Fix entropy thresholds

2025-10-30 19:20:40 -04:00 · 2015-06-19 09:40:51 +02:00 · 2015-06-19 09:40:51 +02:00 · bf82ff0209
commit bf82ff0209
parent 60c793bdc9
3 changed files with 12 additions and 13 deletions
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@ -107,8 +107,8 @@ typedef struct
 {
    mbedtls_entropy_f_source_ptr    f_source;   /**< The entropy source callback */
    void *          p_source;   /**< The callback data pointer */
-    size_t          size;       /**< Amount received */
-    size_t          threshold;  /**< Minimum level required before release */
+    size_t          size;       /**< Amount received in bytes */
+    size_t          threshold;  /**< Minimum bytes required before release */
 }
 mbedtls_entropy_source_state;

@ -155,7 +155,7 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx );
 * \param f_source  Entropy function
 * \param p_source  Function data
 * \param threshold Minimum required from source before entropy is released
- *                  ( with mbedtls_entropy_func() )
+ *                  ( with mbedtls_entropy_func() ) (in bytes)
 *
 * \return          0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES
 */
--- a/include/mbedtls/entropy_poll.h
+++ b/include/mbedtls/entropy_poll.h
@ -37,11 +37,11 @@ extern "C" {
 #endif

 /*
- * Default thresholds for built-in sources
+ * Default thresholds for built-in sources, in bytes
 */
-#define MBEDTLS_ENTROPY_MIN_PLATFORM    128     /**< Minimum for platform source    */
-#define MBEDTLS_ENTROPY_MIN_HAVEGE      128     /**< Minimum for HAVEGE             */
-#define MBEDTLS_ENTROPY_MIN_HARDCLOCK    32     /**< Minimum for mbedtls_timing_hardclock()        */
+#define MBEDTLS_ENTROPY_MIN_PLATFORM     32     /**< Minimum for platform source    */
+#define MBEDTLS_ENTROPY_MIN_HAVEGE       32     /**< Minimum for HAVEGE             */
+#define MBEDTLS_ENTROPY_MIN_HARDCLOCK     4     /**< Minimum for mbedtls_timing_hardclock()        */

 #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
 /**
--- a/library/entropy.c
+++ b/library/entropy.c
@ -250,7 +250,7 @@ int mbedtls_entropy_gather( mbedtls_entropy_context *ctx )

 int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
 {
-    int ret, count = 0, i, reached;
+    int ret, count = 0, i, done;
    mbedtls_entropy_context *ctx = (mbedtls_entropy_context *) data;
    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];

@ -276,13 +276,12 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
        if( ( ret = entropy_gather_internal( ctx ) ) != 0 )
            goto exit;

-        reached = 0;
-
+        done = 1;
        for( i = 0; i < ctx->source_count; i++ )
-            if( ctx->source[i].size >= ctx->source[i].threshold )
-                reached++;
+            if( ctx->source[i].size < ctx->source[i].threshold )
+                done = 0;
    }
-    while( reached != ctx->source_count );
+    while( ! done );

    memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );