From e752eaf73a930651facfafcc5ac373cb66574a75 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 2 Jul 2024 15:47:22 +0200
Subject: [PATCH] Force MBEDTLS_PSA_HMAC_DRBG_MD_TYPE based on CTR_DRBG

If MBEDTLS_CTR_DRBG_C is enabled, force MBEDTLS_PSA_HMAC_DRBG_MD_TYPE to be
disabled. This resolves the former inconsistency in builds where
MBEDTLS_PSA_HMAC_DRBG_MD_TYPE is explicitly defined but MBEDTLS_CTR_DRBG_C
remains enabled, where PSA called the CTR_DRBG functions but other parts of
the code based assumed that HMAC was in use, in particular error code
conversions (leading to a test failure in test_suite_psa_crypto_init).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/psa_crypto_random_impl.h | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/library/psa_crypto_random_impl.h b/library/psa_crypto_random_impl.h
index 6150fee12..d47e057f9 100644
--- a/library/psa_crypto_random_impl.h
+++ b/library/psa_crypto_random_impl.h
@@ -39,13 +39,10 @@ int mbedtls_psa_get_random(void *p_rng,
 #else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 
 /* Choose a DRBG based on configuration and availability */
-#if defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE)
-
-#include "mbedtls/hmac_drbg.h"
-
-#elif defined(MBEDTLS_CTR_DRBG_C)
+#if defined(MBEDTLS_CTR_DRBG_C)
 
 #include "mbedtls/ctr_drbg.h"
+#undef MBEDTLS_PSA_HMAC_DRBG_MD_TYPE
 
 #elif defined(MBEDTLS_HMAC_DRBG_C)
 
@@ -67,9 +64,11 @@ int mbedtls_psa_get_random(void *p_rng,
 #error "No hash algorithm available for HMAC_DBRG."
 #endif
 
-#else
+#else /* !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C*/
+
 #error "No DRBG module available for the psa_crypto module."
-#endif
+
+#endif /* !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C*/
 
 #include "mbedtls/entropy.h"