- Merged Trunk changes for 1.1 into branch

2025-01-05 14:45:40 +00:00 · 2011-12-22 10:06:27 +00:00 · 2011-12-22 10:06:27 +00:00 · d567aa2b6e
parent 732e1a893c
commit d567aa2b6e
9 changed files with 57 additions and 11 deletions
--- a/2
+++ b/2
@ -1,6 +1,6 @@
 PolarSSL ChangeLog

-= Version 1.1.0 (Release Candidate 1) released on 2011-12-11
+= Version 1.1.0 released on 2011-12-22
 Features
   * Added ssl_session_reset() to allow better multi-connection pools of
     SSL contexts without needing to set all non-connection-specific
--- a/include/polarssl/asn1.h
+++ b/include/polarssl/asn1.h
@ -27,10 +27,10 @@
 #ifndef POLARSSL_ASN1_H
 #define POLARSSL_ASN1_H

-#include "polarssl/config.h"
+#include "config.h"

 #if defined(POLARSSL_BIGNUM_C)
-#include "polarssl/bignum.h"
+#include "bignum.h"
 #endif

 #include <string.h>
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@ -154,6 +154,19 @@
 */
 #define POLARSSL_FS_IO

+/**
+ * \def POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
+ *
+ * Do not add default entropy sources. These are the platform specific,
+ * hardclock and HAVEGE based poll functions.
+ *
+ * This is useful to have more control over the added entropy sources in an 
+ * application.
+ *
+ * Uncomment this macro to prevent loading of default entropy functions.
+#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
+ */
+
 /**
 * \def POLARSSL_NO_PLATFORM_ENTROPY
 *
--- a/include/polarssl/entropy.h
+++ b/include/polarssl/entropy.h
@ -29,10 +29,16 @@

 #include <string.h>

+#include "config.h"
+
 #include "sha4.h"
+#if defined(POLARSSL_HAVEGE_C)
+#include "havege.h"
+#endif

 #define POLARSSL_ERR_ENTROPY_SOURCE_FAILED                 -0x003C  /**< Critical entropy source failure. */
 #define POLARSSL_ERR_ENTROPY_MAX_SOURCES                   -0x003E  /**< No more sources can be added. */
+#define POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED            -0x0040  /**< No sources have been added to poll. */

 #define ENTROPY_MAX_SOURCES     20      /**< Maximum number of sources supported */
 #define ENTROPY_MAX_GATHER      128     /**< Maximum amount requested from entropy sources */
@ -77,6 +83,9 @@ typedef struct
    sha4_context    accumulator;
    int             source_count;
    source_state    source[ENTROPY_MAX_SOURCES];
+#if defined(POLARSSL_HAVEGE_C)
+    havege_state    havege_data;
+#endif
 }
 entropy_context;

@ -96,7 +105,7 @@ void entropy_init( entropy_context *ctx );
 * \param threshold Minimum required from source before entropy is released
 *                  ( with entropy_func() )
 *
- * \return          0 is successful or POLARSSL_ERR_ENTROPY_MAX_SOURCES
+ * \return          0 if successful or POLARSSL_ERR_ENTROPY_MAX_SOURCES
 */
 int entropy_add_source( entropy_context *ctx,
                        f_source_ptr f_source, void *p_source,
--- a/include/polarssl/error.h
+++ b/include/polarssl/error.h
@ -58,7 +58,7 @@
 * DES       1  0x0032-0x0032
 * NET      11  0x0040-0x0054
 * CTR_DBRG  3  0x0034-0x003A
- * ENTROPY   2  0x003C-0x003E
+ * ENTROPY   3  0x003C-0x0040
 * MD2       1  0x0070-0x0070
 * MD4       1  0x0072-0x0072
 * MD5       1  0x0074-0x0074
--- a/library/entropy.c
+++ b/library/entropy.c
@ -30,6 +30,10 @@
 #include "polarssl/entropy.h"
 #include "polarssl/entropy_poll.h"

