diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c37133920f..c8dd0d0c1f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -101,11 +101,6 @@ typedef struct { static psa_global_data_t global_data; -#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) -mbedtls_psa_drbg_context_t *const mbedtls_psa_drbg_ctx = - &global_data.rng.drbg; -#endif - #define GUARD_MODULE_INITIALIZED \ if (global_data.initialized == 0) \ return PSA_ERROR_BAD_STATE; @@ -7322,7 +7317,7 @@ static void mbedtls_psa_random_init(mbedtls_psa_random_context_t *rng) MBEDTLS_ENTROPY_SOURCE_STRONG); #endif - mbedtls_psa_drbg_init(MBEDTLS_PSA_DRBG_CTX); + mbedtls_psa_drbg_init(&rng->drbg); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ } @@ -7333,7 +7328,7 @@ static void mbedtls_psa_random_free(mbedtls_psa_random_context_t *rng) #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) memset(rng, 0, sizeof(*rng)); #else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ - mbedtls_psa_drbg_free(MBEDTLS_PSA_DRBG_CTX); + mbedtls_psa_drbg_free(&rng->drbg); rng->entropy_free(&rng->entropy); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ } @@ -7348,7 +7343,7 @@ static psa_status_t mbedtls_psa_random_seed(mbedtls_psa_random_context_t *rng) return PSA_SUCCESS; #else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ const unsigned char drbg_seed[] = "PSA"; - int ret = mbedtls_psa_drbg_seed(&rng->entropy, + int ret = mbedtls_psa_drbg_seed(&rng->drbg, &rng->entropy, drbg_seed, sizeof(drbg_seed) - 1); return mbedtls_to_psa_error(ret); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ @@ -7382,7 +7377,7 @@ psa_status_t psa_generate_random(uint8_t *output, (output_size > MBEDTLS_PSA_RANDOM_MAX_REQUEST ? MBEDTLS_PSA_RANDOM_MAX_REQUEST : output_size); - int ret = mbedtls_psa_legacy_get_random(MBEDTLS_PSA_DRBG_CTX, + int ret = mbedtls_psa_legacy_get_random(&global_data.rng.drbg, output, request_size); if (ret != 0) { return mbedtls_to_psa_error(ret); diff --git a/library/psa_crypto_random_impl.h b/library/psa_crypto_random_impl.h index 0a2ae9ebc7..10db73d336 100644 --- a/library/psa_crypto_random_impl.h +++ b/library/psa_crypto_random_impl.h @@ -118,14 +118,6 @@ typedef struct { #define MBEDTLS_PSA_RANDOM_MAX_REQUEST MBEDTLS_HMAC_DRBG_MAX_REQUEST #endif -/** A pointer to the PSA DRBG context. - * - * This variable is only intended to be used through the macro - * #MBEDTLS_PSA_DRBG_CTX. - */ -extern mbedtls_psa_drbg_context_t *const mbedtls_psa_drbg_ctx; -#define MBEDTLS_PSA_DRBG_CTX mbedtls_psa_drbg_ctx - /** Seed the PSA DRBG. * * \param entropy An entropy context to read the seed from. @@ -138,18 +130,19 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_drbg_ctx; * \return An Mbed TLS error code (\c MBEDTLS_ERR_xxx) on failure. */ static inline int mbedtls_psa_drbg_seed( + mbedtls_psa_drbg_context_t *drbg_ctx, mbedtls_entropy_context *entropy, const unsigned char *custom, size_t len) { #if defined(MBEDTLS_CTR_DRBG_C) - return mbedtls_ctr_drbg_seed(MBEDTLS_PSA_DRBG_CTX, + return mbedtls_ctr_drbg_seed(drbg_ctx, mbedtls_entropy_func, entropy, custom, len); #elif defined(MBEDTLS_HMAC_DRBG_C) const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE); - return mbedtls_hmac_drbg_seed(MBEDTLS_PSA_DRBG_CTX, + return mbedtls_hmac_drbg_seed(drbg_ctx, md_info, mbedtls_entropy_func, entropy,