michaelh/zephyr
1
0
Fork 0
Code Releases Activity

mbedtls: use CSPRNG whenever possible as PSA random source

Browse source 
The main problem of MBEDTLS_PSA_CRYPTO_LEGACY_RNG is that it
brings in some legacy modules (entropy + ctr_drbg/hmac_drbg)
which means extra ROM/RAM footprint.
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG instead simply calls to the
CSPRNG which makes it definitely smaller.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit is contained in:
Valerio Setti 2024-10-22 21:34:46 +02:00 committed by Anas Nashif
commit 08bd9c72bd
12 changed files with 16 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

6
tests/subsys/jwt/testcase.yaml
View file

@ -12,6 +12,9 @@ tests:
libraries.encoding.jwt.ecdsa.psa:
extra_configs:
- CONFIG_JWT_SIGN_ECDSA_PSA=y
# Explicitly select CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG because this
# is not automatically selected on platforms that do not have a CSPRNG
# source.
- CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG=y
- CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG_ALLOW_NON_CSPRNG=y
libraries.encoding.jwt.rsa.legacy:
@ -21,5 +24,8 @@ tests:
libraries.encoding.jwt.rsa.psa:
extra_configs:
- CONFIG_JWT_SIGN_RSA_PSA=y
# Explicitly select CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG because this
# is not automatically selected on platforms that do not have a CSPRNG
# source.
- CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG=y
- CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG_ALLOW_NON_CSPRNG=y