Skip to content

Remove use of DRBG modules from sample programs #10546

New issue
New issue
Open
Task
#10551
Open
Remove use of DRBG modules from sample programs#10546
Task
#10551
Assignees
bjwtaylor
Labels
size-sEstimated task size: small (~2d)
@mpg

Description

@mpg
mpg
opened on Dec 19, 2025

Most of our sample programs still use the old pattern of directly using entropy and drbg modules. These days, they're supposed to just call psa_crypto_init() and then use the PSA RNG:

  • either directly with psa_generate_random();
  • or indirectly via mbedtls_psa_get_random() for functions that need an RNG callback.

Programs under test (selftests, benchmark) are an exception: they're allowed to still use drbg for the purpose of directly testing/benchmarking it.

Target programs (might want to split into 1 PR per directory if doing all in one go is a bit much for a single PR):

  • ssl
  • x509
  • fuzz (one occurrence in the crypto repo too)

If entropy and drbg were the only internal thing used, also remove #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS from the program while at it. If they were not the only thing, ideally create a follow-up issue about what remains.

Metadata

Metadata

Assignees

Labels

size-sEstimated task size: small (~2d)

Type

Task

Projects

1.1/4.1 LTS planning

Status

Implementation in progress

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions