Rename the 'no entropy' feature to MBEDTLS_TEST_NULL_ENTROPY

Following review and for clarity, changed the name of the feature to 'null
entropy'.
This commit is contained in:
Simon Butcher 2016-06-11 02:31:21 +01:00
parent 72ff973d22
commit ab5df40054
8 changed files with 35 additions and 37 deletions

View File

@ -130,15 +130,14 @@
#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_TEST_WO_ENTROPY)
#warning "MBEDTLS_TEST_WO_ENTROPY defined, this build provides no security!"
#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
#error "MBEDTLS_TEST_WO_ENTROPY defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \
defined(MBEDTLS_HAVEGE_C)
#error "MBEDTLS_TEST_WO_ENTROPY defined, but entropy sources too"
#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
( !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) )
#error "MBEDTLS_TEST_NULL_ENTROPY defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
( defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \
defined(MBEDTLS_HAVEGE_C) )
#error "MBEDTLS_TEST_NULL_ENTROPY defined, but entropy sources too"
#endif
#if defined(MBEDTLS_GCM_C) && ( \

View File

@ -280,29 +280,21 @@
//#define MBEDTLS_AES_DECRYPT_ALT
/**
* \def MBEDTLS_TEST_WO_ENTROPY
* \def MBEDTLS_TEST_NULL_ENTROPY
*
* Enable testing mbed TLS without access to any entropy. This enables testing
* the library before the platforms entropy sources are integrated (, see for
* example the MBEDTLS_ENTROPY_HARDWARE_ALT or the MBEDTLS_ENTROPY_NV_SEED
* switch).
* Enables testing and use of mbed TLS without any configured entropy sources.
* This permits use of the library on platforms before an entropy source has
* been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
* MBEDTLS_ENTROPY_NV_SEED switches).
*
* WARNING! This switch MUST be disabled in production builds, and is suitable
* only for development.
* Enabling the switch negates any security provided by the library.
*
* Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
*
* WARNING! This switch is extremely DANGEROUS, don't use it in production code
* under any circumstances. This switch nullifies any security provided by the
* library.
*/
//#define MBEDTLS_TEST_WO_ENTROPY
/**
* \def MBEDTLS_ENTROPY_NV_SEED
*
* Strong software entropy source. It is not yet implemented,
* adding it because it is mutually exclusive with MBEDTLS_TEST_WO_ENTROPY.
*/
//#define MBEDTLS_ENTROPY_NV_SEED
//#define MBEDTLS_TEST_NULL_ENTROPY
/**
* \def MBEDTLS_ENTROPY_HARDWARE_ALT

View File

@ -46,7 +46,7 @@ extern "C" {
/**
* \brief Entropy poll callback that provides 0 entropy.
*/
#if defined(MBEDTLS_TEST_WO_ENTROPY)
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
int mbedtls_zero_entropy_poll( void *data,
unsigned char *output, size_t len, size_t *olen );
#endif

View File

@ -27,6 +27,12 @@
#if defined(MBEDTLS_ENTROPY_C)
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
#warning "**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! ****"
#warning "**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES ****"
#warning "**** NOT SUITABLE FOR PRODUCTION ****"
#endif
#include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h"
@ -73,7 +79,7 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
mbedtls_havege_init( &ctx->havege_data );
#endif
#if defined(MBEDTLS_TEST_WO_ENTROPY)
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
mbedtls_entropy_add_source( ctx, mbedtls_zero_entropy_poll, NULL,
1, MBEDTLS_ENTROPY_SOURCE_STRONG );
#endif

View File

@ -191,11 +191,12 @@ int mbedtls_platform_entropy_poll( void *data,
#endif /* _WIN32 && !EFIX64 && !EFI32 */
#endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
#if defined(MBEDTLS_TEST_WO_ENTROPY)
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
int mbedtls_zero_entropy_poll( void *data,
unsigned char *output, size_t len, size_t *olen )
{
((void) data);
((void) output);
*olen = 0;
if( len < sizeof(unsigned char) )

View File

@ -159,9 +159,9 @@ static const char *features[] = {
#if defined(MBEDTLS_AES_DECRYPT_ALT)
"MBEDTLS_AES_DECRYPT_ALT",
#endif /* MBEDTLS_AES_DECRYPT_ALT */
#if defined(MBEDTLS_TEST_WO_ENTROPY)
"MBEDTLS_TEST_WO_ENTROPY",
#endif /* MBEDTLS_TEST_WO_ENTROPY */
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
"MBEDTLS_TEST_NULL_ENTROPY",
#endif /* MBEDTLS_TEST_NULL_ENTROPY */
#if defined(MBEDTLS_ENTROPY_NV_SEED)
"MBEDTLS_ENTROPY_NV_SEED",
#endif /* MBEDTLS_ENTROPY_NV_SEED */

View File

@ -18,7 +18,7 @@
#
# Things that shouldn't be enabled with "full".
#
# MBEDTLS_TEST_WO_ENTROPY
# MBEDTLS_TEST_NULL_ENTROPY
# MBEDTLS_DEPRECATED_REMOVED
# MBEDTLS_HAVE_SSE2
# MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
@ -70,7 +70,7 @@ Options
EOU
my @excluded = qw(
MBEDTLS_TEST_WO_ENTROPY
MBEDTLS_TEST_NULL_ENTROPY
MBEDTLS_DEPRECATED_REMOVED
MBEDTLS_HAVE_SSE2
MBEDTLS_PLATFORM_NO_STD_FUNCTIONS

View File

@ -265,10 +265,10 @@ scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc.
scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux
CC=gcc CFLAGS='-Werror -O0 -std=c99 -pedantic' make lib
msg "build: default config with MBEDTLS_TEST_WO_ENTROPY (ASan build)"
msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl set MBEDTLS_TEST_WO_ENTROPY
scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY
scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
scripts/config.pl set MBEDTLS_ENTROPY_C
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
@ -277,7 +277,7 @@ scripts/config.pl unset MBEDTLS_HAVEGE_C
CC=gcc cmake -D CMAKE_C_FLAGS:String="-fsanitize=address -fno-common -O3" .
make
msg "test: MBEDTLS_TEST_WO_ENTROPY - main suites and selftest (ASan build)"
msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites and selftest (ASan build)"
make test
programs/test/selftest