Ensure the module is initialized in psa_generate_random
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index c3899bf..b0bbb16 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -2902,6 +2902,7 @@
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
*/
psa_status_t psa_generate_random(uint8_t *output,
size_t output_size);
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index dfbb680..01dbf3c 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -148,6 +148,10 @@
static psa_global_data_t global_data;
+#define GUARD_MODULE_INITIALIZED \
+ if( global_data.initialized == 0 ) \
+ return( PSA_ERROR_BAD_STATE );
+
static psa_status_t mbedtls_to_psa_error( int ret )
{
/* If there's both a high-level code and low-level code, dispatch on
@@ -3360,8 +3364,10 @@
psa_status_t psa_generate_random( uint8_t *output,
size_t output_size )
{
- int ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg,
- output, output_size );
+ int ret;
+ GUARD_MODULE_INITIALIZED;
+
+ ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg, output, output_size );
return( mbedtls_to_psa_error( ret ) );
}
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 01be797..202bd42 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -1178,3 +1178,6 @@
PSA generate key: ECC, SECP256R1, incorrect bit size
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_ANY:PSA_ERROR_INVALID_ARGUMENT
+
+PSA validate module initialization: random
+validate_module_init_generate_random:
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index e14b225..e4a776a 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3451,3 +3451,13 @@
mbedtls_psa_crypto_free( );
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void validate_module_init_generate_random( )
+{
+ psa_status_t status;
+ uint8_t random[10] = { 0 };
+ status = psa_generate_random( random, sizeof( random ) );
+ TEST_ASSERT( status == PSA_ERROR_BAD_STATE );
+}
+/* END_CASE */