Remove Deprecated Items From Sample Programs

Remove the drbg module and entropy functions from the sample programs as these are
now handled by their PSA equivalents

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>

programs/fuzz/fuzz_client.c

@@ -1,8 +1,4 @@
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include "mbedtls/ssl.h"
-#include "mbedtls/private/entropy.h"
-#include "mbedtls/private/ctr_drbg.h"
 #include "test/certs.h"
 #include "fuzz_common.h"
 #include <string.h>
@@ -10,9 +6,7 @@
 #include <stdint.h>
 
 
-#if defined(MBEDTLS_SSL_CLI_C) && \
+#if defined(MBEDTLS_SSL_CLI_C)
-    defined(MBEDTLS_ENTROPY_C) && \
-    defined(MBEDTLS_CTR_DRBG_C)
 static int initialized = 0;
 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
 static mbedtls_x509_crt cacert;
@@ -29,20 +23,16 @@ const char psk_id[] = "Client_identity";
 #endif
 
 const char *pers = "fuzz_client";
-#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+#endif /* MBEDTLS_SSL_CLI_C */
 
 
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
 {
-#if defined(MBEDTLS_SSL_CLI_C) && \
+#if defined(MBEDTLS_SSL_CLI_C)
-    defined(MBEDTLS_ENTROPY_C) && \
-    defined(MBEDTLS_CTR_DRBG_C)
     int ret;
     size_t len;
     mbedtls_ssl_context ssl;
     mbedtls_ssl_config conf;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    mbedtls_entropy_context entropy;
     unsigned char buf[4096];
     fuzzBufferOffset_t biomemfuzz;
     uint16_t options;
@@ -75,19 +65,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
 
     mbedtls_ssl_init(&ssl);
     mbedtls_ssl_config_init(&conf);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-    mbedtls_entropy_init(&entropy);
 
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         goto exit;
     }
 
-    if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
-                              (const unsigned char *) pers, strlen(pers)) != 0) {
-        goto exit;
-    }
-
     if (mbedtls_ssl_config_defaults(&conf,
                                     MBEDTLS_SSL_IS_CLIENT,
                                     MBEDTLS_SSL_TRANSPORT_STREAM,
@@ -173,8 +156,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
     }
 
 exit:
-    mbedtls_entropy_free(&entropy);
-    mbedtls_ctr_drbg_free(&ctr_drbg);
     mbedtls_ssl_config_free(&conf);
     mbedtls_ssl_free(&ssl);
     mbedtls_psa_crypto_free();
@@ -182,7 +163,7 @@ exit:
 #else
     (void) Data;
     (void) Size;
-#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+#endif /* MBEDTLS_SSL_CLI_C */
 
     return 0;
 }

programs/fuzz/fuzz_dtlsclient.c

@@ -1,19 +1,13 @@
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include <string.h>
 #include <stdlib.h>
 #include <stdint.h>
 #include "fuzz_common.h"
 #include "mbedtls/ssl.h"
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-#include "mbedtls/private/entropy.h"
-#include "mbedtls/private/ctr_drbg.h"
 #include "mbedtls/timing.h"
 #include "test/certs.h"
 
 #if defined(MBEDTLS_SSL_CLI_C) && \
-    defined(MBEDTLS_ENTROPY_C) && \
-    defined(MBEDTLS_CTR_DRBG_C) && \
     defined(MBEDTLS_TIMING_C)
 static int initialized = 0;
 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
@@ -30,15 +24,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
 {
 #if defined(MBEDTLS_SSL_PROTO_DTLS) && \
     defined(MBEDTLS_SSL_CLI_C) && \
-    defined(MBEDTLS_ENTROPY_C) && \
-    defined(MBEDTLS_CTR_DRBG_C) && \
     defined(MBEDTLS_TIMING_C)
     int ret;
     size_t len;
     mbedtls_ssl_context ssl;
     mbedtls_ssl_config conf;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    mbedtls_entropy_context entropy;
     mbedtls_timing_delay_context timer;
     unsigned char buf[4096];
     fuzzBufferOffset_t biomemfuzz;
@@ -58,19 +48,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
 
     mbedtls_ssl_init(&ssl);
     mbedtls_ssl_config_init(&conf);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-    mbedtls_entropy_init(&entropy);
 
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         goto exit;
     }
 
-    if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
-                              (const unsigned char *) pers, strlen(pers)) != 0) {
-        goto exit;
-    }
-
     if (mbedtls_ssl_config_defaults(&conf,
                                     MBEDTLS_SSL_IS_CLIENT,
                                     MBEDTLS_SSL_TRANSPORT_DATAGRAM,
@@ -118,8 +101,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
     }
 
 exit:
-    mbedtls_entropy_free(&entropy);
-    mbedtls_ctr_drbg_free(&ctr_drbg);
     mbedtls_ssl_config_free(&conf);
     mbedtls_ssl_free(&ssl);
     mbedtls_psa_crypto_free();

programs/fuzz/fuzz_dtlsserver.c

@@ -1,5 +1,3 @@
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include <string.h>
 #include <stdlib.h>
 #include <stdint.h>
@@ -7,14 +5,10 @@
 #include "mbedtls/ssl.h"
 #include "test/certs.h"
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-#include "mbedtls/private/entropy.h"
-#include "mbedtls/private/ctr_drbg.h"
 #include "mbedtls/timing.h"
 #include "mbedtls/ssl_cookie.h"
 
 #if defined(MBEDTLS_SSL_SRV_C) && \
-    defined(MBEDTLS_ENTROPY_C) && \
-    defined(MBEDTLS_CTR_DRBG_C) && \
     defined(MBEDTLS_TIMING_C) && \
     (defined(PSA_WANT_ALG_SHA_384) || \
     defined(PSA_WANT_ALG_SHA_256))
@@ -32,8 +26,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
 {
 #if defined(MBEDTLS_SSL_PROTO_DTLS) && \
     defined(MBEDTLS_SSL_SRV_C) && \
-    defined(MBEDTLS_ENTROPY_C) && \
-    defined(MBEDTLS_CTR_DRBG_C) && \
     defined(MBEDTLS_TIMING_C) && \
     (defined(PSA_WANT_ALG_SHA_384) || \
     defined(PSA_WANT_ALG_SHA_256))
@@ -41,15 +33,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
     size_t len;
     mbedtls_ssl_context ssl;
     mbedtls_ssl_config conf;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    mbedtls_entropy_context entropy;
     mbedtls_timing_delay_context timer;
     mbedtls_ssl_cookie_ctx cookie_ctx;
     unsigned char buf[4096];
     fuzzBufferOffset_t biomemfuzz;
 
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-    mbedtls_entropy_init(&entropy);
 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
     mbedtls_x509_crt_init(&srvcert);
     mbedtls_pk_init(&pkey);
@@ -63,11 +51,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
         goto exit;
     }
 
-    if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
-                              (const unsigned char *) pers, strlen(pers)) != 0) {
-        goto exit;
-    }
-
     if (initialized == 0) {
 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
 
@@ -156,12 +139,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
 
 exit:
     mbedtls_ssl_cookie_free(&cookie_ctx);
-    mbedtls_entropy_free(&entropy);
 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
     mbedtls_pk_free(&pkey);
     mbedtls_x509_crt_free(&srvcert);
 #endif
-    mbedtls_ctr_drbg_free(&ctr_drbg);
     mbedtls_ssl_config_free(&conf);
     mbedtls_ssl_free(&ssl);
     mbedtls_psa_crypto_free();

programs/fuzz/fuzz_pkcs7.c

@@ -1,5 +1,3 @@
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include <stdint.h>
 #include "mbedtls/pkcs7.h"
 #include "fuzz_common.h"

programs/fuzz/fuzz_server.c

@@ -1,8 +1,4 @@
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include "mbedtls/ssl.h"
-#include "mbedtls/private/entropy.h"
-#include "mbedtls/private/ctr_drbg.h"
 #include "mbedtls/ssl_ticket.h"
 #include "test/certs.h"
 #include "fuzz_common.h"
@@ -11,9 +7,7 @@
 #include <stdint.h>
 
 
-#if defined(MBEDTLS_SSL_SRV_C) && \
+#if defined(MBEDTLS_SSL_SRV_C)
-    defined(MBEDTLS_ENTROPY_C) && \
-    defined(MBEDTLS_CTR_DRBG_C)
 const char *pers = "fuzz_server";
 static int initialized = 0;
 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
@@ -29,20 +23,16 @@ const unsigned char psk[] = {
 };
 const char psk_id[] = "Client_identity";
 #endif
-#endif // MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C
+#endif // MBEDTLS_SSL_SRV_C
 
 
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
 {
-#if defined(MBEDTLS_SSL_SRV_C) && \
+#if defined(MBEDTLS_SSL_SRV_C)
-    defined(MBEDTLS_ENTROPY_C) && \
-    defined(MBEDTLS_CTR_DRBG_C)
     int ret;
     size_t len;
     mbedtls_ssl_context ssl;
     mbedtls_ssl_config conf;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    mbedtls_entropy_context entropy;
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
     mbedtls_ssl_ticket_context ticket_ctx;
 #endif
@@ -56,8 +46,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
     }
     options = Data[Size - 1];
 
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-    mbedtls_entropy_init(&entropy);
 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
     mbedtls_x509_crt_init(&srvcert);
     mbedtls_pk_init(&pkey);
@@ -72,11 +60,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
         goto exit;
     }
 
-    if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
-                              (const unsigned char *) pers, strlen(pers)) != 0) {
-        return 1;
-    }
-
     if (initialized == 0) {
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
@@ -193,8 +176,6 @@ exit:
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
     mbedtls_ssl_ticket_free(&ticket_ctx);
 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */
-    mbedtls_entropy_free(&entropy);
-    mbedtls_ctr_drbg_free(&ctr_drbg);
     mbedtls_ssl_config_free(&conf);
 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
     mbedtls_x509_crt_free(&srvcert);
@@ -202,10 +183,10 @@ exit:
 #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_PEM_PARSE_C */
     mbedtls_ssl_free(&ssl);
     mbedtls_psa_crypto_free();
-#else /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+#else /* MBEDTLS_SSL_SRV_C */
     (void) Data;
     (void) Size;
-#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+#endif /* MBEDTLS_SSL_SRV_C */
 
     return 0;
 }

programs/fuzz/fuzz_x509crl.c

@@ -1,5 +1,3 @@
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include <stdint.h>
 #include "mbedtls/x509_crl.h"
 #include "fuzz_common.h"

programs/fuzz/fuzz_x509crt.c

@@ -1,5 +1,3 @@
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include <stdint.h>
 #include "mbedtls/x509_crt.h"
 #include "fuzz_common.h"

programs/fuzz/fuzz_x509csr.c

@@ -1,5 +1,3 @@
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include <stdint.h>
 #include "mbedtls/x509_csr.h"
 #include "fuzz_common.h"

programs/ssl/dtls_client.c

@@ -5,20 +5,16 @@
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include "mbedtls/build_info.h"
 
 #include "mbedtls/platform.h"
 
-#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) ||      \
+#if !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) ||           \
-    !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) ||           \
     !defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) ||   \
     !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
 int main(void)
 {
-    mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+    mbedtls_printf("MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or "
-                   "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or "
                    "MBEDTLS_TIMING_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
                    "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
                    "not defined.\n");
@@ -31,8 +27,6 @@ int main(void)
 #include "mbedtls/net_sockets.h"
 #include "mbedtls/debug.h"
 #include "mbedtls/ssl.h"
-#include "mbedtls/private/entropy.h"
-#include "mbedtls/private/ctr_drbg.h"
 #include "mbedtls/error.h"
 #include "mbedtls/timing.h"
 #include "test/certs.h"
@@ -73,11 +67,8 @@ int main(int argc, char *argv[])
     mbedtls_net_context server_fd;
     uint32_t flags;
     unsigned char buf[1024];
-    const char *pers = "dtls_client";
     int retry_left = MAX_RETRY;
 
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
     mbedtls_ssl_context ssl;
     mbedtls_ssl_config conf;
     mbedtls_x509_crt cacert;
@@ -97,8 +88,6 @@ int main(int argc, char *argv[])
     mbedtls_ssl_init(&ssl);
     mbedtls_ssl_config_init(&conf);
     mbedtls_x509_crt_init(&cacert);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-    mbedtls_entropy_init(&entropy);
 
