Flag out entropy source addition (ARMmbed#53)

Middleware components are not allowed to add strong entropy sources. Preprocessor directive is used as some old applications might rely on having strong entropy source in coap-service.
hasnainvirk · Dec 14, 2016 · eea83e5 · eea83e5
1 parent 7d72eb4
commit eea83e5
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/source/coap_security_handler.c b/source/coap_security_handler.c
@@ -75,12 +75,19 @@ static int get_timer( void *sec_obj );
 static int coap_security_handler_configure_keys( coap_security_t *sec, coap_security_keys_t keys );
 
 int entropy_poll( void *data, unsigned char *output, size_t len, size_t *olen );
+
 //Point these back to M2MConnectionHandler!!!
 int f_send( void *ctx, const unsigned char *buf, size_t len );
 int f_recv(void *ctx, unsigned char *buf, size_t len);
 
 static int coap_security_handler_init(coap_security_t *sec){
     const char *pers = "dtls_client";
+#ifdef COAP_SERVICE_PROVIDE_STRONG_ENTROPY_SOURCE
+    const int entropy_source_type = MBEDTLS_ENTROPY_SOURCE_STRONG;
+#else
+    const int entropy_source_type = MBEDTLS_ENTROPY_SOURCE_WEAK;
+#endif
+
     mbedtls_ssl_init( &sec->_ssl );
     mbedtls_ssl_config_init( &sec->_conf );
     mbedtls_ctr_drbg_init( &sec->_ctr_drbg );
@@ -97,10 +104,8 @@ static int coap_security_handler_init(coap_security_t *sec){
 
     sec->_is_started = false;
 
-    //TODO: Must have at least 1 strong entropy source, otherwise DTLS will fail.
-    //This is NOT strong even we say it is!
     if( mbedtls_entropy_add_source( &sec->_entropy, entropy_poll, NULL,
-                                128, 1 ) < 0 ){
+                                128, entropy_source_type ) < 0 ){
         return -1;
     }