Make the fallback behavior of mbedtls_test_rnd_buffer_rand optional

If a fallback is not explicitly configured in the
mbedtls_test_rnd_buf_info structure, fail after the buffer is
exhausted.

There is no intended behavior change in this commit: all existing uses
of mbedtls_test_rnd_buffer_rand() have been updated to set
mbedtls_test_rnd_std_rand as the fallback.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

tests/include/test/random.h

@@ -36,8 +36,11 @@
 
 typedef struct
 {
-    unsigned char *buf;
+    unsigned char *buf; /* Pointer to a buffer of length bytes. */
     size_t length;
+    /* If fallback_f_rng is NULL, fail after delivering length bytes. */
+    int ( *fallback_f_rng )( void*, unsigned char *, size_t );
+    void *fallback_p_rng;
 } mbedtls_test_rnd_buf_info;
 
 /**
@@ -84,7 +87,9 @@ int mbedtls_test_rnd_zero_rand( void *rng_state,
  * the random function is specified by per_call. (Can be between
  * 1 and 4)
  *
- * After the buffer is empty it will return mbedtls_test_rnd_std_rand().
+ * After the buffer is empty, this function will call the fallback RNG in the
+ * #mbedtls_test_rnd_buf_info structure if there is one, and
+ * will return #MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise.
  */
 int mbedtls_test_rnd_buffer_rand( void *rng_state,
                                   unsigned char *output,

tests/src/random.c

@@ -35,6 +35,8 @@
 #include <test/random.h>
 #include <string.h>
 
+#include <mbedtls/entropy.h>
+
 int mbedtls_test_rnd_std_rand( void *rng_state,
                                unsigned char *output,
                                size_t len )
@@ -91,8 +93,16 @@ int mbedtls_test_rnd_buffer_rand( void *rng_state,
     }
 
     if( len - use_len > 0 )
-        return( mbedtls_test_rnd_std_rand( NULL, output + use_len,
+    {
+        if( info->fallback_f_rng != NULL )
+        {
+            return( info->fallback_f_rng( info->fallback_p_rng,
+                                          output + use_len,
                                           len - use_len ) );
+        }
+        else
+            return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+    }
 
     return( 0 );
 }

tests/suites/test_suite_ecdh.function

@@ -240,6 +240,8 @@ void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str,
 
     rnd_info_A.buf = rnd_buf_A->x;
     rnd_info_A.length = rnd_buf_A->len;
+    rnd_info_A.fallback_f_rng = mbedtls_test_rnd_std_rand;
+    rnd_info_A.fallback_p_rng = NULL;
 
     /* Fix rnd_buf_A->x by shifting it left if necessary */
     if( grp.nbits % 8 != 0 )
@@ -256,6 +258,8 @@ void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str,
 
     rnd_info_B.buf = rnd_buf_B->x;
     rnd_info_B.length = rnd_buf_B->len;
+    rnd_info_B.fallback_f_rng = mbedtls_test_rnd_std_rand;
+    rnd_info_B.fallback_p_rng = NULL;
 
     /* Fix rnd_buf_B->x by shifting it left if necessary */
     if( grp.nbits % 8 != 0 )
@@ -362,9 +366,13 @@ void ecdh_restart( int id, data_t *dA, data_t *dB, data_t *z,
     mbedtls_ecdh_init( &srv );
     mbedtls_ecdh_init( &cli );
 
+    rnd_info_A.fallback_f_rng = mbedtls_test_rnd_std_rand;
+    rnd_info_A.fallback_p_rng = NULL;
     rnd_info_A.buf = dA->x;
     rnd_info_A.length = dA->len;
 
+    rnd_info_B.fallback_f_rng = mbedtls_test_rnd_std_rand;
+    rnd_info_B.fallback_p_rng = NULL;
     rnd_info_B.buf = dB->x;
     rnd_info_B.length = dB->len;
 

tests/suites/test_suite_ecdsa.function

@@ -292,6 +292,8 @@ void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str,
     TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 );
+    rnd_info.fallback_f_rng = mbedtls_test_rnd_std_rand;
+    rnd_info.fallback_p_rng = NULL;
     rnd_info.buf = rnd_buf->x;
     rnd_info.length = rnd_buf->len;
 

tests/suites/test_suite_pkcs1_v15.function

@@ -19,6 +19,8 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N,
     mbedtls_test_rnd_buf_info info;
     mbedtls_mpi N, E;
 
+    info.fallback_f_rng = mbedtls_test_rnd_std_rand;
+    info.fallback_p_rng = NULL;
     info.buf = rnd_buf->x;
     info.length = rnd_buf->len;
 
@@ -268,6 +270,8 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q,
     mbedtls_mpi N, P, Q, E;
     mbedtls_test_rnd_buf_info info;
 
+    info.fallback_f_rng = mbedtls_test_rnd_std_rand;
+    info.fallback_p_rng = NULL;
     info.buf = rnd_buf->x;
     info.length = rnd_buf->len;
 

tests/suites/test_suite_pkcs1_v21.function

@@ -18,6 +18,8 @@ void pkcs1_rsaes_oaep_encrypt( int mod, data_t * input_N, data_t * input_E,
     mbedtls_test_rnd_buf_info info;
     mbedtls_mpi N, E;
 
+    info.fallback_f_rng = mbedtls_test_rnd_std_rand;
+    info.fallback_p_rng = NULL;
     info.buf = rnd_buf->x;
     info.length = rnd_buf->len;
 
@@ -122,6 +124,8 @@ void pkcs1_rsassa_pss_sign( int mod, data_t * input_P, data_t * input_Q,
     mbedtls_test_rnd_buf_info info;
     mbedtls_mpi N, P, Q, E;
 
+    info.fallback_f_rng = mbedtls_test_rnd_std_rand;
+    info.fallback_p_rng = NULL;
     info.buf = rnd_buf->x;
     info.length = rnd_buf->len;