+#if defined(POLARSSL_HAVEGE_C)
+#include "polarssl/havege.h"
+#endif
+
 #define ENTROPY_MAX_LOOP    256     /**< Maximum amount to loop before error */

 void entropy_init( entropy_context *ctx )
@ -37,7 +41,11 @@ void entropy_init( entropy_context *ctx )
    memset( ctx, 0, sizeof(entropy_context) );

    sha4_starts( &ctx->accumulator, 0 );
+#if defined(POLARSSL_HAVEGE_C)
+    havege_init( &ctx->havege_data );
+#endif

+#if !defined(POLARSSL_NO_DEFAULT_ENTROPY_SOURCES)
 #if !defined(POLARSSL_NO_PLATFORM_ENTROPY)
    entropy_add_source( ctx, platform_entropy_poll, NULL,
                        ENTROPY_MIN_PLATFORM );
@ -45,6 +53,11 @@ void entropy_init( entropy_context *ctx )
 #if defined(POLARSSL_TIMING_C)
    entropy_add_source( ctx, hardclock_poll, NULL, ENTROPY_MIN_HARDCLOCK );
 #endif
+#if defined(POLARSSL_HAVEGE_C)
+    entropy_add_source( ctx, havege_poll, &ctx->havege_data,
+                        ENTROPY_MIN_HAVEGE );
+#endif
+#endif /* POLARSSL_NO_DEFAULT_ENTROPY_SOURCES */
 }

 int entropy_add_source( entropy_context *ctx,
@ -108,6 +121,9 @@ int entropy_gather( entropy_context *ctx )
    unsigned char buf[ENTROPY_MAX_GATHER];
    size_t olen;
    
+    if( ctx->source_count == 0 )
+        return( POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED );
+
    /*
     * Run through our entropy sources
     */
--- a/library/error.c
+++ b/library/error.c
@ -436,6 +436,8 @@ void error_strerror( int ret, char *buf, size_t buflen )
        snprintf( buf, buflen, "ENTROPY - Critical entropy source failure" );
    if( use_ret == -(POLARSSL_ERR_ENTROPY_MAX_SOURCES) )
        snprintf( buf, buflen, "ENTROPY - No more sources can be added" );
+    if( use_ret == -(POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED) )
+        snprintf( buf, buflen, "ENTROPY - No sources have been added to poll" );
 #endif /* POLARSSL_ENTROPY_C */

 #if defined(POLARSSL_MD2_C)
--- a/library/net.c
+++ b/library/net.c
@ -227,7 +227,8 @@ int net_accept( int bind_fd, int *client_fd, void *client_ip )
 {
    struct sockaddr_in client_addr;

-#if defined(__socklen_t_defined) || defined(_SOCKLEN_T)
+#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) ||  \
+    defined(_SOCKLEN_T_DECLARED)
    socklen_t n = (socklen_t) sizeof( client_addr );
 #else
    int n = (int) sizeof( client_addr );
--- a/programs/random/gen_random_ctr_drbg.c
+++ b/programs/random/gen_random_ctr_drbg.c
@ -61,25 +61,30 @@ int main( int argc, char *argv[] )
    }

    entropy_init( &entropy );
-    ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (unsigned char *) "RANDOM_GEN", 10 );
+    ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (unsigned char *) "RANDOM_GEN", 10 );
+    if( ret != 0 )
+    {
+        printf( "failed in ctr_drbg_init: %d\n", ret );
+        goto cleanup;
+    }
    ctr_drbg_set_prediction_resistance( &ctr_drbg, CTR_DRBG_PR_OFF );

 #if defined(POLARSSL_FS_IO)
    ret = ctr_drbg_update_seed_file( &ctr_drbg, "seedfile" );

-    if( ret == 1 )
+    if( ret == POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR )
    {
-        printf("Failed to open seedfile. Generating one.\n");
+        printf( "Failed to open seedfile. Generating one.\n" );
        ret = ctr_drbg_write_seed_file( &ctr_drbg, "seedfile" );
        if( ret != 0 )
        {
-            printf("failed in ctr_drbg_write_seed_file: %d\n", ret );
+            printf( "failed in ctr_drbg_write_seed_file: %d\n", ret );
            goto cleanup;
        }
    }
    else if( ret != 0 )
    {
-        printf("failed in ctr_drbg_update_seed_file: %d\n", ret );
+        printf( "failed in ctr_drbg_update_seed_file: %d\n", ret );
        goto cleanup;
    }
 #endif