Replace legacy RNG in sample programs #9965
Labels
size-m
Estimated task size: medium (~1w)
Comments
davidhorstmann-arm
added
size-m
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Part of implementing #9904
Replace the legacy random number generation with
psa_generate_random()in the following programs:x509/cert_app.cx509/cert_req.cx509/cert_write.cpkey/pk_sign.cpkey/rsa_sign_pss.cfuzz/fuzz_dtlsclient.cfuzz/fuzz_privkey.cfuzz/fuzz_server.cfuzz/fuzz_dtlsserver.cfuzz/fuzz_client.cfuzz/common.cssl/ssl_server.cssl/dtls_server.cssl/ssl_mail_client.cssl/ssl_client1.cssl/mini_client.cssl/ssl_test_lib.cssl/dtls_client.cssl/ssl_pthread_server.cssl/ssl_fork_server.cCurrently these programs call the Mbed TLS legacy entropy and DRBG functions to generate random data. Replace all of that setup with a simple call to
psa_generate_random()(and add a call topsa_crypto_init()if required).Note: where the random generation function is passed as a callback, you may need to use the
mbedtls_psa_get_random()wrapper.This task is done when none of the listed programs use the legacy API for random number generation (and they all work). Manual testing may be required as we don't have automated tests for all of the programs.
Estimate: 10 Ideal Engineering Hours
The text was updated successfully, but these errors were encountered: