- Merged Trunk changes for 1.1 into branch
diff --git a/ChangeLog b/ChangeLog
index 4d956af..49e4849 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,6 @@
PolarSSL ChangeLog
-= Version 1.1.0 (Release Candidate 1) released on 2011-12-11
+= Version 1.1.0 released on 2011-12-22
Features
* Added ssl_session_reset() to allow better multi-connection pools of
SSL contexts without needing to set all non-connection-specific
diff --git a/include/polarssl/asn1.h b/include/polarssl/asn1.h
index 82145c3..8daef5a 100644
--- a/include/polarssl/asn1.h
+++ b/include/polarssl/asn1.h
@@ -27,10 +27,10 @@
#ifndef POLARSSL_ASN1_H
#define POLARSSL_ASN1_H
-#include "polarssl/config.h"
+#include "config.h"
#if defined(POLARSSL_BIGNUM_C)
-#include "polarssl/bignum.h"
+#include "bignum.h"
#endif
#include <string.h>
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 1327c43..ea518d7 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -155,6 +155,19 @@
#define POLARSSL_FS_IO
/**
+ * \def POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
+ *
+ * Do not add default entropy sources. These are the platform specific,
+ * hardclock and HAVEGE based poll functions.
+ *
+ * This is useful to have more control over the added entropy sources in an
+ * application.
+ *
+ * Uncomment this macro to prevent loading of default entropy functions.
+#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
+ */
+
+/**
* \def POLARSSL_NO_PLATFORM_ENTROPY
*
* Do not use built-in platform entropy functions.
diff --git a/include/polarssl/entropy.h b/include/polarssl/entropy.h
index aeec8b2..53bce41 100644
--- a/include/polarssl/entropy.h
+++ b/include/polarssl/entropy.h
@@ -29,10 +29,16 @@
#include <string.h>
+#include "config.h"
+
#include "sha4.h"
+#if defined(POLARSSL_HAVEGE_C)
+#include "havege.h"
+#endif
#define POLARSSL_ERR_ENTROPY_SOURCE_FAILED -0x003C /**< Critical entropy source failure. */
#define POLARSSL_ERR_ENTROPY_MAX_SOURCES -0x003E /**< No more sources can be added. */
+#define POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED -0x0040 /**< No sources have been added to poll. */
#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
@@ -77,6 +83,9 @@
sha4_context accumulator;
int source_count;
source_state source[ENTROPY_MAX_SOURCES];
+#if defined(POLARSSL_HAVEGE_C)
+ havege_state havege_data;
+#endif
}
entropy_context;
@@ -96,7 +105,7 @@
* \param threshold Minimum required from source before entropy is released
* ( with entropy_func() )
*
- * \return 0 is successful or POLARSSL_ERR_ENTROPY_MAX_SOURCES
+ * \return 0 if successful or POLARSSL_ERR_ENTROPY_MAX_SOURCES
*/
int entropy_add_source( entropy_context *ctx,
f_source_ptr f_source, void *p_source,
diff --git a/include/polarssl/error.h b/include/polarssl/error.h
index f167a7b..78ad362 100644
--- a/include/polarssl/error.h
+++ b/include/polarssl/error.h
@@ -58,7 +58,7 @@
* DES 1 0x0032-0x0032
* NET 11 0x0040-0x0054
* CTR_DBRG 3 0x0034-0x003A
- * ENTROPY 2 0x003C-0x003E
+ * ENTROPY 3 0x003C-0x0040
* MD2 1 0x0070-0x0070
* MD4 1 0x0072-0x0072
* MD5 1 0x0074-0x0074
diff --git a/library/entropy.c b/library/entropy.c
index bc0e141..9662454 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -30,6 +30,10 @@
#include "polarssl/entropy.h"
#include "polarssl/entropy_poll.h"
