Documentation and entropy self test changes (#610)

Ensure that the entropy self test always fails whenever
MBEDTLS_TEST_NULL_ENTROPY is defined. This is because the option is
meant to be for testing and development purposes rather than production
quality software. Also, this patch enhances the documentation for
mbedtls_entropy_source_self_test() and mbedtls_entropy_self_test().
This commit is contained in:
Andres Amaya Garcia 2016-09-13 13:30:02 +01:00 committed by Simon Butcher
parent c0d76b8255
commit a928e67278
2 changed files with 14 additions and 1 deletions

View file

@ -255,6 +255,9 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* This module self-test also calls the entropy self-test,
* mbedtls_entropy_source_self_test();
*
* \return 0 if successful, or 1 if a test failed * \return 0 if successful, or 1 if a test failed
*/ */
int mbedtls_entropy_self_test( int verbose ); int mbedtls_entropy_self_test( int verbose );
@ -263,6 +266,14 @@ int mbedtls_entropy_self_test( int verbose );
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* Verifies the integrity of the hardware entropy source
* provided by the function 'mbedtls_hardware_poll()'.
*
* Note this is the only hardware entropy source that is known
* at link time, and other entropy sources configured
* dynamically at runtime by the function
* mbedtls_entropy_add_source() will not be tested.
*
* \return 0 if successful, or 1 if a test failed * \return 0 if successful, or 1 if a test failed
*/ */
int mbedtls_entropy_source_self_test( int verbose ); int mbedtls_entropy_source_self_test( int verbose );

View file

@ -575,7 +575,7 @@ cleanup:
*/ */
int mbedtls_entropy_self_test( int verbose ) int mbedtls_entropy_self_test( int verbose )
{ {
int ret = 0; int ret = 1;
mbedtls_entropy_context ctx; mbedtls_entropy_context ctx;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 }; unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
unsigned char acc[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 }; unsigned char acc[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
@ -584,6 +584,7 @@ int mbedtls_entropy_self_test( int verbose )
if( verbose != 0 ) if( verbose != 0 )
mbedtls_printf( " ENTROPY test: " ); mbedtls_printf( " ENTROPY test: " );
#if !defined(MBEDTLS_TEST_NULL_ENTROPY)
mbedtls_entropy_init( &ctx ); mbedtls_entropy_init( &ctx );
/* First do a gather to make sure we have default sources */ /* First do a gather to make sure we have default sources */
@ -631,6 +632,7 @@ int mbedtls_entropy_self_test( int verbose )
cleanup: cleanup:
mbedtls_entropy_free( &ctx ); mbedtls_entropy_free( &ctx );
#endif /* !MBEDTLS_TEST_NULL_ENTROPY */
if( verbose != 0 ) if( verbose != 0 )
{ {