diff --git a/ChangeLog b/ChangeLog index 4d956af48..49e48491e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ PolarSSL ChangeLog -= Version 1.1.0 (Release Candidate 1) released on 2011-12-11 += Version 1.1.0 released on 2011-12-22 Features * Added ssl_session_reset() to allow better multi-connection pools of SSL contexts without needing to set all non-connection-specific diff --git a/include/polarssl/asn1.h b/include/polarssl/asn1.h index 82145c334..8daef5a70 100644 --- a/include/polarssl/asn1.h +++ b/include/polarssl/asn1.h @@ -27,10 +27,10 @@ #ifndef POLARSSL_ASN1_H #define POLARSSL_ASN1_H -#include "polarssl/config.h" +#include "config.h" #if defined(POLARSSL_BIGNUM_C) -#include "polarssl/bignum.h" +#include "bignum.h" #endif #include diff --git a/include/polarssl/config.h b/include/polarssl/config.h index 1327c431f..ea518d77d 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -154,6 +154,19 @@ */ #define POLARSSL_FS_IO +/** + * \def POLARSSL_NO_DEFAULT_ENTROPY_SOURCES + * + * Do not add default entropy sources. These are the platform specific, + * hardclock and HAVEGE based poll functions. + * + * This is useful to have more control over the added entropy sources in an + * application. + * + * Uncomment this macro to prevent loading of default entropy functions. +#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES + */ + /** * \def POLARSSL_NO_PLATFORM_ENTROPY * diff --git a/include/polarssl/entropy.h b/include/polarssl/entropy.h index aeec8b25d..53bce41b0 100644 --- a/include/polarssl/entropy.h +++ b/include/polarssl/entropy.h @@ -29,10 +29,16 @@ #include +#include "config.h" + #include "sha4.h" +#if defined(POLARSSL_HAVEGE_C) +#include "havege.h" +#endif #define POLARSSL_ERR_ENTROPY_SOURCE_FAILED -0x003C /**< Critical entropy source failure. */ #define POLARSSL_ERR_ENTROPY_MAX_SOURCES -0x003E /**< No more sources can be added. */ +#define POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED -0x0040 /**< No sources have been added to poll. */ #define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ #define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ @@ -77,6 +83,9 @@ typedef struct sha4_context accumulator; int source_count; source_state source[ENTROPY_MAX_SOURCES]; +#if defined(POLARSSL_HAVEGE_C) + havege_state havege_data; +#endif } entropy_context; @@ -96,7 +105,7 @@ void entropy_init( entropy_context *ctx ); * \param threshold Minimum required from source before entropy is released * ( with entropy_func() ) * - * \return 0 is successful or POLARSSL_ERR_ENTROPY_MAX_SOURCES + * \return 0 if successful or POLARSSL_ERR_ENTROPY_MAX_SOURCES */ int entropy_add_source( entropy_context *ctx, f_source_ptr f_source, void *p_source, diff --git a/include/polarssl/error.h b/include/polarssl/error.h index f167a7b83..78ad36255 100644 --- a/include/polarssl/error.h +++ b/include/polarssl/error.h @@ -58,7 +58,7 @@ * DES 1 0x0032-0x0032 * NET 11 0x0040-0x0054 * CTR_DBRG 3 0x0034-0x003A - * ENTROPY 2 0x003C-0x003E + * ENTROPY 3 0x003C-0x0040 * MD2 1 0x0070-0x0070 * MD4 1 0x0072-0x0072 * MD5 1 0x0074-0x0074 diff --git a/library/entropy.c b/library/entropy.c index bc0e141b2..966245472 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -30,6 +30,10 @@ #include "polarssl/entropy.h" #include "polarssl/entropy_poll.h" +#if defined(POLARSSL_HAVEGE_C) +#include "polarssl/havege.h" +#endif + #define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */ void