_get_random(MBEDTLS_PSA_DRBG_CTX,
+                                                output, request_size);
         if (ret != 0) {
             return mbedtls_to_psa_error(ret);
         }
diff --git a/library/psa_crypto_random_impl.h b/library/psa_crypto_random_impl.h
index 64b894914e..0a2ae9ebc7 100644
--- a/library/psa_crypto_random_impl.h
+++ b/library/psa_crypto_random_impl.h
@@ -20,23 +20,9 @@
 
 #include "psa_util_internal.h"
 
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
 
-#include <string.h>
-#include <mbedtls/entropy.h> // only for error codes
-#include <psa/crypto.h>
-
-typedef mbedtls_psa_external_random_context_t mbedtls_psa_random_context_t;
-
-/* Trivial wrapper around psa_generate_random(). */
-int mbedtls_psa_get_random(void *p_rng,
-                           unsigned char *output,
-                           size_t output_size);
-
-/* The PSA RNG API doesn't need any externally maintained state. */
-#define MBEDTLS_PSA_RANDOM_STATE NULL
-
-#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
+#include "mbedtls/entropy.h"
 
 /* Choose a DRBG based on configuration and availability */
 #if defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE)
@@ -67,11 +53,23 @@ int mbedtls_psa_get_random(void *p_rng,
 #error "No hash algorithm available for HMAC_DBRG."
 #endif
 
-#else
+#else /* !MBEDTLS_PSA_HMAC_DRBG_MD_TYPE && !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C*/
 #error "No DRBG module available for the psa_crypto module."
-#endif
+#endif /* !MBEDTLS_PSA_HMAC_DRBG_MD_TYPE && !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C*/
 
-#include "mbedtls/entropy.h"
+#if defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/ctr_drbg.h"
+#elif defined(MBEDTLS_HMAC_DRBG_C)
+#include "mbedtls/hmac_drbg.h"
+#endif /* !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C */
+
+#if defined(MBEDTLS_CTR_DRBG_C)
+#define mbedtls_psa_legacy_get_random       mbedtls_ctr_drbg_random
+typedef mbedtls_ctr_drbg_context            mbedtls_psa_drbg_context_t;
+#elif defined(MBEDTLS_HMAC_DRBG_C)
+#define mbedtls_psa_legacy_get_random       mbedtls_hmac_drbg_random
+typedef mbedtls_hmac_drbg_context           mbedtls_psa_drbg_context_t;
+#endif /* !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C */
 
 /** Initialize the PSA DRBG.
  *
@@ -111,20 +109,6 @@ typedef struct {
     mbedtls_psa_drbg_context_t drbg;
 } mbedtls_psa_random_context_t;
 
-/* Defined in include/psa_util_internal.h so that it's visible to
- * application code. The declaration here is redundant, but included
- * as a safety net to make it more likely that a future change that
- * accidentally causes the implementation to diverge from the interface
- * will be noticed. */
-/* Do not include the declaration under MSVC because it doesn't accept it
- * ("error C2370: 'mbedtls_psa_get_random' : redefinition; different storage class").
- * Observed with Visual Studio 2013. A known bug apparently:
- * https://stackoverflow.com/questions/8146541/duplicate-external-static-declarations-not-allowed-in-visual-studio
- */
-#if !defined(_MSC_VER)
-static mbedtls_f_rng_t *const mbedtls_psa_get_random;
-#endif
-
 /** The maximum number of bytes that mbedtls_psa_get_random() is expected to
  * return.
  */
@@ -134,27 +118,13 @@ static mbedtls_f_rng_t *const mbedtls_psa_get_random;
 #define MBEDTLS_PSA_RANDOM_MAX_REQUEST MBEDTLS_HMAC_DRBG_MAX_REQUEST
 #endif
 