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
@@ -111,13 +100,6 @@ int main(int argc, char *argv[])
     mbedtls_printf("\n  . Seeding the random number generator...");
     fflush(stdout);
 
-    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                     (const unsigned char *) pers,
-                                     strlen(pers))) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret);
-        goto exit;
-    }
-
     mbedtls_printf(" ok\n");
 
     /*
@@ -322,8 +304,6 @@ exit:
     mbedtls_x509_crt_free(&cacert);
     mbedtls_ssl_free(&ssl);
     mbedtls_ssl_config_free(&conf);
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
     mbedtls_psa_crypto_free();
 
     /* Shell can not handle large exit numbers -> 1 for errors */

programs/ssl/dtls_server.c

@@ -5,8 +5,6 @@
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include "mbedtls/build_info.h"
 
 #include "mbedtls/platform.h"
@@ -20,15 +18,13 @@
 #define BIND_IP     "::"
 #endif
 
-#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) ||      \
+#if !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) ||           \
-    !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) ||           \
     !defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) ||   \
     !defined(MBEDTLS_SSL_COOKIE_C) ||                                   \
     !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
 int main(void)
 {
-    mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+    mbedtls_printf("MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
-                   "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
                    "MBEDTLS_TIMING_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
                    "MBEDTLS_SSL_COOKIE_C and/or "
                    "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
@@ -45,8 +41,6 @@ int main(void)
 #include <stdlib.h>
 #include <stdio.h>
 
-#include "mbedtls/private/entropy.h"
-#include "mbedtls/private/ctr_drbg.h"
 #include "mbedtls/x509.h"
 #include "mbedtls/ssl.h"
 #include "mbedtls/ssl_cookie.h"
@@ -80,13 +74,10 @@ int main(void)
     int ret, len;
     mbedtls_net_context listen_fd, client_fd;
     unsigned char buf[1024];
-    const char *pers = "dtls_server";
     unsigned char client_ip[16] = { 0 };
     size_t cliip_len;
     mbedtls_ssl_cookie_ctx cookie_ctx;
 
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
     mbedtls_ssl_context ssl;
     mbedtls_ssl_config conf;
     mbedtls_x509_crt srvcert;
@@ -106,8 +97,6 @@ int main(void)
 #endif
     mbedtls_x509_crt_init(&srvcert);
     mbedtls_pk_init(&pkey);
-    mbedtls_entropy_init(&entropy);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
 
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
@@ -127,13 +116,6 @@ int main(void)
     printf("  . Seeding the random number generator...");
     fflush(stdout);
 
-    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                     (const unsigned char *) pers,
-                                     strlen(pers))) != 0) {
-        printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret);
-        goto exit;
-    }
-
     printf(" ok\n");
 
     /*
@@ -392,8 +374,6 @@ exit:
 #if defined(MBEDTLS_SSL_CACHE_C)
     mbedtls_ssl_cache_free(&cache);
 #endif
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
     mbedtls_psa_crypto_free();
 
     /* Shell can not handle large exit numbers -> 1 for errors */

programs/ssl/mini_client.c

@@ -6,8 +6,6 @@
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include "mbedtls/build_info.h"
 
 #include "mbedtls/platform.h"
@@ -26,14 +24,12 @@
 #define UNIX
 #endif
 
-#if !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_ENTROPY_C) || \
+#if !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \
-    !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \
     !defined(UNIX)
 
 int main(void)
 {
-    mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or "
+    mbedtls_printf("MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX "
-                   "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX "
                    "not defined.\n");
     mbedtls_exit(0);
 }
@@ -43,8 +39,6 @@ int main(void)
 
 #include "mbedtls/net_sockets.h"
 #include "mbedtls/ssl.h"
-#include "mbedtls/private/entropy.h"
-#include "mbedtls/private/ctr_drbg.h"
 
 #include <sys/socket.h>
 #include <netinet/in.h>
@@ -129,7 +123,6 @@ const unsigned char ca_cert[] = {
 
 enum exit_codes {
     exit_ok = 0,
-    ctr_drbg_seed_failed,
     ssl_config_defaults_failed,
     ssl_setup_failed,
     hostname_failed,
@@ -150,11 +143,8 @@ int main(void)
     mbedtls_x509_crt ca;
 #endif
 
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
     mbedtls_ssl_context ssl;
     mbedtls_ssl_config conf;
-    mbedtls_ctr_drbg_init(&ctr_drbg);
 
     /*
      * 0. Initialize and setup stuff
@@ -165,7 +155,6 @@ int main(void)
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
     mbedtls_x509_crt_init(&ca);
 #endif
-    mbedtls_entropy_init(&entropy);
 
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
@@ -173,12 +162,6 @@ int main(void)
         goto exit;
     }
 
-    if (mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                              (const unsigned char *) pers, strlen(pers)) != 0) {
-        ret = ctr_drbg_seed_failed;
-        goto exit;
-    }
-
     if (mbedtls_ssl_config_defaults(&conf,
                                     MBEDTLS_SSL_IS_CLIENT,
                                     MBEDTLS_SSL_TRANSPORT_STREAM,
@@ -258,8 +241,6 @@ exit:
     mbedtls_net_free(&server_fd);
     mbedtls_ssl_free(&ssl);
     mbedtls_ssl_config_free(&conf);
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
     mbedtls_x509_crt_free(&ca);
 #endif

programs/ssl/ssl_client1.c

@@ -5,8 +5,6 @@
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include "mbedtls/build_info.h"
 
 #include "mbedtls/platform.h"
@@ -27,8 +25,6 @@ int main(void)
 #include "mbedtls/net_sockets.h"
 #include "mbedtls/debug.h"
 #include "mbedtls/ssl.h"
-#include "mbedtls/private/entropy.h"
-#include "mbedtls/private/ctr_drbg.h"
 #include "mbedtls/error.h"
 #include "test/certs.h"
 
@@ -58,10 +54,7 @@ int main(void)
     mbedtls_net_context server_fd;
     uint32_t flags;
     unsigned char buf[1024];
-    const char *pers = "ssl_client1";
 
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
     mbedtls_ssl_context ssl;
     mbedtls_ssl_config conf;
     mbedtls_x509_crt cacert;
@@ -77,8 +70,6 @@ int main(void)
     mbedtls_ssl_init(&ssl);
     mbedtls_ssl_config_init(&conf);
     mbedtls_x509_crt_init(&cacert);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-    mbedtls_entropy_init(&entropy);
 
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
@@ -91,13 +82,6 @@ int main(void)
     fflush(stdout);
 
 
-    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                     (const unsigned char *) pers,
-                                     strlen(pers))) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret);
-        goto exit;
-    }
-
     mbedtls_printf(" ok\n");
 
     /*
@@ -276,8 +260,6 @@ exit:
     mbedtls_x509_crt_free(&cacert);
     mbedtls_ssl_free(&ssl);
     mbedtls_ssl_config_free(&conf);
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
     mbedtls_psa_crypto_free();
 
     mbedtls_exit(exit_code);

programs/ssl/ssl_client2.c

@@ -877,7 +877,7 @@ int main(int argc, char *argv[])
     mbedtls_ssl_init(&ssl);
     mbedtls_ssl_config_init(&conf);
     mbedtls_ssl_session_init(&saved_session);
-    rng_init(&rng);
+    psa_crypto_init();
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
     mbedtls_x509_crt_init(&cacert);
     mbedtls_x509_crt_init(&clicert);
@@ -3213,13 +3213,7 @@ exit:
         mbedtls_printf("PSA memory leak detected: %s\n",  message);
     }
 
-    /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
-     * resources are freed by rng_free(). */
-#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
     mbedtls_psa_crypto_free();
-#endif
-
-    rng_free(&rng);
 
 #if defined(MBEDTLS_TEST_HOOKS)
     if (test_hooks_failure_detected()) {

programs/ssl/ssl_context_info.c

@@ -5,8 +5,6 @@
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include "mbedtls/build_info.h"
 #include "mbedtls/debug.h"
 #include "mbedtls/platform.h"

programs/ssl/ssl_fork_server.c

@@ -5,19 +5,15 @@
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include "mbedtls/build_info.h"
 
 #include "mbedtls/platform.h"
 
-#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) ||      \
+#if !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) ||           \
-    !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) ||           \
     !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
 int main(void)
 {
-    mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+    mbedtls_printf("MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
-                   "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
                    "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
                    "not defined.\n");
     mbedtls_exit(0);
@@ -31,8 +27,6 @@ int main(void)
 }
 #else
 
-#include "mbedtls/private/entropy.h"
-#include "mbedtls/private/ctr_drbg.h"
 #include "test/certs.h"
 #include "mbedtls/x509.h"
 #include "mbedtls/ssl.h"
@@ -70,10 +64,7 @@ int main(void)
     int exit_code = MBEDTLS_EXIT_FAILURE;
     mbedtls_net_context listen_fd, client_fd;
     unsigned char buf[1024];
-    const char *pers = "ssl_fork_server";
 
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
     mbedtls_ssl_context ssl;
     mbedtls_ssl_config conf;
     mbedtls_x509_crt srvcert;
@@ -83,10 +74,8 @@ int main(void)
     mbedtls_net_init(&client_fd);
     mbedtls_ssl_init(&ssl);
     mbedtls_ssl_config_init(&conf);
-    mbedtls_entropy_init(&entropy);
     mbedtls_pk_init(&pkey);
     mbedtls_x509_crt_init(&srvcert);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
 
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
@@ -103,13 +92,6 @@ int main(void)
     mbedtls_printf("\n  . Initial seeding of the random generator...");
     fflush(stdout);
 
-    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                     (const unsigned char *) pers,
-                                     strlen(pers))) != 0) {
-        mbedtls_printf(" failed!  mbedtls_ctr_drbg_seed returned %d\n\n", ret);
-        goto exit;
-    }
-
     mbedtls_printf(" ok\n");
 
     /*
@@ -218,13 +200,6 @@ int main(void)
             mbedtls_net_close(&client_fd);
             fflush(stdout);
 
-            if ((ret = mbedtls_ctr_drbg_reseed(&ctr_drbg,
-                                               (const unsigned char *) "parent",
-                                               6)) != 0) {
-                mbedtls_printf(" failed!  mbedtls_ctr_drbg_reseed returned %d\n\n", ret);
-                goto exit;
-            }
-
             continue;
         }
 
@@ -238,15 +213,6 @@ int main(void)
         mbedtls_printf("pid %d: Setting up the SSL data.\n", pid);
         fflush(stdout);
 
-        if ((ret = mbedtls_ctr_drbg_reseed(&ctr_drbg,
-                                           (const unsigned char *) "child",
-                                           5)) != 0) {
-            mbedtls_printf(
-                "pid %d: SSL setup failed!  mbedtls_ctr_drbg_reseed returned %d\n\n",
-                pid, ret);
-            goto exit;
-        }
-
         if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
             mbedtls_printf(
                 "pid %d: SSL setup failed!  mbedtls_ssl_setup returned %d\n\n",
@@ -364,13 +330,11 @@ exit:
     mbedtls_pk_free(&pkey);
     mbedtls_ssl_free(&ssl);
     mbedtls_ssl_config_free(&conf);
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
     mbedtls_psa_crypto_free();
 
     mbedtls_exit(exit_code);
 }
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
+#endif /* MBEDTLS_BIGNUM_C &&
           MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
-          MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_PARSE_C &&
+          MBEDTLS_RSA_C && MBEDTLS_PEM_PARSE_C &&
           ! _WIN32 */

programs/ssl/ssl_mail_client.c

@@ -11,7 +11,6 @@
 
 #define _POSIX_C_SOURCE 200112L
 #define _XOPEN_SOURCE 600
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
 
 
 #include "mbedtls/build_info.h"
@@ -21,14 +20,14 @@
 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) ||  \
     !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
     !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) ||         \
-    !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
+    !defined(MBEDTLS_X509_CRT_PARSE_C) || \
     !defined(MBEDTLS_FS_IO)
 int main(void)
 {
     mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
                    "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
                    "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
-                   "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
+                   "and/or MBEDTLS_X509_CRT_PARSE_C "
                    "not defined.\n");
     mbedtls_exit(0);
 }
@@ -38,8 +37,6 @@ int main(void)
 #include "mbedtls/error.h"
 #include "mbedtls/net_sockets.h"
 #include "mbedtls/ssl.h"
-#include "mbedtls/private/entropy.h"
-#include "mbedtls/private/ctr_drbg.h"
 #include "test/certs.h"
 #include "mbedtls/x509.h"
 
@@ -334,10 +331,7 @@ int main(int argc, char *argv[])
     unsigned char buf[1024];
 #endif
     char hostname[32];
-    const char *pers = "ssl_mail_client";
 
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
     mbedtls_ssl_context ssl;
     mbedtls_ssl_config conf;
     mbedtls_x509_crt cacert;
@@ -358,8 +352,6 @@ int main(int argc, char *argv[])
     mbedtls_x509_crt_init(&cacert);
     mbedtls_x509_crt_init(&clicert);
     mbedtls_pk_init(&pkey);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-    mbedtls_entropy_init(&entropy);
 
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
@@ -456,13 +448,6 @@ usage:
     mbedtls_printf("\n  . Seeding the random number generator...");
     fflush(stdout);
 
-    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                     (const unsigned char *) pers,
-                                     strlen(pers))) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret);
-        goto exit;
-    }
-
     mbedtls_printf(" ok\n");
 
     /*
@@ -800,12 +785,9 @@ exit:
     mbedtls_pk_free(&pkey);
     mbedtls_ssl_free(&ssl);
     mbedtls_ssl_config_free(&conf);
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
     mbedtls_psa_crypto_free();
 
     mbedtls_exit(exit_code);
 }
 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
-          MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C **
+          MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C */
-          MBEDTLS_CTR_DRBG_C */

programs/ssl/ssl_pthread_server.c

@@ -6,19 +6,15 @@
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include "mbedtls/build_info.h"
 
 #include "mbedtls/platform.h"
 
-#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) ||      \
+#if !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) ||           \
-    !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) ||           \
     !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
 int main(void)
 {
-    mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+    mbedtls_printf("MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
-                   "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
                    "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
                    "not defined.\n");
     mbedtls_exit(0);
@@ -38,8 +34,6 @@ int main(void)
 #include <windows.h>
 #endif
 
-#include "mbedtls/private/entropy.h"
-#include "mbedtls/private/ctr_drbg.h"
 #include "mbedtls/x509.h"
 #include "mbedtls/ssl.h"
 #include "mbedtls/net_sockets.h"
@@ -288,10 +282,7 @@ int main(void)
 {
     int ret;
     mbedtls_net_context listen_fd, client_fd;
-    const char pers[] = "ssl_pthread_server";
 
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
     mbedtls_ssl_config conf;
     mbedtls_x509_crt srvcert;
     mbedtls_x509_crt cachain;
@@ -315,7 +306,6 @@ int main(void)
     mbedtls_x509_crt_init(&cachain);
 
     mbedtls_ssl_config_init(&conf);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
     memset(threads, 0, sizeof(threads));
     mbedtls_net_init(&listen_fd);
     mbedtls_net_init(&client_fd);
@@ -324,11 +314,6 @@ int main(void)
 
     base_info.config = &conf;
 
-    /*
-     * We use only a single entropy source that is used in all the threads.
-     */
-    mbedtls_entropy_init(&entropy);
-
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
@@ -342,14 +327,6 @@ int main(void)
      */
     mbedtls_printf("  . Seeding the random number generator...");
 
-    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                     (const unsigned char *) pers,
-                                     strlen(pers))) != 0) {
-        mbedtls_printf(" failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
-                       (unsigned int) -ret);
-        goto exit;
-    }
-
     mbedtls_printf(" ok\n");
 
     /*
@@ -474,8 +451,6 @@ exit:
 #if defined(MBEDTLS_SSL_CACHE_C)
     mbedtls_ssl_cache_free(&cache);
 #endif
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
     mbedtls_ssl_config_free(&conf);
     mbedtls_net_free(&listen_fd);
     mbedtls_mutex_free(&debug_mutex);

programs/ssl/ssl_server.c

@@ -5,19 +5,15 @@
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include "mbedtls/build_info.h"
 
 #include "mbedtls/platform.h"
 
-#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) ||      \
+#if !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) ||           \
-    !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) ||           \
     !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
 int main(void)
 {
-    mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+    mbedtls_printf("MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
-                   "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or "
                    "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
                    "not defined.\n");
     mbedtls_exit(0);
@@ -31,8 +27,6 @@ int main(void)
 #include <windows.h>
 #endif
 
-#include "mbedtls/private/entropy.h"
-#include "mbedtls/private/ctr_drbg.h"
 #include "mbedtls/x509.h"
 #include "mbedtls/ssl.h"
 #include "mbedtls/net_sockets.h"
@@ -67,10 +61,7 @@ int main(void)
     int ret, len;
     mbedtls_net_context listen_fd, client_fd;
     unsigned char buf[1024];
-    const char *pers = "ssl_server";
 
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
     mbedtls_ssl_context ssl;
     mbedtls_ssl_config conf;
     mbedtls_x509_crt srvcert;
@@ -88,8 +79,6 @@ int main(void)
 #endif
     mbedtls_x509_crt_init(&srvcert);
     mbedtls_pk_init(&pkey);
-    mbedtls_entropy_init(&entropy);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
 
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
@@ -109,13 +98,6 @@ int main(void)
     mbedtls_printf("  . Seeding the random number generator...");
     fflush(stdout);
 
-    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                     (const unsigned char *) pers,
-                                     strlen(pers))) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret);
-        goto exit;
-    }
-
     mbedtls_printf(" ok\n");
 
     /*
@@ -346,8 +328,6 @@ exit:
 #if defined(MBEDTLS_SSL_CACHE_C)
     mbedtls_ssl_cache_free(&cache);
 #endif
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
     mbedtls_psa_crypto_free();
 
     mbedtls_exit(ret);

programs/ssl/ssl_server2.c

@@ -1631,7 +1631,7 @@ int main(int argc, char *argv[])
     mbedtls_net_init(&listen_fd);
     mbedtls_ssl_init(&ssl);
     mbedtls_ssl_config_init(&conf);
-    rng_init(&rng);
+    psa_crypto_init();
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
     mbedtls_x509_crt_init(&cacert);
     mbedtls_x509_crt_init(&srvcert);
@@ -4257,14 +4257,7 @@ exit:
         mbedtls_printf("PSA memory leak detected: %s\n",  message);
     }
 
