Entropy collector and CTR-DRBG now also work on SHA-256 if SHA-512 not available
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 84b36b6..5aee165 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -1326,7 +1326,7 @@
// CTR_DRBG options
//
-#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default */
+#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
#define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
@@ -1382,9 +1382,18 @@
#error "POLARSSL_ECP_C defined, but not all prerequisites"
#endif
-#if defined(POLARSSL_ENTROPY_C) && !defined(POLARSSL_SHA512_C)
+#if defined(POLARSSL_ENTROPY_C) && (!defined(POLARSSL_SHA512_C) && \
+ !defined(POLARSSL_SHA256_C))
#error "POLARSSL_ENTROPY_C defined, but not all prerequisites"
#endif
+#if defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_SHA512_C) && \
+ defined(POLARSSL_CONFIG_OPTIONS) && (CTR_DRBG_ENTROPY_LEN > 64)
+#error "CTR_DRBG_ENTROPY_LEN value too high"
+#endif
+#if defined(POLARSSL_ENTROPY_C) && !defined(POLARSSL_SHA512_C) && \
+ defined(POLARSSL_CONFIG_OPTIONS) && (CTR_DRBG_ENTROPY_LEN > 32)
+#error "CTR_DRBG_ENTROPY_LEN value too high"
+#endif
#if defined(POLARSSL_GCM_C) && !defined(POLARSSL_AES_C)
#error "POLARSSL_GCM_C defined, but not all prerequisites"
diff --git a/include/polarssl/ctr_drbg.h b/include/polarssl/ctr_drbg.h
index b47d389..4c0fc17 100644
--- a/include/polarssl/ctr_drbg.h
+++ b/include/polarssl/ctr_drbg.h
@@ -43,7 +43,11 @@
/**< The seed length (counter + AES key) */
#if !defined(POLARSSL_CONFIG_OPTIONS)
-#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default */
+#if defined(POLARSSL_SHA512_C)
+#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+#else
+#define CTR_DRBG_ENTROPY_LEN 32 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+#endif
#define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
diff --git a/include/polarssl/entropy.h b/include/polarssl/entropy.h
index 69d5b3b..ea27848 100644
--- a/include/polarssl/entropy.h
+++ b/include/polarssl/entropy.h
@@ -31,7 +31,16 @@
#include "config.h"
+#if defined(POLARSSL_SHA512_C)
#include "sha512.h"
+#define POLARSSL_ENTROPY_SHA512_ACCUMULATOR
+#else
+#if defined(POLARSSL_SHA256_C)
+#define POLARSSL_ENTROPY_SHA256_ACCUMULATOR
+#include "sha256.h"
+#endif
+#endif
+
#if defined(POLARSSL_HAVEGE_C)
#include "havege.h"
#endif
@@ -45,7 +54,11 @@
#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
#endif /* !POLARSSL_CONFIG_OPTIONS */
+#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
#define ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */
+#else
+#define ENTROPY_BLOCK_SIZE 32 /**< Block size of entropy accumulator (SHA-256) */
+#endif
#define ENTROPY_SOURCE_MANUAL ENTROPY_MAX_SOURCES
@@ -83,7 +96,11 @@
*/
typedef struct
{
+#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
sha512_context accumulator;
+#else
+ sha256_context accumulator;
+#endif
int source_count;
source_state source[ENTROPY_MAX_SOURCES];
#if defined(POLARSSL_HAVEGE_C)
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index bf6b10c..8383b7f 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -439,7 +439,9 @@
md5_context fin_md5;
sha1_context fin_sha1;
sha256_context fin_sha256;
+#if defined(POLARSSL_SHA512_C)
sha512_context fin_sha512;
+#endif
void (*update_checksum)(ssl_context *, const unsigned char *, size_t);
void (*calc_verify)(ssl_context *, unsigned char *);