-/** A pointer to the PSA DRBG state.
+/** A pointer to the PSA DRBG context.
  *
  * This variable is only intended to be used through the macro
- * #MBEDTLS_PSA_RANDOM_STATE.
+ * #MBEDTLS_PSA_DRBG_CTX.
  */
-/* psa_crypto.c sets this variable to a pointer to the DRBG state in the
- * global PSA crypto state. */
-/* The type `mbedtls_psa_drbg_context_t` is defined in
- * include/psa_util_internal.h so that `mbedtls_psa_random_state` can be
- * declared there and be visible to application code. */
-extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state;
-
-/** A pointer to the PSA DRBG state.
- *
- * This macro expands to an expression that is suitable as the \c p_rng
- * parameter to pass to mbedtls_psa_get_random().
- *
- * This macro exists in all configurations where the psa_crypto module is
- * enabled. Its expansion depends on the configuration.
- */
-#define MBEDTLS_PSA_RANDOM_STATE mbedtls_psa_random_state
+extern mbedtls_psa_drbg_context_t *const mbedtls_psa_drbg_ctx;
+#define MBEDTLS_PSA_DRBG_CTX    mbedtls_psa_drbg_ctx
 
 /** Seed the PSA DRBG.
  *
@@ -172,14 +142,14 @@ static inline int mbedtls_psa_drbg_seed(
     const unsigned char *custom, size_t len)
 {
 #if defined(MBEDTLS_CTR_DRBG_C)
-    return mbedtls_ctr_drbg_seed(MBEDTLS_PSA_RANDOM_STATE,
+    return mbedtls_ctr_drbg_seed(MBEDTLS_PSA_DRBG_CTX,
                                  mbedtls_entropy_func,
                                  entropy,
                                  custom, len);
 #elif defined(MBEDTLS_HMAC_DRBG_C)
     const mbedtls_md_info_t *md_info =
         mbedtls_md_info_from_type(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE);
-    return mbedtls_hmac_drbg_seed(MBEDTLS_PSA_RANDOM_STATE,
+    return mbedtls_hmac_drbg_seed(MBEDTLS_PSA_DRBG_CTX,
                                   md_info,
                                   mbedtls_entropy_func,
                                   entropy,
diff --git a/library/psa_util.c b/library/psa_util.c
index eda6ca8781..7384bf17e4 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -46,6 +46,7 @@
 #if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA)
 #include <mbedtls/cipher.h>
 #endif
+#include <mbedtls/entropy.h>
 
 /* PSA_SUCCESS is kept at the top of each error table since
  * it's the most common status when everything functions properly. */
@@ -343,15 +344,7 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family,
  * `mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, ...)` calls
  * `psa_generate_random(...)`. The state parameter is ignored since the
  * PSA API doesn't support passing an explicit state.
- *
- * In the non-external case, psa_generate_random() calls an
- * `mbedtls_xxx_drbg_random` function which has exactly the same signature
- * and semantics as mbedtls_psa_get_random(). As an optimization,
- * instead of doing this back-and-forth between the PSA API and the
- * classic API, psa_crypto_random_impl.h defines `mbedtls_psa_get_random`
- * as a constant function pointer to `mbedtls_xxx_drbg_random`.
  */
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
 int mbedtls_psa_get_random(void *p_rng,
                            unsigned char *output,
                            size_t output_size)
@@ -369,7 +362,6 @@ int mbedtls_psa_get_random(void *p_rng,
         return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
     }
 }
-#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 
 #endif /* MBEDTLS_PSA_CRYPTO_C */
 

From 061d4e4655e54779b3788a107ab9c61d4cfee466 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Mon, 26 Feb 2024 12:52:44 +0100
Subject: [PATCH 3/7] psa: simplify management of mbedtls_psa_drbg_context_t

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 library/psa_crypto.c             | 13 ++++---------
 library/psa_crypto_random_impl.h | 13 +++----------
 2 files changed, 7 insertions(+), 19 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index c37133920f..c8dd0d0c1f 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -101,11 +101,6 @@ typedef struct {
 
 static psa_global_data_t global_data;
 
-#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-mbedtls_psa_drbg_context_t *const mbedtls_psa_drbg_ctx =
-    &global_data.rng.drbg;
-#endif
-
 #define GUARD_MODULE_INITIALIZED        \
     if (global_data.initialized == 0)  \
     return PSA_ERROR_BAD_STATE;
@@ -7322,7 +7317,7 @@ static void mbedtls_psa_random_init(mbedtls_psa_random_context_t *rng)
                                MBEDTLS_ENTROPY_SOURCE_STRONG);
 #endif
 
-    mbedtls_psa_drbg_init(MBEDTLS_PSA_DRBG_CTX);
+    mbedtls_psa_drbg_init(&rng->drbg);
 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 }
 
