From 2ceda579893ceb23c5eb0d56df47dc235644e0f4 Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Thu, 6 Feb 2014 15:55:25 +0100
Subject: [PATCH] Ability to force the Entropy module to use SHA-256 as its
 basis

By default the SHA-512 module is used if both are available. On some
systems, SHA-256 is the better choice.

Contributed by: Gergely Budai
---
 ChangeLog                   |  2 ++
 include/polarssl/config.h   | 22 +++++++++++++++++++++-
 include/polarssl/ctr_drbg.h |  2 +-
 include/polarssl/entropy.h  |  2 +-
 4 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index baf67fee3..2e2ecb87a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,8 @@ Features
      and CRLs
    * Single Platform compatilibity layer (for memory / printf / fprintf)
    * Ability to provide alternate timing implementation
+   * Ability to force the entropy module to use SHA-256 as its basis
+     (POLARSSL_ENTROPY_FORCE_SHA256)
 
 Changes
    * Deprecated the Memory layer
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 5c36ae6b3..db34e6a29 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -665,6 +665,22 @@
  */
 //#define POLARSSL_NO_PLATFORM_ENTROPY
 
+/**
+ * \def POLARSSL_ENTROPY_FORCE_SHA256
+ *
+ * Force the entropy accumulator to use a SHA-256 accumulator instead of the
+ * default SHA-512 based one (if both are available).
+ *
+ * Requires: POLARSSL_SHA256_C
+ *
+ * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
+ * if you have performance concerns.
+ *
+ * This option is only useful if both POLARSSL_SHA256_C and
+ * POLARSSL_SHA512_C are defined. Otherwise the available hash module is used.
+ */
+//#define POLARSSL_ENTROPY_FORCE_SHA256
+
 /**
  * \def POLARSSL_MEMORY_DEBUG
  *
@@ -1334,7 +1350,7 @@
  * Module:  library/entropy.c
  * Caller:
  *
- * Requires: POLARSSL_SHA512_C
+ * Requires: POLARSSL_SHA512_C or POLARSSL_SHA256_C
  *
  * This module provides a generic entropy pool
  */
@@ -2103,6 +2119,10 @@
     defined(POLARSSL_CONFIG_OPTIONS) && (CTR_DRBG_ENTROPY_LEN > 32)
 #error "CTR_DRBG_ENTROPY_LEN value too high"
 #endif
+#if defined(POLARSSL_ENTROPY_C) && \
+    defined(POLARSSL_ENTROPY_FORCE_SHA256) && !defined(POLARSSL_SHA256_C)
+#error "POLARSSL_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
+#endif
 
 #if defined(POLARSSL_GCM_C) && (                                        \
         !defined(POLARSSL_AES_C) && !defined(POLARSSL_CAMELLIA_C) )
diff --git a/include/polarssl/ctr_drbg.h b/include/polarssl/ctr_drbg.h
index 756b5a326..8b0f38a15 100644
--- a/include/polarssl/ctr_drbg.h
+++ b/include/polarssl/ctr_drbg.h
@@ -43,7 +43,7 @@
                                             /**< The seed length (counter + AES key)            */
 
 #if !defined(POLARSSL_CONFIG_OPTIONS)
-#if defined(POLARSSL_SHA512_C)
+#if defined(POLARSSL_SHA512_C) && !defined(POLARSSL_ENTROPY_FORCE_SHA256)
 #define CTR_DRBG_ENTROPY_LEN        48      /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
 #else
 #define CTR_DRBG_ENTROPY_LEN        32      /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
diff --git a/include/polarssl/entropy.h b/include/polarssl/entropy.h
index 2b824ef6d..c4d49556f 100644
--- a/include/polarssl/entropy.h
+++ b/include/polarssl/entropy.h
@@ -31,7 +31,7 @@
 
 #include "config.h"
 
-#if defined(POLARSSL_SHA512_C)
+#if defined(POLARSSL_SHA512_C) && !defined(POLARSSL_FORCE_ENTROPY_SHA256)
 #include "sha512.h"
 #define POLARSSL_ENTROPY_SHA512_ACCUMULATOR
 #else