Strong entropy/random sources are a must to get secure crypto algorithms,
but sometimes its useful to allow non-CS sources as well for sake of
test purposes. MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG_ALLOW_NON_CSPRNG was
designed exactly for this scope, but recently also TEST_CSPRNG_GENERATOR
was added and it acts similarly:
- MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG_ALLOW_NON_CSPRNG operates in
"zephyr/modules/mbedtls/zephyr_entropy.c" allowing
mbedtls_psa_external_get_random() to try both sys_csrand_get() first
and then sys_rand_get() as fallback.
- TEST_CSPRNG_GENERATOR instead operates in
"zephyr/subsys/random/random_test_csprng.c" and it basically wraps
the call to sys_csrand_get() with a call to sys_rand_get().
Albeit they operate at different level, the result is identical, so
Mbed TLS should support both of them when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
is set and there is no CSPRNG_ENABLED.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
46b8536a27