commit e3dbdd8d908218c7b7c3c3a62babb658c5c8a2a4
author Gilles Peskine <Gilles.Peskine@arm.com> Mon Feb 25 11:04:06 2019 +0100
committer Gilles Peskine <Gilles.Peskine@arm.com> Fri Mar 15 11:15:21 2019 +0100
tree 1874901ca65dcc27f9c9d5d5c69efb522952ccf8
parent 6bf4baef953eac07516a5dc44f96846561e26438

Gate entropy injection through a dedicated configuration option

Entropy injection has specific testing requirements. Therefore it
should depend on a specific option.

library/psa_crypto_storage.c

diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index bda9c0c..6c2e865 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -391,4 +391,26 @@
     return( status );
 }
 
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+psa_status_t mbedtls_psa_storage_inject_entropy( const unsigned char *seed,
+                                                 size_t seed_size )
+{
+    psa_status_t status;
+    struct psa_storage_info_t p_info;
+
+    status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info );
+
+    if( PSA_ERROR_DOES_NOT_EXIST == status ) /* No seed exists */
+    {
+        status = psa_its_set( PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0 );
+    }
+    else if( PSA_SUCCESS == status )
+    {
+        /* You should not be here. Seed needs to be injected only once */
+        status = PSA_ERROR_NOT_PERMITTED;
+    }
+    return( status );
+}
+#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
+
 #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */