- Added option to prevent default entropy sources from loading (POLARSSL_NO_DEFAULT_ENTROPY_SOURCES)

2024-11-24 16:58:26 +00:00 · 2011-12-15 20:11:16 +00:00 · 2011-12-15 20:11:16 +00:00 · 43655f46b0
commit 43655f46b0
parent fb3a83f9e3
5 changed files with 26 additions and 3 deletions
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@ -154,6 +154,19 @@
 */
 #define POLARSSL_FS_IO

+/**
+ * \def POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
+ *
+ * Do not add default entropy sources. These are the platform specific,
+ * hardclock and HAVEGE based poll functions.
+ *
+ * This is useful to have more control over the added entropy sources in an 
+ * application.
+ *
+ * Uncomment this macro to prevent loading of default entropy functions.
+#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
+ */
+
 /**
 * \def POLARSSL_NO_PLATFORM_ENTROPY
 *
--- a/include/polarssl/entropy.h
+++ b/include/polarssl/entropy.h
@ -38,6 +38,7 @@

 #define POLARSSL_ERR_ENTROPY_SOURCE_FAILED                 -0x003C  /**< Critical entropy source failure. */
 #define POLARSSL_ERR_ENTROPY_MAX_SOURCES                   -0x003E  /**< No more sources can be added. */
+#define POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED            -0x0040  /**< No sources have been added to poll. */

 #define ENTROPY_MAX_SOURCES     20      /**< Maximum number of sources supported */
 #define ENTROPY_MAX_GATHER      128     /**< Maximum amount requested from entropy sources */
@ -104,7 +105,7 @@ void entropy_init( entropy_context *ctx );
 * \param threshold Minimum required from source before entropy is released
 *                  ( with entropy_func() )
 *
- * \return          0 is successful or POLARSSL_ERR_ENTROPY_MAX_SOURCES
+ * \return          0 if successful or POLARSSL_ERR_ENTROPY_MAX_SOURCES
 */
 int entropy_add_source( entropy_context *ctx,
                        f_source_ptr f_source, void *p_source,
--- a/include/polarssl/error.h
+++ b/include/polarssl/error.h
@ -58,7 +58,7 @@
 * DES       1  0x0032-0x0032
 * NET      11  0x0040-0x0054
 * CTR_DBRG  3  0x0034-0x003A
- * ENTROPY   2  0x003C-0x003E
+ * ENTROPY   3  0x003C-0x0040
 * MD2       1  0x0070-0x0070
 * MD4       1  0x0072-0x0072
 * MD5       1  0x0074-0x0074
--- a/library/entropy.c
+++ b/library/entropy.c
@ -41,7 +41,11 @@ void entropy_init( entropy_context *ctx )
    memset( ctx, 0, sizeof(entropy_context) );

    sha4_starts( &ctx->accumulator, 0 );
+#if defined(POLARSSL_HAVEGE_C)
+    havege_init( &ctx->havege_data );
+#endif

+#if !defined(POLARSSL_NO_DEFAULT_ENTROPY_SOURCES)
 #if !defined(POLARSSL_NO_PLATFORM_ENTROPY)
    entropy_add_source( ctx, platform_entropy_poll, NULL,
                        ENTROPY_MIN_PLATFORM );
@ -50,10 +54,10 @@ void entropy_init( entropy_context *ctx )
    entropy_add_source( ctx, hardclock_poll, NULL, ENTROPY_MIN_HARDCLOCK );
 #endif
 #if defined(POLARSSL_HAVEGE_C)
-    havege_init( &ctx->havege_data );
    entropy_add_source( ctx, havege_poll, &ctx->havege_data,
                        ENTROPY_MIN_HAVEGE );
 #endif
+#endif /* POLARSSL_NO_DEFAULT_ENTROPY_SOURCES */
 }

 int entropy_add_source( entropy_context *ctx,
@ -117,6 +121,9 @@ int entropy_gather( entropy_context *ctx )
    unsigned char buf[ENTROPY_MAX_GATHER];
    size_t olen;
    
+    if( ctx->source_count == 0 )
+        return( POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED );
+
    /*
     * Run through our entropy sources
     */
--- a/library/error.c
+++ b/library/error.c
@ -436,6 +436,8 @@ void error_strerror( int ret, char *buf, size_t buflen )
        snprintf( buf, buflen, "ENTROPY - Critical entropy source failure" );
    if( use_ret == -(POLARSSL_ERR_ENTROPY_MAX_SOURCES) )
        snprintf( buf, buflen, "ENTROPY - No more sources can be added" );
+    if( use_ret == -(POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED) )
+        snprintf( buf, buflen, "ENTROPY - No sources have been added to poll" );
 #endif /* POLARSSL_ENTROPY_C */

 #if defined(POLARSSL_MD2_C)