Documentation and entropy self test changes (#610)
Ensure that the entropy self test always fails whenever
MBEDTLS_TEST_NULL_ENTROPY is defined. This is because the option is
meant to be for testing and development purposes rather than production
quality software. Also, this patch enhances the documentation for
mbedtls_entropy_source_self_test() and mbedtls_entropy_self_test().
diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h
index 19e8e72..747aca4 100644
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@@ -255,6 +255,9 @@
/**
* \brief Checkup routine
*
+ * This module self-test also calls the entropy self-test,
+ * mbedtls_entropy_source_self_test();
+ *
* \return 0 if successful, or 1 if a test failed
*/
int mbedtls_entropy_self_test( int verbose );
@@ -263,6 +266,14 @@
/**
* \brief Checkup routine
*
+ * Verifies the integrity of the hardware entropy source
+ * provided by the function 'mbedtls_hardware_poll()'.
+ *
+ * Note this is the only hardware entropy source that is known
+ * at link time, and other entropy sources configured
+ * dynamically at runtime by the function
+ * mbedtls_entropy_add_source() will not be tested.
+ *
* \return 0 if successful, or 1 if a test failed
*/
int mbedtls_entropy_source_self_test( int verbose );
diff --git a/library/entropy.c b/library/entropy.c
index 42ace55..8da5256 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -575,7 +575,7 @@
*/
int mbedtls_entropy_self_test( int verbose )
{
- int ret = 0;
+ int ret = 1;
mbedtls_entropy_context ctx;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
unsigned char acc[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
@@ -584,6 +584,7 @@
if( verbose != 0 )
mbedtls_printf( " ENTROPY test: " );
+#if !defined(MBEDTLS_TEST_NULL_ENTROPY)
mbedtls_entropy_init( &ctx );
/* First do a gather to make sure we have default sources */
@@ -631,6 +632,7 @@
cleanup:
mbedtls_entropy_free( &ctx );
+#endif /* !MBEDTLS_TEST_NULL_ENTROPY */
if( verbose != 0 )
{