ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-06-25 14:51:26 +08:00
Code Issues Releases Wiki Activity

Fix entropy-related feature macros

Browse Source 
Was causing testing disparities picked by analyze_outcomes.py

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2023-03-21 17:10:45 +01:00
parent 66300d6f40
commit 4011eb49dc
2 changed files with 9 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
include/mbedtls/ctr_drbg.h
View File

@ -45,6 +45,7 @@
#include "mbedtls/build_info.h" #include "mbedtls/build_info.h"
#include "mbedtls/aes.h" #include "mbedtls/aes.h"
#include "entropy.h"
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
#include "mbedtls/threading.h" #include "mbedtls/threading.h"
@ -94,17 +95,14 @@
* \brief The amount of entropy used per seed by default, in bytes. * \brief The amount of entropy used per seed by default, in bytes.
*/ */
#if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) #if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
/** This is 48 bytes because the entropy module uses SHA-512 /** This is 48 bytes because the entropy module uses SHA-512.
* (\c MBEDTLS_ENTROPY_FORCE_SHA256 is disabled).
*/ */
#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 #define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48
#else /* defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */ #else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
/** This is 32 bytes because the entropy module uses SHA-256 /** This is 32 bytes because the entropy module uses SHA-256.
* (the SHA512 module is disabled or
* \c MBEDTLS_ENTROPY_FORCE_SHA256 is enabled).
*/ */
#if !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) #if !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
/** \warning To achieve a 256-bit security strength, you must pass a nonce /** \warning To achieve a 256-bit security strength, you must pass a nonce
@ -112,7 +110,7 @@
*/ */
#endif /* !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) */ #endif /* !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) */
#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32 #define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32
#endif /* defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */ #endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
#endif /* !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) */ #endif /* !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) */
#if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL) #if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)

6
library/psa_crypto_random_impl.h
View File

@ -62,7 +62,7 @@ int mbedtls_psa_get_random(void *p_rng,
#elif defined(MBEDTLS_HMAC_DRBG_C) #elif defined(MBEDTLS_HMAC_DRBG_C)
#include "mbedtls/hmac_drbg.h" #include "mbedtls/hmac_drbg.h"
#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_MD_CAN_SHA512) && defined(MBEDTLS_MD_CAN_SHA256)
#include <limits.h> #include <limits.h>
#if SIZE_MAX > 0xffffffff #if SIZE_MAX > 0xffffffff
/* Looks like a 64-bit system, so prefer SHA-512. */ /* Looks like a 64-bit system, so prefer SHA-512. */
@ -71,9 +71,9 @@ int mbedtls_psa_get_random(void *p_rng,
/* Looks like a 32-bit system, so prefer SHA-256. */ /* Looks like a 32-bit system, so prefer SHA-256. */
#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256 #define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
#endif #endif
#elif defined(MBEDTLS_SHA512_C) #elif defined(MBEDTLS_MD_CAN_SHA512)
#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA512 #define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA512
#elif defined(MBEDTLS_SHA256_C) #elif defined(MBEDTLS_MD_CAN_SHA256)
#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256 #define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
#else #else
#error "No hash algorithm available for HMAC_DBRG." #error "No hash algorithm available for HMAC_DBRG."