mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 05:05:35 +00:00
Ability to force the Entropy module to use SHA-256 as its basis
By default the SHA-512 module is used if both are available. On some systems, SHA-256 is the better choice. Contributed by: Gergely Budai
This commit is contained in:
parent
cd6d69a414
commit
2ceda57989
|
@ -11,6 +11,8 @@ Features
|
||||||
and CRLs
|
and CRLs
|
||||||
* Single Platform compatilibity layer (for memory / printf / fprintf)
|
* Single Platform compatilibity layer (for memory / printf / fprintf)
|
||||||
* Ability to provide alternate timing implementation
|
* Ability to provide alternate timing implementation
|
||||||
|
* Ability to force the entropy module to use SHA-256 as its basis
|
||||||
|
(POLARSSL_ENTROPY_FORCE_SHA256)
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Deprecated the Memory layer
|
* Deprecated the Memory layer
|
||||||
|
|
|
@ -665,6 +665,22 @@
|
||||||
*/
|
*/
|
||||||
//#define POLARSSL_NO_PLATFORM_ENTROPY
|
//#define POLARSSL_NO_PLATFORM_ENTROPY
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def POLARSSL_ENTROPY_FORCE_SHA256
|
||||||
|
*
|
||||||
|
* Force the entropy accumulator to use a SHA-256 accumulator instead of the
|
||||||
|
* default SHA-512 based one (if both are available).
|
||||||
|
*
|
||||||
|
* Requires: POLARSSL_SHA256_C
|
||||||
|
*
|
||||||
|
* On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
|
||||||
|
* if you have performance concerns.
|
||||||
|
*
|
||||||
|
* This option is only useful if both POLARSSL_SHA256_C and
|
||||||
|
* POLARSSL_SHA512_C are defined. Otherwise the available hash module is used.
|
||||||
|
*/
|
||||||
|
//#define POLARSSL_ENTROPY_FORCE_SHA256
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def POLARSSL_MEMORY_DEBUG
|
* \def POLARSSL_MEMORY_DEBUG
|
||||||
*
|
*
|
||||||
|
@ -1334,7 +1350,7 @@
|
||||||
* Module: library/entropy.c
|
* Module: library/entropy.c
|
||||||
* Caller:
|
* Caller:
|
||||||
*
|
*
|
||||||
* Requires: POLARSSL_SHA512_C
|
* Requires: POLARSSL_SHA512_C or POLARSSL_SHA256_C
|
||||||
*
|
*
|
||||||
* This module provides a generic entropy pool
|
* This module provides a generic entropy pool
|
||||||
*/
|
*/
|
||||||
|
@ -2103,6 +2119,10 @@
|
||||||
defined(POLARSSL_CONFIG_OPTIONS) && (CTR_DRBG_ENTROPY_LEN > 32)
|
defined(POLARSSL_CONFIG_OPTIONS) && (CTR_DRBG_ENTROPY_LEN > 32)
|
||||||
#error "CTR_DRBG_ENTROPY_LEN value too high"
|
#error "CTR_DRBG_ENTROPY_LEN value too high"
|
||||||
#endif
|
#endif
|
||||||
|
#if defined(POLARSSL_ENTROPY_C) && \
|
||||||
|
defined(POLARSSL_ENTROPY_FORCE_SHA256) && !defined(POLARSSL_SHA256_C)
|
||||||
|
#error "POLARSSL_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_GCM_C) && ( \
|
#if defined(POLARSSL_GCM_C) && ( \
|
||||||
!defined(POLARSSL_AES_C) && !defined(POLARSSL_CAMELLIA_C) )
|
!defined(POLARSSL_AES_C) && !defined(POLARSSL_CAMELLIA_C) )
|
||||||
|
|
|
@ -43,7 +43,7 @@
|
||||||
/**< The seed length (counter + AES key) */
|
/**< The seed length (counter + AES key) */
|
||||||
|
|
||||||
#if !defined(POLARSSL_CONFIG_OPTIONS)
|
#if !defined(POLARSSL_CONFIG_OPTIONS)
|
||||||
#if defined(POLARSSL_SHA512_C)
|
#if defined(POLARSSL_SHA512_C) && !defined(POLARSSL_ENTROPY_FORCE_SHA256)
|
||||||
#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
|
#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
|
||||||
#else
|
#else
|
||||||
#define CTR_DRBG_ENTROPY_LEN 32 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
|
#define CTR_DRBG_ENTROPY_LEN 32 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
|
||||||
|
|
|
@ -31,7 +31,7 @@
|
||||||
|
|
||||||
#include "config.h"
|
#include "config.h"
|
||||||
|
|
||||||
#if defined(POLARSSL_SHA512_C)
|
#if defined(POLARSSL_SHA512_C) && !defined(POLARSSL_FORCE_ENTROPY_SHA256)
|
||||||
#include "sha512.h"
|
#include "sha512.h"
|
||||||
#define POLARSSL_ENTROPY_SHA512_ACCUMULATOR
|
#define POLARSSL_ENTROPY_SHA512_ACCUMULATOR
|
||||||
#else
|
#else
|
||||||
|
|
Loading…
Reference in a new issue