entropy_init( entropy_context *ctx ) @@ -37,7 +41,11 @@ void entropy_init( entropy_context *ctx ) memset( ctx, 0, sizeof(entropy_context) ); sha4_starts( &ctx->accumulator, 0 ); +#if defined(POLARSSL_HAVEGE_C) + havege_init( &ctx->havege_data ); +#endif +#if !defined(POLARSSL_NO_DEFAULT_ENTROPY_SOURCES) #if !defined(POLARSSL_NO_PLATFORM_ENTROPY) entropy_add_source( ctx, platform_entropy_poll, NULL, ENTROPY_MIN_PLATFORM ); @@ -45,6 +53,11 @@ void entropy_init( entropy_context *ctx ) #if defined(POLARSSL_TIMING_C) entropy_add_source( ctx, hardclock_poll, NULL, ENTROPY_MIN_HARDCLOCK ); #endif +#if defined(POLARSSL_HAVEGE_C) + entropy_add_source( ctx, havege_poll, &ctx->havege_data, + ENTROPY_MIN_HAVEGE ); +#endif +#endif /* POLARSSL_NO_DEFAULT_ENTROPY_SOURCES */ } int entropy_add_source( entropy_context *ctx, @@ -108,6 +121,9 @@ int entropy_gather( entropy_context *ctx ) unsigned char buf[ENTROPY_MAX_GATHER]; size_t olen; + if( ctx->source_count == 0 ) + return( POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED ); + /* * Run through our entropy sources */ diff --git a/library/error.c b/library/error.c index 05e84e72c..5dcd17580 100644 --- a/library/error.c +++ b/library/error.c @@ -436,6 +436,8 @@ void error_strerror( int ret, char *buf, size_t buflen ) snprintf( buf, buflen, "ENTROPY - Critical entropy source failure" ); if( use_ret == -(POLARSSL_ERR_ENTROPY_MAX_SOURCES) ) snprintf( buf, buflen, "ENTROPY - No more sources can be added" ); + if( use_ret == -(POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED) ) + snprintf( buf, buflen, "ENTROPY - No sources have been added to poll" ); #endif /* POLARSSL_ENTROPY_C */ #if defined(POLARSSL_MD2_C) diff --git a/library/net.c b/library/net.c index 85c4e7990..9724c07d7 100644 --- a/library/net.c +++ b/library/net.c @@ -227,7 +227,8 @@ int net_accept( int bind_fd, int *client_fd, void *client_ip ) { struct sockaddr_in client_addr; -#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) +#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \ + defined(_SOCKLEN_T_DECLARED) socklen_t n = (socklen_t) sizeof( client_addr ); #else int n = (int) sizeof( client_addr ); diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c index fb3a34051..cb4659359 100644 --- a/programs/random/gen_random_ctr_drbg.c +++ b/programs/random/gen_random_ctr_drbg.c @@ -61,25 +61,30 @@ int main( int argc, char *argv[] ) } entropy_init( &entropy ); - ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (unsigned char *) "RANDOM_GEN", 10 ); + ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (unsigned char *) "RANDOM_GEN", 10 ); + if( ret != 0 ) + { + printf( "failed in ctr_drbg_init: %d\n", ret ); + goto cleanup; + } ctr_drbg_set_prediction_resistance( &ctr_drbg, CTR_DRBG_PR_OFF ); #if defined(POLARSSL_FS_IO) ret = ctr_drbg_update_seed_file( &ctr_drbg, "seedfile" ); - if( ret == 1 ) + if( ret == POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR ) { - printf("Failed to open seedfile. Generating one.\n"); + printf( "Failed to open seedfile. Generating one.\n" ); ret = ctr_drbg_write_seed_file( &ctr_drbg, "seedfile" ); if( ret != 0 ) { - printf("failed in ctr_drbg_write_seed_file: %d\n", ret ); + printf( "failed in ctr_drbg_write_seed_file: %d\n", ret ); goto cleanup; } } else if( ret != 0 ) { - printf("failed in ctr_drbg_update_seed_file: %d\n", ret ); + printf( "failed in ctr_drbg_update_seed_file: %d\n", ret ); goto cleanup; } #endif