Merge branch 'null-entropy' into development
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index b36e27b..a95af6c 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -130,6 +130,16 @@
#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
+ ( !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) )
+#error "MBEDTLS_TEST_NULL_ENTROPY defined, but not all prerequisites"
+#endif
+#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
+ ( defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \
+ defined(MBEDTLS_HAVEGE_C) )
+#error "MBEDTLS_TEST_NULL_ENTROPY defined, but entropy sources too"
+#endif
+
#if defined(MBEDTLS_GCM_C) && ( \
!defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) )
#error "MBEDTLS_GCM_C defined, but not all prerequisites"
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 8b6de1b..1aa86bf 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -280,6 +280,23 @@
//#define MBEDTLS_AES_DECRYPT_ALT
/**
+ * \def MBEDTLS_TEST_NULL_ENTROPY
+ *
+ * Enables testing and use of mbed TLS without any configured entropy sources.
+ * This permits use of the library on platforms before an entropy source has
+ * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
+ * MBEDTLS_ENTROPY_NV_SEED switches).
+ *
+ * WARNING! This switch MUST be disabled in production builds, and is suitable
+ * only for development.
+ * Enabling the switch negates any security provided by the library.
+ *
+ * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+ *
+ */
+//#define MBEDTLS_TEST_NULL_ENTROPY
+
+/**
* \def MBEDTLS_ENTROPY_HARDWARE_ALT
*
* Uncomment this macro to let mbed TLS use your own implementation of a
diff --git a/include/mbedtls/entropy_poll.h b/include/mbedtls/entropy_poll.h
index 123f09c..430e865 100644
--- a/include/mbedtls/entropy_poll.h
+++ b/include/mbedtls/entropy_poll.h
@@ -43,6 +43,14 @@
#define MBEDTLS_ENTROPY_MIN_HARDCLOCK 4 /**< Minimum for mbedtls_timing_hardclock() */
#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Minimum for the hardware source */
+/**
+ * \brief Entropy poll callback that provides 0 entropy.
+ */
+#if defined(MBEDTLS_TEST_NULL_ENTROPY)
+ int mbedtls_null_entropy_poll( void *data,
+ unsigned char *output, size_t len, size_t *olen );
+#endif
+
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
/**
* \brief Platform-specific entropy poll callback
diff --git a/library/entropy.c b/library/entropy.c
index dc2a00c..282640f 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -27,6 +27,12 @@
#if defined(MBEDTLS_ENTROPY_C)
+#if defined(MBEDTLS_TEST_NULL_ENTROPY)
+#warning "**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! ****"
+#warning "**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES ****"
+#warning "**** NOT SUITABLE FOR PRODUCTION ****"
+#endif
+
#include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h"
@@ -73,6 +79,11 @@
mbedtls_havege_init( &ctx->havege_data );
#endif
+#if defined(MBEDTLS_TEST_NULL_ENTROPY)
+ mbedtls_entropy_add_source( ctx, mbedtls_null_entropy_poll, NULL,
+ 1, MBEDTLS_ENTROPY_SOURCE_STRONG );
+#endif
+
#if !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
mbedtls_entropy_add_source( ctx, mbedtls_platform_entropy_poll, NULL,
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index fcb7d8b..a116e60 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -191,6 +191,23 @@
#endif /* _WIN32 && !EFIX64 && !EFI32 */
#endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
+#if defined(MBEDTLS_TEST_NULL_ENTROPY)
+int mbedtls_null_entropy_poll( void *data,
+ unsigned char *output, size_t len, size_t *olen )
+{
+ ((void) data);
+ ((void) output);
+ *olen = 0;
+
+ if( len < sizeof(unsigned char) )
+ return( 0 );
+
+ *olen = sizeof(unsigned char);
+
+ return( 0 );
+}
+#endif
+
#if defined(MBEDTLS_TIMING_C)
int mbedtls_hardclock_poll( void *data,
unsigned char *output, size_t len, size_t *olen )
diff --git a/library/version_features.c b/library/version_features.c
index a9b1c53..37b30a9 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -159,6 +159,12 @@
#if defined(MBEDTLS_AES_DECRYPT_ALT)
"MBEDTLS_AES_DECRYPT_ALT",
#endif /* MBEDTLS_AES_DECRYPT_ALT */
+#if defined(MBEDTLS_TEST_NULL_ENTROPY)
+ "MBEDTLS_TEST_NULL_ENTROPY",
+#endif /* MBEDTLS_TEST_NULL_ENTROPY */
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+ "MBEDTLS_ENTROPY_NV_SEED",
+#endif /* MBEDTLS_ENTROPY_NV_SEED */
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
"MBEDTLS_ENTROPY_HARDWARE_ALT",
#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
diff --git a/scripts/config.pl b/scripts/config.pl
index a6dcfe7..84ec38e 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -18,6 +18,7 @@
#
# Things that shouldn't be enabled with "full".
#
+# MBEDTLS_TEST_NULL_ENTROPY
# MBEDTLS_DEPRECATED_REMOVED
# MBEDTLS_HAVE_SSE2
# MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
@@ -69,6 +70,7 @@
EOU
my @excluded = qw(
+MBEDTLS_TEST_NULL_ENTROPY
MBEDTLS_DEPRECATED_REMOVED
MBEDTLS_HAVE_SSE2
MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 5ecf868..209c106 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -265,6 +265,22 @@
scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux
CC=gcc CFLAGS='-Werror -O0 -std=c99 -pedantic' make lib
+msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)"
+cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
+scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY
+scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+scripts/config.pl set MBEDTLS_ENTROPY_C
+scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
+scripts/config.pl unset MBEDTLS_ENTROPY_HARDWARE_ALT
+scripts/config.pl unset MBEDTLS_HAVEGE_C
+CC=gcc cmake -D CMAKE_C_FLAGS:String="-fsanitize=address -fno-common -O3" .
+make
+
+msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites and selftest (ASan build)"
+make test
+programs/test/selftest
+
if uname -a | grep -F Linux >/dev/null; then
msg "build/test: make shared" # ~ 40s
cleanup