-    /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
-     * resources are freed by rng_free(). */
-#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
     mbedtls_psa_crypto_free();
-#endif
-
-    rng_free(&rng);
-
     mbedtls_free(buf);
 
 #if defined(MBEDTLS_TEST_HOOKS)

programs/ssl/ssl_test_lib.c

@@ -46,41 +46,6 @@ mbedtls_time_t dummy_constant_time(mbedtls_time_t *time)
 }
 #endif
 
-#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
-static int dummy_entropy(void *data, unsigned char *output, size_t len)
-{
-    size_t i;
-    int ret;
-    (void) data;
-
-    ret = mbedtls_entropy_func(data, output, len);
-    for (i = 0; i < len; i++) {
-        //replace result with pseudo random
-        output[i] = (unsigned char) rand();
-    }
-    return ret;
-}
-#endif
-
-void rng_init(rng_context_t *rng)
-{
-#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
-    (void) rng;
-    psa_crypto_init();
-#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
-
-#if defined(MBEDTLS_CTR_DRBG_C)
-    mbedtls_ctr_drbg_init(&rng->drbg);
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-    mbedtls_hmac_drbg_init(&rng->drbg);
-#else
-#error "No DRBG available"
-#endif
-
-    mbedtls_entropy_init(&rng->entropy);
-#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
-}
-
 int rng_seed(rng_context_t *rng, int reproducible, const char *pers)
 {
     if (reproducible) {
@@ -88,7 +53,6 @@ int rng_seed(rng_context_t *rng, int reproducible, const char *pers)
                         "reproducible mode is not supported.\n");
         return -1;
     }
-#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
     /* The PSA crypto RNG does its own seeding. */
     (void) rng;
     (void) pers;
@@ -98,86 +62,13 @@ int rng_seed(rng_context_t *rng, int reproducible, const char *pers)
         return -1;
     }
     return 0;
-#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
-    int (*f_entropy)(void *, unsigned char *, size_t) =
-        (reproducible ? dummy_entropy : mbedtls_entropy_func);
-
-    if (reproducible) {
-        srand(1);
-    }
-
-#if defined(MBEDTLS_CTR_DRBG_C)
-    int ret = mbedtls_ctr_drbg_seed(&rng->drbg,
-                                    f_entropy, &rng->entropy,
-                                    (const unsigned char *) pers,
-                                    strlen(pers));
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-#if defined(PSA_WANT_ALG_SHA_256)
-    const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA256;
-#elif defined(PSA_WANT_ALG_SHA_512)
-    const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA512;
-#else
-#error "No message digest available for HMAC_DRBG"
-#endif
-    int ret = mbedtls_hmac_drbg_seed(&rng->drbg,
-                                     mbedtls_md_info_from_type(md_type),
-                                     f_entropy, &rng->entropy,
-                                     (const unsigned char *) pers,
-                                     strlen(pers));
-#else /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */
-#error "No DRBG available"
-#endif /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */
-
-    if (ret != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned -0x%x\n",
-                       (unsigned int) -ret);
-        return ret;
-    }
-#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
-
-    return 0;
-}
-
-void rng_free(rng_context_t *rng)
-{
-#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
-    (void) rng;
-    /* Deinitialize the PSA crypto subsystem. This deactivates all PSA APIs.
-     * This is ok because none of our applications try to do any crypto after
-     * deinitializing the RNG. */
-    mbedtls_psa_crypto_free();
-#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
-
-#if defined(MBEDTLS_CTR_DRBG_C)
-    mbedtls_ctr_drbg_free(&rng->drbg);
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-    mbedtls_hmac_drbg_free(&rng->drbg);
-#else
-#error "No DRBG available"
-#endif
-
-    mbedtls_entropy_free(&rng->entropy);
-#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
 }
 
 int rng_get(void *p_rng, unsigned char *output, size_t output_len)
 {
-#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
     (void) p_rng;
     return mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
                                   output, output_len);
-#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
-    rng_context_t *rng = p_rng;
-
-#if defined(MBEDTLS_CTR_DRBG_C)
-    return mbedtls_ctr_drbg_random(&rng->drbg, output, output_len);
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-    return mbedtls_hmac_drbg_random(&rng->drbg, output, output_len);
-#else
-#error "No DRBG available"
-#endif
-
-#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
 }
 
 int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2)

programs/ssl/ssl_test_lib.h

@@ -106,32 +106,12 @@ void my_debug(void *ctx, int level,
 mbedtls_time_t dummy_constant_time(mbedtls_time_t *time);
 #endif
 
-#define MBEDTLS_TEST_USE_PSA_CRYPTO_RNG
-
 /** A context for random number generation (RNG).
  */
 typedef struct {
-#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
     unsigned char dummy;
-#else /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
-    mbedtls_entropy_context entropy;
-#if defined(MBEDTLS_CTR_DRBG_C)
-    mbedtls_ctr_drbg_context drbg;
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-    mbedtls_hmac_drbg_context drbg;
-#else
-#error "No DRBG available"
-#endif
-#endif /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
 } rng_context_t;
 
-/** Initialize the RNG.
- *
- * This function only initializes the memory used by the RNG context.
- * Before using the RNG, it must be seeded with rng_seed().
- */
-void rng_init(rng_context_t *rng);
-
 /* Seed the random number generator.
  *
  * \param rng           The RNG context to use. It must have been initialized
@@ -148,13 +128,6 @@ void rng_init(rng_context_t *rng);
  */
 int rng_seed(rng_context_t *rng, int reproducible, const char *pers);
 
-/** Deinitialize the RNG. Free any embedded resource.
- *
- * \param rng           The RNG context to deinitialize. It must have been
- *                      initialized with rng_init().
- */
-void rng_free(rng_context_t *rng);
-
 /** Generate random data.
  *
  * This function is suitable for use as the \c f_rng argument to Mbed TLS

programs/test/cmake_package/cmake_package.c

@@ -5,8 +5,6 @@
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include "mbedtls/build_info.h"
 
 #include "mbedtls/platform.h"

programs/test/cmake_package_install/cmake_package_install.c

@@ -6,8 +6,6 @@
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include "mbedtls/build_info.h"
 
 #include "mbedtls/platform.h"

programs/test/cmake_subproject/cmake_subproject.c

@@ -6,8 +6,6 @@
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include "mbedtls/build_info.h"
 
 #include "mbedtls/platform.h"

programs/test/dlopen.c

@@ -5,8 +5,6 @@
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include "mbedtls/build_info.h"
 
 #include "mbedtls/platform.h"

programs/test/selftest.c

@@ -9,9 +9,6 @@
 
 #include "mbedtls/build_info.h"
 
-#include "mbedtls/private/entropy.h"
-#include "mbedtls/private/hmac_drbg.h"
-#include "mbedtls/private/ctr_drbg.h"
 #include "mbedtls/private/gcm.h"
 #include "mbedtls/private/ccm.h"
 #include "mbedtls/private/cmac.h"
@@ -204,48 +201,6 @@ static int run_test_snprintf(void)
            test_snprintf(5, "123",         3) != 0;
 }
 
-/*
- * Check if a seed file is present, and if not create one for the entropy
- * self-test. If this fails, we attempt the test anyway, so no error is passed
- * back.
- */
-#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_ENTROPY_C)
-#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PSA_DRIVER_GET_ENTROPY)
-static void dummy_entropy(unsigned char *output, size_t output_size)
-{
-    srand(1);
-    for (size_t i = 0; i < output_size; i++) {
-        output[i] = rand();
-    }
-}
-
-static void create_entropy_seed_file(void)
-{
-    int result;
-    unsigned char seed_value[MBEDTLS_ENTROPY_BLOCK_SIZE];
-
-    /* Attempt to read the entropy seed file. If this fails - attempt to write
-     * to the file to ensure one is present. */
-    result = mbedtls_platform_std_nv_seed_read(seed_value,
-                                               MBEDTLS_ENTROPY_BLOCK_SIZE);
-    if (0 == result) {
-        return;
-    }
-
-    dummy_entropy(seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE);
-    mbedtls_platform_std_nv_seed_write(seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE);
-}
-#endif
-
-static int mbedtls_entropy_self_test_wrapper(int verbose)
-{
-#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PSA_DRIVER_GET_ENTROPY)
-    create_entropy_seed_file();
-#endif
-    return mbedtls_entropy_self_test(verbose);
-}
-#endif
-
 #if defined(MBEDTLS_SELF_TEST)
 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
 static int mbedtls_memory_buffer_alloc_free_and_self_test(int verbose)
@@ -328,21 +283,12 @@ const selftest_t selftests[] =
 #if defined(MBEDTLS_ARIA_C)
     { "aria", mbedtls_aria_self_test },
 #endif
-#if defined(MBEDTLS_CTR_DRBG_C)
-    { "ctr_drbg", mbedtls_ctr_drbg_self_test },
-#endif
-#if defined(MBEDTLS_HMAC_DRBG_C)
-    { "hmac_drbg", mbedtls_hmac_drbg_self_test },
-#endif
 #if defined(MBEDTLS_ECP_C)
     { "ecp", mbedtls_ecp_self_test },
 #endif
 #if defined(MBEDTLS_ECJPAKE_C)
     { "ecjpake", mbedtls_ecjpake_self_test },
 #endif
-#if defined(MBEDTLS_ENTROPY_C)
-    { "entropy", mbedtls_entropy_self_test_wrapper },
-#endif
 #if defined(MBEDTLS_PKCS5_C)
     { "pkcs5", mbedtls_pkcs5_self_test },
 #endif

programs/test/udp_proxy.c

@@ -11,9 +11,6 @@
  * example of good general usage.
  */
 
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include "mbedtls/build_info.h"
 
 #include <limits.h>

programs/util/pem2der.c

@@ -5,8 +5,6 @@
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include "mbedtls/build_info.h"
 
 #include "mbedtls/platform.h"

programs/util/strerror.c

@@ -5,8 +5,6 @@
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include "mbedtls/build_info.h"
 
 #include "mbedtls/platform.h"

programs/x509/cert_app.c

@@ -5,30 +5,26 @@
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include "mbedtls/build_info.h"
 
 #include "mbedtls/platform.h"
 
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) ||  \
+#if !defined(MBEDTLS_BIGNUM_C) || \
     !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
     !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) ||         \
     !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) ||  \
-    !defined(MBEDTLS_CTR_DRBG_C) || defined(MBEDTLS_X509_REMOVE_INFO)
+    defined(MBEDTLS_X509_REMOVE_INFO)
 int main(void)
 {
-    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
+    mbedtls_printf("MBEDTLS_BIGNUM_C and/or "
                    "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
                    "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
                    "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or "
-                   "MBEDTLS_CTR_DRBG_C not defined and/or MBEDTLS_X509_REMOVE_INFO defined.\n");
+                   "and/or MBEDTLS_X509_REMOVE_INFO defined.\n");
     mbedtls_exit(0);
 }
 #else
 
-#include "mbedtls/private/entropy.h"
-#include "mbedtls/private/ctr_drbg.h"
 #include "mbedtls/net_sockets.h"
 #include "mbedtls/ssl.h"
 #include "mbedtls/x509.h"
@@ -123,8 +119,6 @@ int main(int argc, char *argv[])
     int exit_code = MBEDTLS_EXIT_FAILURE;
     mbedtls_net_context server_fd;
     unsigned char buf[1024];
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
     mbedtls_ssl_context ssl;
     mbedtls_ssl_config conf;
     mbedtls_x509_crt cacert;
@@ -133,17 +127,14 @@ int main(int argc, char *argv[])
     uint32_t flags;
     int verify = 0;
     char *p, *q;
-    const char *pers = "cert_app";
 
     /*
      * Set to sane values
      */
     mbedtls_net_init(&server_fd);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
     mbedtls_ssl_init(&ssl);
     mbedtls_ssl_config_init(&conf);
     mbedtls_x509_crt_init(&cacert);
-    mbedtls_entropy_init(&entropy);
 #if defined(MBEDTLS_X509_CRL_PARSE_C)
     mbedtls_x509_crl_init(&cacrl);
 #else
@@ -336,13 +327,6 @@ usage:
         mbedtls_printf("\n  . Seeding the random number generator...");
         fflush(stdout);
 
-        if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                         (const unsigned char *) pers,
-                                         strlen(pers))) != 0) {
-            mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret);
-            goto ssl_exit;
-        }
-
         mbedtls_printf(" ok\n");
 
 #if defined(MBEDTLS_DEBUG_C)
@@ -442,12 +426,10 @@ exit:
 #if defined(MBEDTLS_X509_CRL_PARSE_C)
     mbedtls_x509_crl_free(&cacrl);
 #endif
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
     mbedtls_psa_crypto_free();
 
     mbedtls_exit(exit_code);
 }
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_SSL_TLS_C &&
           MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
-          MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
+          MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */

programs/x509/cert_req.c

@@ -15,22 +15,18 @@
 
 #if !defined(MBEDTLS_X509_CSR_WRITE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
     !defined(MBEDTLS_PK_PARSE_C) || !defined(PSA_WANT_ALG_SHA_256) || \
-    !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
     !defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_FS_IO) || \
     !defined(MBEDTLS_MD_C)
 int main(void)
 {
     mbedtls_printf("MBEDTLS_X509_CSR_WRITE_C and/or MBEDTLS_FS_IO and/or "
-                   "MBEDTLS_PK_PARSE_C and/or PSA_WANT_ALG_SHA_256 and/or "
+                   "MBEDTLS_PK_PARSE_C and/or PSA_WANT_ALG_SHA_256 "
-                   "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
                    "not defined.\n");
     mbedtls_exit(0);
 }
 #else
 
 #include "mbedtls/x509_csr.h"
-#include "mbedtls/private/entropy.h"
-#include "mbedtls/private/ctr_drbg.h"
 #include "mbedtls/error.h"
 
 #include <stdio.h>
@@ -146,9 +142,6 @@ int main(int argc, char *argv[])
     int i;
     char *p, *q, *r;
     mbedtls_x509write_csr req;
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    const char *pers = "csr example app";
     mbedtls_x509_san_list *cur, *prev;
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
     uint8_t ip[4] = { 0 };
@@ -158,9 +151,7 @@ int main(int argc, char *argv[])
      */
     mbedtls_x509write_csr_init(&req);
     mbedtls_pk_init(&key);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
     memset(buf, 0, sizeof(buf));
-    mbedtls_entropy_init(&entropy);
 
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
@@ -431,13 +422,6 @@ usage:
     mbedtls_printf("  . Seeding the random number generator...");
     fflush(stdout);
 
-    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                     (const unsigned char *) pers,
-                                     strlen(pers))) != 0) {
-        mbedtls_printf(" failed\n  !  mbedtls_ctr_drbg_seed returned %d", ret);
-        goto exit;
-    }
-
     mbedtls_printf(" ok\n");
 
     /*
@@ -498,8 +482,6 @@ exit:
 
     mbedtls_x509write_csr_free(&req);
     mbedtls_pk_free(&key);
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
     mbedtls_psa_crypto_free();
 
     cur = opt.san_list;
@@ -522,4 +504,4 @@ exit:
     mbedtls_exit(exit_code);
 }
 #endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
-          MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_WRITE_C */
+          MBEDTLS_PEM_WRITE_C */

programs/x509/cert_write.c

@@ -15,14 +15,12 @@
 
 #if !defined(MBEDTLS_X509_CRT_WRITE_C) || \
     !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
-    !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
     !defined(MBEDTLS_ERROR_C) || !defined(PSA_WANT_ALG_SHA_256) || \
     !defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_MD_C)
 int main(void)
 {
     mbedtls_printf("MBEDTLS_X509_CRT_WRITE_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
                    "MBEDTLS_FS_IO and/or PSA_WANT_ALG_SHA_256 and/or "
-                   "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
                    "MBEDTLS_ERROR_C not defined.\n");
     mbedtls_exit(0);
 }
@@ -31,8 +29,6 @@ int main(void)
 #include "mbedtls/x509_crt.h"
 #include "mbedtls/x509_csr.h"
 #include "mbedtls/oid.h"
-#include "mbedtls/private/entropy.h"
-#include "mbedtls/private/ctr_drbg.h"
 #include "mbedtls/error.h"
 #include "test/helpers.h"
 
@@ -306,9 +302,6 @@ int main(int argc, char *argv[])
     unsigned char serial[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN];
     size_t serial_len;
     mbedtls_asn1_sequence *ext_key_usage;
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    const char *pers = "crt example app";
     mbedtls_x509_san_list *cur, *prev;
     uint8_t ip[4] = { 0 };
     /*
@@ -317,8 +310,6 @@ int main(int argc, char *argv[])
     mbedtls_x509write_crt_init(&crt);
     mbedtls_pk_init(&loaded_issuer_key);
     mbedtls_pk_init(&loaded_subject_key);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-    mbedtls_entropy_init(&entropy);
 #if defined(MBEDTLS_X509_CSR_PARSE_C)
     mbedtls_x509_csr_init(&csr);
 #endif
@@ -681,15 +672,6 @@ usage:
     mbedtls_printf("  . Seeding the random number generator...");
     fflush(stdout);
 
-    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                     (const unsigned char *) pers,
-                                     strlen(pers))) != 0) {
-        mbedtls_strerror(ret, buf, sizeof(buf));
-        mbedtls_printf(" failed\n  !  mbedtls_ctr_drbg_seed returned %d - %s\n",
-                       ret, buf);
-        goto exit;
-    }
-
     mbedtls_printf(" ok\n");
 
     // Parse serial to MPI
@@ -1022,12 +1004,10 @@ exit:
     mbedtls_x509write_crt_free(&crt);
     mbedtls_pk_free(&loaded_subject_key);
     mbedtls_pk_free(&loaded_issuer_key);
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
     mbedtls_psa_crypto_free();
 
     mbedtls_exit(exit_code);
 }
 #endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C &&
-          MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
+          MBEDTLS_FS_IO
           MBEDTLS_ERROR_C && MBEDTLS_PEM_WRITE_C */

programs/x509/crl_app.c

@@ -5,8 +5,6 @@
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include "mbedtls/build_info.h"
 
 #include "mbedtls/platform.h"

programs/x509/load_roots.c

@@ -5,8 +5,6 @@
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include "mbedtls/build_info.h"
 
 #include "mbedtls/platform.h"

programs/x509/req_app.c

@@ -5,8 +5,6 @@
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
 #include "mbedtls/build_info.h"
 
 #include "mbedtls/platform.h"