@@ -7333,7 +7328,7 @@ static void mbedtls_psa_random_free(mbedtls_psa_random_context_t *rng)
 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
     memset(rng, 0, sizeof(*rng));
 #else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-    mbedtls_psa_drbg_free(MBEDTLS_PSA_DRBG_CTX);
+    mbedtls_psa_drbg_free(&rng->drbg);
     rng->entropy_free(&rng->entropy);
 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 }
@@ -7348,7 +7343,7 @@ static psa_status_t mbedtls_psa_random_seed(mbedtls_psa_random_context_t *rng)
     return PSA_SUCCESS;
 #else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
     const unsigned char drbg_seed[] = "PSA";
-    int ret = mbedtls_psa_drbg_seed(&rng->entropy,
+    int ret = mbedtls_psa_drbg_seed(&rng->drbg, &rng->entropy,
                                     drbg_seed, sizeof(drbg_seed) - 1);
     return mbedtls_to_psa_error(ret);
 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
@@ -7382,7 +7377,7 @@ psa_status_t psa_generate_random(uint8_t *output,
             (output_size > MBEDTLS_PSA_RANDOM_MAX_REQUEST ?
              MBEDTLS_PSA_RANDOM_MAX_REQUEST :
              output_size);
-        int ret = mbedtls_psa_legacy_get_random(MBEDTLS_PSA_DRBG_CTX,
+        int ret = mbedtls_psa_legacy_get_random(&global_data.rng.drbg,
                                                 output, request_size);
         if (ret != 0) {
             return mbedtls_to_psa_error(ret);
diff --git a/library/psa_crypto_random_impl.h b/library/psa_crypto_random_impl.h
index 0a2ae9ebc7..10db73d336 100644
--- a/library/psa_crypto_random_impl.h
+++ b/library/psa_crypto_random_impl.h
@@ -118,14 +118,6 @@ typedef struct {
 #define MBEDTLS_PSA_RANDOM_MAX_REQUEST MBEDTLS_HMAC_DRBG_MAX_REQUEST
 #endif
 
-/** A pointer to the PSA DRBG context.
- *
- * This variable is only intended to be used through the macro
- * #MBEDTLS_PSA_DRBG_CTX.
- */
-extern mbedtls_psa_drbg_context_t *const mbedtls_psa_drbg_ctx;
-#define MBEDTLS_PSA_DRBG_CTX    mbedtls_psa_drbg_ctx
-
 /** Seed the PSA DRBG.
  *
  * \param entropy       An entropy context to read the seed from.
@@ -138,18 +130,19 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_drbg_ctx;
  * \return              An Mbed TLS error code (\c MBEDTLS_ERR_xxx) on failure.
  */
 static inline int mbedtls_psa_drbg_seed(
+    mbedtls_psa_drbg_context_t *drbg_ctx,
     mbedtls_entropy_context *entropy,
     const unsigned char *custom, size_t len)
 {
 #if defined(MBEDTLS_CTR_DRBG_C)
-    return mbedtls_ctr_drbg_seed(MBEDTLS_PSA_DRBG_CTX,
+    return mbedtls_ctr_drbg_seed(drbg_ctx,
                                  mbedtls_entropy_func,
                                  entropy,
                                  custom, len);
 #elif defined(MBEDTLS_HMAC_DRBG_C)
     const mbedtls_md_info_t *md_info =
         mbedtls_md_info_from_type(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE);
-    return mbedtls_hmac_drbg_seed(MBEDTLS_PSA_DRBG_CTX,
+    return mbedtls_hmac_drbg_seed(drbg_ctx,
                                   md_info,
                                   mbedtls_entropy_func,
                                   entropy,

From 718180c7b5e0236decdf326e5155961e1cb68c22 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Tue, 27 Feb 2024 11:58:39 +0100
Subject: [PATCH 4/7] psa_crypto_random_impl: minor fixes

- define mbedtls_psa_random_context_t even when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
  is defined
- define mbedtls_psa_legacy_get_random as pointer to function instead
  of #define to make "check_names" test happy.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 library/psa_crypto.c             |  8 +++-
 library/psa_crypto_random_impl.h | 74 ++++++++++++--------------------
 2 files changed, 33 insertions(+), 49 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index c8dd0d0c1f..b86a4fcb7f 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -7373,12 +7373,16 @@ psa_status_t psa_generate_random(uint8_t *output,
 #else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 
     while (output_size > 0) {
+        int ret = MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED;
         size_t request_size =
             (output_size > MBEDTLS_PSA_RANDOM_MAX_REQUEST ?
              MBEDTLS_PSA_RANDOM_MAX_REQUEST :
              output_size);
-        int ret = mbedtls_psa_legacy_get_random(&global_data.rng.drbg,
-                                                output, request_size);
+#if defined(MBEDTLS_CTR_DRBG_C)
+        ret = mbedtls_ctr_drbg_random(&global_data.rng.drbg, output, request_size);
+#elif defined(MBEDTLS_HMAC_DRBG_C)
+        ret = mbedtls_hmac_drbg_random(&global_data.rng.drbg, output, request_size);
+#endif /* !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C */
         if (ret != 0) {
             return mbedtls_to_psa_error(ret);
         }
diff --git a/library/psa_crypto_random_impl.h b/library/psa_crypto_random_impl.h
index 10db73d336..533fb2e940 100644
--- a/library/psa_crypto_random_impl.h
+++ b/library/psa_crypto_random_impl.h
@@ -1,14 +1,6 @@
 /** \file psa_crypto_random_impl.h
  *
  * \brief PSA crypto random generator implementation abstraction.
- *
- * The definitions here need to be consistent with the declarations
- * in include/psa_util_internal.h. This file contains some redundant
- * declarations to increase the chance that a compiler will detect
- * inconsistencies if one file is changed without updating the other,
- * but not all potential inconsistencies can be enforced, so make sure
- * to check the public declarations and contracts in
- * include/psa_util_internal.h if you modify this file.
  */
 /*
  *  Copyright The Mbed TLS Contributors
@@ -20,7 +12,11 @@
 
 #include "psa_util_internal.h"
 
-#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+
+typedef mbedtls_psa_external_random_context_t mbedtls_psa_random_context_t;
+
+#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 
 #include "mbedtls/entropy.h"
 
@@ -54,7 +50,9 @@
 #endif
 
 #else /* !MBEDTLS_PSA_HMAC_DRBG_MD_TYPE && !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C*/
+
 #error "No DRBG module available for the psa_crypto module."
+
 #endif /* !MBEDTLS_PSA_HMAC_DRBG_MD_TYPE && !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C*/
 
 #if defined(MBEDTLS_CTR_DRBG_C)
@@ -63,14 +61,26 @@
 #include "mbedtls/hmac_drbg.h"
 #endif /* !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C */
 
+/* The maximum number of bytes that mbedtls_psa_get_random() is expected to return. */
+#if defined(MBEDTLS_CTR_DRBG_C)
+#define MBEDTLS_PSA_RANDOM_MAX_REQUEST MBEDTLS_CTR_DRBG_MAX_REQUEST
+#elif defined(MBEDTLS_HMAC_DRBG_C)
+#define MBEDTLS_PSA_RANDOM_MAX_REQUEST MBEDTLS_HMAC_DRBG_MAX_REQUEST
+#endif
+
 #if defined(MBEDTLS_CTR_DRBG_C)
-#define mbedtls_psa_legacy_get_random       mbedtls_ctr_drbg_random
 typedef mbedtls_ctr_drbg_context            mbedtls_psa_drbg_context_t;
 #elif defined(MBEDTLS_HMAC_DRBG_C)
-#define mbedtls_psa_legacy_get_random       mbedtls_hmac_drbg_random
 typedef mbedtls_hmac_drbg_context           mbedtls_psa_drbg_context_t;
 #endif /* !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C */
 
+typedef struct {
+    void (* entropy_init)(mbedtls_entropy_context *ctx);
+    void (* entropy_free)(mbedtls_entropy_context *ctx);
+    mbedtls_entropy_context entropy;
+    mbedtls_psa_drbg_context_t drbg;
+} mbedtls_psa_random_context_t;
+
 /** Initialize the PSA DRBG.
  *
  * \param p_rng        Pointer to the Mbed TLS DRBG state.
@@ -97,27 +107,6 @@ static inline void mbedtls_psa_drbg_free(mbedtls_psa_drbg_context_t *p_rng)
 #endif
 }
 
-/** The type of the PSA random generator context.
- *
- * The random generator context is composed of an entropy context and
- * a DRBG context.
- */
-typedef struct {
-    void (* entropy_init)(mbedtls_entropy_context *ctx);
-    void (* entropy_free)(mbedtls_entropy_context *ctx);
-    mbedtls_entropy_context entropy;
-    mbedtls_psa_drbg_context_t drbg;
-} mbedtls_psa_random_context_t;
-
-/** The maximum number of bytes that mbedtls_psa_get_random() is expected to
- * return.
- */
-#if defined(MBEDTLS_CTR_DRBG_C)
-#define MBEDTLS_PSA_RANDOM_MAX_REQUEST MBEDTLS_CTR_DRBG_MAX_REQUEST
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-#define MBEDTLS_PSA_RANDOM_MAX_REQUEST MBEDTLS_HMAC_DRBG_MAX_REQUEST
-#endif
-
 /** Seed the PSA DRBG.
  *
  * \param entropy       An entropy context to read the seed from.
@@ -129,24 +118,15 @@ typedef struct {
  * \return              \c 0 on success.
  * \return              An Mbed TLS error code (\c MBEDTLS_ERR_xxx) on failure.
  */
-static inline int mbedtls_psa_drbg_seed(
-    mbedtls_psa_drbg_context_t *drbg_ctx,
-    mbedtls_entropy_context *entropy,
-    const unsigned char *custom, size_t len)
+static inline int mbedtls_psa_drbg_seed(mbedtls_psa_drbg_context_t *drbg_ctx,
+                                        mbedtls_entropy_context *entropy,
+                                        const unsigned char *custom, size_t len)
 {
 #if defined(MBEDTLS_CTR_DRBG_C)
-    return mbedtls_ctr_drbg_seed(drbg_ctx,
-                                 mbedtls_entropy_func,
-                                 entropy,
-                                 custom, len);
+    return mbedtls_ctr_drbg_seed(drbg_ctx, mbedtls_entropy_func, entropy, custom, len);
 #elif defined(MBEDTLS_HMAC_DRBG_C)
-    const mbedtls_md_info_t *md_info =
-        mbedtls_md_info_from_type(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE);
-    return mbedtls_hmac_drbg_seed(drbg_ctx,
-                                  md_info,
-                                  mbedtls_entropy_func,
-                                  entropy,
-                                  custom, len);
+    const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE);
+    return mbedtls_hmac_drbg_seed(drbg_ctx, md_info, mbedtls_entropy_func, entropy, custom, len);
 #endif
 }
 

From a50190e2df771d0639ab239b48922562a78ec8e8 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Thu, 29 Feb 2024 15:23:00 +0100
Subject: [PATCH 5/7] add changelog

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 ChangeLog.d/8825.txt | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 ChangeLog.d/8825.txt

diff --git a/ChangeLog.d/8825.txt b/ChangeLog.d/8825.txt
new file mode 100644
index 0000000000..b7a2487860
--- /dev/null
+++ b/ChangeLog.d/8825.txt
@@ -0,0 +1,6 @@
+Features
+   * mbedtls_psa_get_random() is always available as soon as
+     MBEDTLS_PSA_CRYPTO_C is enabled at build time and psa_crypto_init() is
+     called at runtime. This together with MBEDTLS_PSA_RANDOM_STATE can be
+     used as random number generator function(f_rng) and context (p_rng) in
+     legacy functions.

From 1a58e9a2326d34254125c30ffad9acd33a610905 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Thu, 29 Feb 2024 16:14:29 +0100
Subject: [PATCH 6/7] psa_util: change guard for mbedtls_psa_get_random() to
 CRYPTO_CLIENT

This commit also:
- updates changelog
- add a stub function to be used in component_test_psa_crypto_client()
  test

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 ChangeLog.d/8825.txt         |  2 +-
 include/mbedtls/psa_util.h   |  4 ++--
 library/psa_util.c           |  4 ++--
 library/psa_util_internal.h  |  4 ++--
 tests/src/psa_crypto_stubs.c | 25 +++++++++++++++++++++++++
 5 files changed, 32 insertions(+), 7 deletions(-)
 create mode 100644 tests/src/psa_crypto_stubs.c

diff --git a/ChangeLog.d/8825.txt b/ChangeLog.d/8825.txt
index b7a2487860..f892f806d7 100644
--- a/ChangeLog.d/8825.txt
+++ b/ChangeLog.d/8825.txt
@@ -1,6 +1,6 @@
 Features
    * mbedtls_psa_get_random() is always available as soon as
-     MBEDTLS_PSA_CRYPTO_C is enabled at build time and psa_crypto_init() is
+     MBEDTLS_PSA_CRYPTO_CLIENT is enabled at build time and psa_crypto_init() is
      called at runtime. This together with MBEDTLS_PSA_RANDOM_STATE can be
      used as random number generator function(f_rng) and context (p_rng) in
      legacy functions.
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index f79178d7e9..c78cc23333 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -21,7 +21,7 @@
  * otherwise error codes would be unknown in test_suite_psa_crypto_util.data.*/
 #include <mbedtls/asn1write.h>
 
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
 
 /** The random generator function for the PSA subsystem.
  *
@@ -139,7 +139,7 @@ static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa
 {
     return (mbedtls_md_type_t) (psa_alg & PSA_ALG_HASH_MASK);
 }
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
 
 #if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA)
 
diff --git a/library/psa_util.c b/library/psa_util.c
index 7384bf17e4..4ccc5b05d8 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -18,7 +18,7 @@
 
 #include "psa_util_internal.h"
 
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
 
 #include <psa/crypto.h>
 
@@ -363,7 +363,7 @@ int mbedtls_psa_get_random(void *p_rng,
     }
 }
 
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
 
 #if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA)
 
diff --git a/library/psa_util_internal.h b/library/psa_util_internal.h
index 3e62d5f850..70a08a02cd 100644
--- a/library/psa_util_internal.h
+++ b/library/psa_util_internal.h
@@ -16,7 +16,7 @@
 
 #include "psa/crypto.h"
 
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
 
 /*************************************************************************
  * FFDH
@@ -96,5 +96,5 @@ int psa_pk_status_to_mbedtls(psa_status_t status);
                           sizeof(error_list)/sizeof(error_list[0]),   \
                           fallback_f)
 
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
 #endif /* MBEDTLS_PSA_UTIL_INTERNAL_H */
diff --git a/tests/src/psa_crypto_stubs.c b/tests/src/psa_crypto_stubs.c
new file mode 100644
index 0000000000..be011213f9
--- /dev/null
+++ b/tests/src/psa_crypto_stubs.c
@@ -0,0 +1,25 @@
+/** \file psa_crypto_stubs.c
+ *
+ * \brief Stub functions when MBEDTLS_PSA_CRYPTO_CLIENT is enabled but
+ *        MBEDTLS_PSA_CRYPTO_C is disabled.
+ */
+
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include <psa/crypto.h>
+
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+
+psa_status_t psa_generate_random(uint8_t *output,
+                                 size_t output_size)
+{
+    (void) output;
+    (void) output_size;
+
+    return PSA_ERROR_COMMUNICATION_FAILURE;
+}
+
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT !MBEDTLS_PSA_CRYPTO_C */

From ada2ec34821074fc25b0741e4d140975aa531cb2 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Fri, 1 Mar 2024 18:04:14 +0100
Subject: [PATCH 7/7] psa_crypto_stubs/changelog: fix typos

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 ChangeLog.d/8825.txt         | 2 +-
 tests/src/psa_crypto_stubs.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ChangeLog.d/8825.txt b/ChangeLog.d/8825.txt
index f892f806d7..914bd08fdd 100644
--- a/ChangeLog.d/8825.txt
+++ b/ChangeLog.d/8825.txt
@@ -2,5 +2,5 @@ Features
    * mbedtls_psa_get_random() is always available as soon as
      MBEDTLS_PSA_CRYPTO_CLIENT is enabled at build time and psa_crypto_init() is
      called at runtime. This together with MBEDTLS_PSA_RANDOM_STATE can be
-     used as random number generator function(f_rng) and context (p_rng) in
+     used as random number generator function (f_rng) and context (p_rng) in
      legacy functions.
diff --git a/tests/src/psa_crypto_stubs.c b/tests/src/psa_crypto_stubs.c
index be011213f9..f3ca850747 100644
--- a/tests/src/psa_crypto_stubs.c
+++ b/tests/src/psa_crypto_stubs.c
@@ -22,4 +22,4 @@ psa_status_t psa_generate_random(uint8_t *output,
     return PSA_ERROR_COMMUNICATION_FAILURE;
 }
 
-#endif /* MBEDTLS_PSA_CRYPTO_CLIENT !MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */