yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Rename the 'no entropy' feature to MBEDTLS_TEST_NULL_ENTROPY

Browse source 
Following review and for clarity, changed the name of the feature to 'null
entropy'.
This commit is contained in:
Simon Butcher 2016-06-11 02:31:21 +01:00
parent 72ff973d22
commit ab5df40054
8 changed files with 35 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
include/mbedtls/check_config.h
View file

@ -130,15 +130,14 @@
#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites" #error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
#endif #endif
#if defined(MBEDTLS_TEST_WO_ENTROPY) #if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
#warning "MBEDTLS_TEST_WO_ENTROPY defined, this build provides no security!" ( !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) )
#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) #error "MBEDTLS_TEST_NULL_ENTROPY defined, but not all prerequisites"
#error "MBEDTLS_TEST_WO_ENTROPY defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \
defined(MBEDTLS_HAVEGE_C)
#error "MBEDTLS_TEST_WO_ENTROPY defined, but entropy sources too"
#endif #endif
#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
( defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \
defined(MBEDTLS_HAVEGE_C) )
#error "MBEDTLS_TEST_NULL_ENTROPY defined, but entropy sources too"
#endif #endif
#if defined(MBEDTLS_GCM_C) && ( \ #if defined(MBEDTLS_GCM_C) && ( \

28
include/mbedtls/config.h
View file

@ -280,29 +280,21 @@
//#define MBEDTLS_AES_DECRYPT_ALT //#define MBEDTLS_AES_DECRYPT_ALT
/** /**
* \def MBEDTLS_TEST_WO_ENTROPY * \def MBEDTLS_TEST_NULL_ENTROPY
* *
* Enable testing mbed TLS without access to any entropy. This enables testing * Enables testing and use of mbed TLS without any configured entropy sources.
* the library before the platforms entropy sources are integrated (, see for * This permits use of the library on platforms before an entropy source has
* example the MBEDTLS_ENTROPY_HARDWARE_ALT or the MBEDTLS_ENTROPY_NV_SEED * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
* switch). * MBEDTLS_ENTROPY_NV_SEED switches).
*
* WARNING! This switch MUST be disabled in production builds, and is suitable
* only for development.
* Enabling the switch negates any security provided by the library.
* *
* Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
* *
* WARNING! This switch is extremely DANGEROUS, don't use it in production code
* under any circumstances. This switch nullifies any security provided by the
* library.
*/ */
//#define MBEDTLS_TEST_WO_ENTROPY //#define MBEDTLS_TEST_NULL_ENTROPY
/**
* \def MBEDTLS_ENTROPY_NV_SEED
*
* Strong software entropy source. It is not yet implemented,
* adding it because it is mutually exclusive with MBEDTLS_TEST_WO_ENTROPY.
*/
//#define MBEDTLS_ENTROPY_NV_SEED
/** /**
* \def MBEDTLS_ENTROPY_HARDWARE_ALT * \def MBEDTLS_ENTROPY_HARDWARE_ALT

2
include/mbedtls/entropy_poll.h
View file

@ -46,7 +46,7 @@ extern "C" {
/** /**
* \brief Entropy poll callback that provides 0 entropy. * \brief Entropy poll callback that provides 0 entropy.
*/ */
#if defined(MBEDTLS_TEST_WO_ENTROPY) #if defined(MBEDTLS_TEST_NULL_ENTROPY)
int mbedtls_zero_entropy_poll( void *data, int mbedtls_zero_entropy_poll( void *data,
unsigned char *output, size_t len, size_t *olen ); unsigned char *output, size_t len, size_t *olen );
#endif #endif

8
library/entropy.c
View file

@ -27,6 +27,12 @@
#if defined(MBEDTLS_ENTROPY_C) #if defined(MBEDTLS_ENTROPY_C)
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
#warning "**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! ****"
#warning "**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES ****"
#warning "**** NOT SUITABLE FOR PRODUCTION ****"
#endif
#include "mbedtls/entropy.h" #include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h" #include "mbedtls/entropy_poll.h"
@ -73,7 +79,7 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
mbedtls_havege_init( &ctx->havege_data ); mbedtls_havege_init( &ctx->havege_data );
#endif #endif
#if defined(MBEDTLS_TEST_WO_ENTROPY) #if defined(MBEDTLS_TEST_NULL_ENTROPY)
mbedtls_entropy_add_source( ctx, mbedtls_zero_entropy_poll, NULL, mbedtls_entropy_add_source( ctx, mbedtls_zero_entropy_poll, NULL,
1, MBEDTLS_ENTROPY_SOURCE_STRONG ); 1, MBEDTLS_ENTROPY_SOURCE_STRONG );
#endif #endif

3
library/entropy_poll.c
View file

@ -191,11 +191,12 @@ int mbedtls_platform_entropy_poll( void *data,
#endif /* _WIN32 && !EFIX64 && !EFI32 */ #endif /* _WIN32 && !EFIX64 && !EFI32 */
#endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */ #endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
#if defined(MBEDTLS_TEST_WO_ENTROPY) #if defined(MBEDTLS_TEST_NULL_ENTROPY)
int mbedtls_zero_entropy_poll( void *data, int mbedtls_zero_entropy_poll( void *data,
unsigned char *output, size_t len, size_t *olen ) unsigned char *output, size_t len, size_t *olen )
{ {
((void) data); ((void) data);
((void) output);
*olen = 0; *olen = 0;
if( len < sizeof(unsigned char) ) if( len < sizeof(unsigned char) )

6
library/version_features.c
View file

@ -159,9 +159,9 @@ static const char *features[] = {
#if defined(MBEDTLS_AES_DECRYPT_ALT) #if defined(MBEDTLS_AES_DECRYPT_ALT)
"MBEDTLS_AES_DECRYPT_ALT", "MBEDTLS_AES_DECRYPT_ALT",
#endif /* MBEDTLS_AES_DECRYPT_ALT */ #endif /* MBEDTLS_AES_DECRYPT_ALT */
#if defined(MBEDTLS_TEST_WO_ENTROPY) #if defined(MBEDTLS_TEST_NULL_ENTROPY)
"MBEDTLS_TEST_WO_ENTROPY", "MBEDTLS_TEST_NULL_ENTROPY",
#endif /* MBEDTLS_TEST_WO_ENTROPY */ #endif /* MBEDTLS_TEST_NULL_ENTROPY */
#if defined(MBEDTLS_ENTROPY_NV_SEED) #if defined(MBEDTLS_ENTROPY_NV_SEED)
"MBEDTLS_ENTROPY_NV_SEED", "MBEDTLS_ENTROPY_NV_SEED",
#endif /* MBEDTLS_ENTROPY_NV_SEED */ #endif /* MBEDTLS_ENTROPY_NV_SEED */

4
scripts/config.pl
View file

@ -18,7 +18,7 @@
# #
# Things that shouldn't be enabled with "full". # Things that shouldn't be enabled with "full".
# #
# MBEDTLS_TEST_WO_ENTROPY # MBEDTLS_TEST_NULL_ENTROPY
# MBEDTLS_DEPRECATED_REMOVED # MBEDTLS_DEPRECATED_REMOVED
# MBEDTLS_HAVE_SSE2 # MBEDTLS_HAVE_SSE2
# MBEDTLS_PLATFORM_NO_STD_FUNCTIONS # MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
@ -70,7 +70,7 @@ Options
EOU EOU
my @excluded = qw( my @excluded = qw(
MBEDTLS_TEST_WO_ENTROPY MBEDTLS_TEST_NULL_ENTROPY
MBEDTLS_DEPRECATED_REMOVED MBEDTLS_DEPRECATED_REMOVED
MBEDTLS_HAVE_SSE2 MBEDTLS_HAVE_SSE2
MBEDTLS_PLATFORM_NO_STD_FUNCTIONS MBEDTLS_PLATFORM_NO_STD_FUNCTIONS

6
tests/scripts/all.sh
View file

@ -265,10 +265,10 @@ scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc.
scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux
CC=gcc CFLAGS='-Werror -O0 -std=c99 -pedantic' make lib CC=gcc CFLAGS='-Werror -O0 -std=c99 -pedantic' make lib
msg "build: default config with MBEDTLS_TEST_WO_ENTROPY (ASan build)" msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)"
cleanup cleanup
cp "$CONFIG_H" "$CONFIG_BAK" cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl set MBEDTLS_TEST_WO_ENTROPY scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY
scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
scripts/config.pl set MBEDTLS_ENTROPY_C scripts/config.pl set MBEDTLS_ENTROPY_C
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
@ -277,7 +277,7 @@ scripts/config.pl unset MBEDTLS_HAVEGE_C
CC=gcc cmake -D CMAKE_C_FLAGS:String="-fsanitize=address -fno-common -O3" . CC=gcc cmake -D CMAKE_C_FLAGS:String="-fsanitize=address -fno-common -O3" .
make make
msg "test: MBEDTLS_TEST_WO_ENTROPY - main suites and selftest (ASan build)" msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites and selftest (ASan build)"
make test make test
programs/test/selftest programs/test/selftest