+#if defined(POLARSSL_HAVEGE_C)
+#include "polarssl/havege.h"
+#endif
+
#define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */
void entropy_init( entropy_context *ctx )
@@ -37,7 +41,11 @@
memset( ctx, 0, sizeof(entropy_context) );
sha4_starts( &ctx->accumulator, 0 );
+#if defined(POLARSSL_HAVEGE_C)
+ havege_init( &ctx->havege_data );
+#endif
+#if !defined(POLARSSL_NO_DEFAULT_ENTROPY_SOURCES)
#if !defined(POLARSSL_NO_PLATFORM_ENTROPY)
entropy_add_source( ctx, platform_entropy_poll, NULL,
ENTROPY_MIN_PLATFORM );
@@ -45,6 +53,11 @@
#if defined(POLARSSL_TIMING_C)
entropy_add_source( ctx, hardclock_poll, NULL, ENTROPY_MIN_HARDCLOCK );
#endif
+#if defined(POLARSSL_HAVEGE_C)
+ entropy_add_source( ctx, havege_poll, &ctx->havege_data,
+ ENTROPY_MIN_HAVEGE );
+#endif
+#endif /* POLARSSL_NO_DEFAULT_ENTROPY_SOURCES */
}
int entropy_add_source( entropy_context *ctx,
@@ -108,6 +121,9 @@
unsigned char buf[ENTROPY_MAX_GATHER];
size_t olen;
+ if( ctx->source_count == 0 )
+ return( POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED );
+
/*
* Run through our entropy sources
*/
diff --git a/library/error.c b/library/error.c
index 05e84e7..5dcd175 100644
--- a/library/error.c
+++ b/library/error.c
@@ -436,6 +436,8 @@
snprintf( buf, buflen, "ENTROPY - Critical entropy source failure" );
if( use_ret == -(POLARSSL_ERR_ENTROPY_MAX_SOURCES) )
snprintf( buf, buflen, "ENTROPY - No more sources can be added" );
+ if( use_ret == -(POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED) )
+ snprintf( buf, buflen, "ENTROPY - No sources have been added to poll" );
#endif /* POLARSSL_ENTROPY_C */
#if defined(POLARSSL_MD2_C)
diff --git a/library/net.c b/library/net.c
index 85c4e79..9724c07 100644
--- a/library/net.c
+++ b/library/net.c
@@ -227,7 +227,8 @@
{
struct sockaddr_in client_addr;
-#if defined(__socklen_t_defined) || defined(_SOCKLEN_T)
+#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \
+ defined(_SOCKLEN_T_DECLARED)
socklen_t n = (socklen_t) sizeof( client_addr );
#else
int n = (int) sizeof( client_addr );
diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c
index fb3a340..cb46593 100644
--- a/programs/random/gen_random_ctr_drbg.c
+++ b/programs/random/gen_random_ctr_drbg.c
@@ -61,25 +61,30 @@
}
entropy_init( &entropy );
- ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (unsigned char *) "RANDOM_GEN", 10 );
+ ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (unsigned char *) "RANDOM_GEN", 10 );
+ if( ret != 0 )
+ {
+ printf( "failed in ctr_drbg_init: %d\n", ret );
+ goto cleanup;
+ }
ctr_drbg_set_prediction_resistance( &ctr_drbg, CTR_DRBG_PR_OFF );
#if defined(POLARSSL_FS_IO)
ret = ctr_drbg_update_seed_file( &ctr_drbg, "seedfile" );
- if( ret == 1 )
+ if( ret == POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR )
{
- printf("Failed to open seedfile. Generating one.\n");
+ printf( "Failed to open seedfile. Generating one.\n" );
ret = ctr_drbg_write_seed_file( &ctr_drbg, "seedfile" );
if( ret != 0 )
{
- printf("failed in ctr_drbg_write_seed_file: %d\n", ret );
+ printf( "failed in ctr_drbg_write_seed_file: %d\n", ret );
goto cleanup;
}
}
else if( ret != 0 )
{
- printf("failed in ctr_drbg_update_seed_file: %d\n", ret );
+ printf( "failed in ctr_drbg_update_seed_file: %d\n", ret );
goto cleanup;
}
#endif