commit fb08fd2e23536bf60ab92fd87717b52edc86d1fc
author Paul Bakker <p.j.bakker@polarssl.org> Tue Aug 27 15:06:26 2013 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Tue Aug 27 15:06:54 2013 +0200
tree caae18d4a9bdc7dd458d9f1ade0b61f658140a59
parent 0a20171d520930fcc8eaad961d58cd73d28d7efe

Entropy collector and CTR-DRBG now also work on SHA-256 if SHA-512 not available

include/polarssl/config.h

diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 84b36b6..5aee165 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -1326,7 +1326,7 @@
 
 // CTR_DRBG options
 //
-#define CTR_DRBG_ENTROPY_LEN               48 /**< Amount of entropy used per seed by default */
+#define CTR_DRBG_ENTROPY_LEN               48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
 #define CTR_DRBG_RESEED_INTERVAL        10000 /**< Interval before reseed is performed by default */
 #define CTR_DRBG_MAX_INPUT                256 /**< Maximum number of additional input bytes */
 #define CTR_DRBG_MAX_REQUEST             1024 /**< Maximum number of requested bytes per call */
@@ -1382,9 +1382,18 @@
 #error "POLARSSL_ECP_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_ENTROPY_C) && !defined(POLARSSL_SHA512_C)
+#if defined(POLARSSL_ENTROPY_C) && (!defined(POLARSSL_SHA512_C) &&      \
+                                    !defined(POLARSSL_SHA256_C))
 #error "POLARSSL_ENTROPY_C defined, but not all prerequisites"
 #endif
+#if defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_SHA512_C) &&         \
+    defined(POLARSSL_CONFIG_OPTIONS) && (CTR_DRBG_ENTROPY_LEN > 64)
+#error "CTR_DRBG_ENTROPY_LEN value too high"
+#endif
+#if defined(POLARSSL_ENTROPY_C) && !defined(POLARSSL_SHA512_C) &&        \
+    defined(POLARSSL_CONFIG_OPTIONS) && (CTR_DRBG_ENTROPY_LEN > 32)
+#error "CTR_DRBG_ENTROPY_LEN value too high"
+#endif
 
 #if defined(POLARSSL_GCM_C) && !defined(POLARSSL_AES_C)
 #error "POLARSSL_GCM_C defined, but not all prerequisites"