Rename the 'no entropy' feature to MBEDTLS_TEST_NULL_ENTROPY
Following review and for clarity, changed the name of the feature to 'null
entropy'.
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 63f93ec..a95af6c 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -130,15 +130,14 @@
#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_TEST_WO_ENTROPY)
-#warning "MBEDTLS_TEST_WO_ENTROPY defined, this build provides no security!"
-#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
-#error "MBEDTLS_TEST_WO_ENTROPY defined, but not all prerequisites"
+#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
+ ( !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) )
+#error "MBEDTLS_TEST_NULL_ENTROPY defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \
- defined(MBEDTLS_HAVEGE_C)
-#error "MBEDTLS_TEST_WO_ENTROPY defined, but entropy sources too"
-#endif
+#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
+ ( defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \
+ defined(MBEDTLS_HAVEGE_C) )
+#error "MBEDTLS_TEST_NULL_ENTROPY defined, but entropy sources too"
#endif
#if defined(MBEDTLS_GCM_C) && ( \
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index ab351fb..1aa86bf 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -280,29 +280,21 @@
//#define MBEDTLS_AES_DECRYPT_ALT
/**
- * \def MBEDTLS_TEST_WO_ENTROPY
+ * \def MBEDTLS_TEST_NULL_ENTROPY
*
- * Enable testing mbed TLS without access to any entropy. This enables testing
- * the library before the platforms entropy sources are integrated (, see for
- * example the MBEDTLS_ENTROPY_HARDWARE_ALT or the MBEDTLS_ENTROPY_NV_SEED
- * switch).
+ * Enables testing and use of mbed TLS without any configured entropy sources.
+ * This permits use of the library on platforms before an entropy source has
+ * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
+ * MBEDTLS_ENTROPY_NV_SEED switches).
+ *
+ * WARNING! This switch MUST be disabled in production builds, and is suitable
+ * only for development.
+ * Enabling the switch negates any security provided by the library.
*
* Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
*
- * WARNING! This switch is extremely DANGEROUS, don't use it in production code
- * under any circumstances. This switch nullifies any security provided by the
- * library.
*/
-//#define MBEDTLS_TEST_WO_ENTROPY
-
-
-/**
- * \def MBEDTLS_ENTROPY_NV_SEED
- *
- * Strong software entropy source. It is not yet implemented,
- * adding it because it is mutually exclusive with MBEDTLS_TEST_WO_ENTROPY.
- */
-//#define MBEDTLS_ENTROPY_NV_SEED
+//#define MBEDTLS_TEST_NULL_ENTROPY
/**
* \def MBEDTLS_ENTROPY_HARDWARE_ALT
diff --git a/include/mbedtls/entropy_poll.h b/include/mbedtls/entropy_poll.h
index a2acc1a..d7aa88c 100644
--- a/include/mbedtls/entropy_poll.h
+++ b/include/mbedtls/entropy_poll.h
@@ -46,7 +46,7 @@
/**
* \brief Entropy poll callback that provides 0 entropy.
*/
-#if defined(MBEDTLS_TEST_WO_ENTROPY)
+#if defined(MBEDTLS_TEST_NULL_ENTROPY)
int mbedtls_zero_entropy_poll( void *data,
unsigned char *output, size_t len, size_t *olen );
#endif
diff --git a/library/entropy.c b/library/entropy.c
index 1a7b9ab..49710de 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -27,6 +27,12 @@
#if defined(MBEDTLS_ENTROPY_C)
+#if defined(MBEDTLS_TEST_NULL_ENTROPY)
+#warning "**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! ****"
+#warning "**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES ****"
+#warning "**** NOT SUITABLE FOR PRODUCTION ****"
+#endif
+
#include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h"
@@ -73,7 +79,7 @@
mbedtls_havege_init( &ctx->havege_data );
#endif
-#if defined(MBEDTLS_TEST_WO_ENTROPY)
+#if defined(MBEDTLS_TEST_NULL_ENTROPY)
mbedtls_entropy_add_source( ctx, mbedtls_zero_entropy_poll, NULL,
1, MBEDTLS_ENTROPY_SOURCE_STRONG );
#endif
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index 1ddbdc7..ed80bab 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -191,11 +191,12 @@
#endif /* _WIN32 && !EFIX64 && !EFI32 */
#endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
-#if defined(MBEDTLS_TEST_WO_ENTROPY)
+#if defined(MBEDTLS_TEST_NULL_ENTROPY)
int mbedtls_zero_entropy_poll( void *data,
unsigned char *output, size_t len, size_t *olen )
{
((void) data);
+ ((void) output);
*olen = 0;
if( len < sizeof(unsigned char) )
diff --git a/library/version_features.c b/library/version_features.c
index a00ae27..37b30a9 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -159,9 +159,9 @@
#if defined(MBEDTLS_AES_DECRYPT_ALT)
"MBEDTLS_AES_DECRYPT_ALT",
#endif /* MBEDTLS_AES_DECRYPT_ALT */
-#if defined(MBEDTLS_TEST_WO_ENTROPY)
- "MBEDTLS_TEST_WO_ENTROPY",
-#endif /* MBEDTLS_TEST_WO_ENTROPY */
+#if defined(MBEDTLS_TEST_NULL_ENTROPY)
+ "MBEDTLS_TEST_NULL_ENTROPY",
+#endif /* MBEDTLS_TEST_NULL_ENTROPY */
#if defined(MBEDTLS_ENTROPY_NV_SEED)
"MBEDTLS_ENTROPY_NV_SEED",
#endif /* MBEDTLS_ENTROPY_NV_SEED */
diff --git a/scripts/config.pl b/scripts/config.pl
index ea77821..84ec38e 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -18,7 +18,7 @@
#
# Things that shouldn't be enabled with "full".
#
-# MBEDTLS_TEST_WO_ENTROPY
+# MBEDTLS_TEST_NULL_ENTROPY
# MBEDTLS_DEPRECATED_REMOVED
# MBEDTLS_HAVE_SSE2
# MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
@@ -70,7 +70,7 @@
EOU
my @excluded = qw(
-MBEDTLS_TEST_WO_ENTROPY
+MBEDTLS_TEST_NULL_ENTROPY
MBEDTLS_DEPRECATED_REMOVED
MBEDTLS_HAVE_SSE2
MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index b9ba6c5..209c106 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -265,10 +265,10 @@
scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux
CC=gcc CFLAGS='-Werror -O0 -std=c99 -pedantic' make lib
-msg "build: default config with MBEDTLS_TEST_WO_ENTROPY (ASan build)"
+msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
-scripts/config.pl set MBEDTLS_TEST_WO_ENTROPY
+scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY
scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
scripts/config.pl set MBEDTLS_ENTROPY_C
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
@@ -277,7 +277,7 @@
CC=gcc cmake -D CMAKE_C_FLAGS:String="-fsanitize=address -fno-common -O3" .
make
-msg "test: MBEDTLS_TEST_WO_ENTROPY - main suites and selftest (ASan build)"
+msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites and selftest (ASan build)"
make test
programs/test/selftest
