From 09c32de41277b8633f4a7813b343ed7f15dc8dc9 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 31 Oct 2016 16:51:02 -0600 Subject: [PATCH 1/2] RNG : option to not use RNG --- configure.ac | 13 +++++++++++++ src/include.am | 5 ++++- wolfcrypt/benchmark/benchmark.c | 6 ++++++ wolfcrypt/src/asn.c | 1 + wolfcrypt/test/test.c | 16 +++++++++++++++- 5 files changed, 39 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 4d9203793..41750b74a 100644 --- a/configure.ac +++ b/configure.ac @@ -221,6 +221,19 @@ then fi +AC_ARG_ENABLE([norng], + [ --enable-norng Enable Test Cert (default: disabled)], + [ ENABLED_NORNG=$enableval ], + [ ENABLED_NORNG=no ] + ) + +if test "$ENABLED_NORNG" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWC_NO_RNG" +fi +AM_CONDITIONAL([BUILD_RNG], [test "x$ENABLED_NORNG" = "xno"]) + + # DTLS-SCTP AC_ARG_ENABLE([sctp], [AS_HELP_STRING([--enable-sctp],[Enable wolfSSL DTLS-SCTP support (default: disabled)])], diff --git a/src/include.am b/src/include.am index a8bb2c386..44a652021 100644 --- a/src/include.am +++ b/src/include.am @@ -61,9 +61,12 @@ endif src_libwolfssl_la_SOURCES += \ wolfcrypt/src/hmac.c \ - wolfcrypt/src/random.c \ wolfcrypt/src/hash.c +if BUILD_RNG +src_libwolfssl_la_SOURCES += wolfcrypt/src/random.c +endif + if BUILD_ARMASM src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c else diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index f01aacd79..f3bec18ec 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -224,7 +224,9 @@ void bench_ed25519KeySign(void); void bench_ntru(void); void bench_ntruKeyGen(void); #endif +#ifndef WC_NO_RNG void bench_rng(void); +#endif /* WC_NO_RNG */ double current_time(int); @@ -340,7 +342,9 @@ int benchmark_test(void *args) } #endif +#ifndef WC_NO_RNG bench_rng(); +#endif /* WC_NO_RNG */ #ifndef NO_AES #ifdef HAVE_AES_CBC bench_aes(0); @@ -503,6 +507,7 @@ enum BenchmarkBounds { static const char blockType[] = "megs"; /* used in printf output */ #endif +#ifndef WC_NO_RNG void bench_rng(void) { int ret, i; @@ -558,6 +563,7 @@ void bench_rng(void) wc_FreeRng(&rng); #endif } +#endif /* WC_NO_RNG */ #ifndef NO_AES diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 8944d33d9..b921ee30f 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -3781,6 +3781,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, WOLFSSL_MSG("Verify Key type unknown"); } + (void)digestSz; #ifdef WOLFSSL_SMALL_STACK XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index aec83b6c4..2d0e1b154 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -51,7 +51,13 @@ #include #include #include -#include + +#if defined(WC_NO_RNG) && defined(USE_FAST_MATH) + #include +#else + #include +#endif + #include #include #include @@ -195,7 +201,9 @@ int rsa_test(void); int dh_test(void); int dsa_test(void); int srp_test(void); +#ifndef WC_NO_RNG int random_test(void); +#endif /* WC_NO_RNG */ int pwdbased_test(void); int ripemd_test(void); int openssl_test(void); /* test mini api */ @@ -548,10 +556,12 @@ int wolfcrypt_test(void* args) printf( "IDEA test passed!\n"); #endif +#ifndef WC_NO_RNG if ( (ret = random_test()) != 0) return err_sys("RANDOM test failed!\n", ret); else printf( "RANDOM test passed!\n"); +#endif /* WC_NO_RNG */ #ifdef WOLFSSL_STATIC_MEMORY if ( (ret = memory_test()) != 0) @@ -3747,6 +3757,7 @@ int idea_test(void) } } +#ifndef WC_NO_RNG /* random test for CBC */ { WC_RNG rng; @@ -3814,12 +3825,14 @@ int idea_test(void) wc_FreeRng(&rng); } +#endif /* WC_NO_RNG */ return 0; } #endif /* HAVE_IDEA */ +#ifndef WC_NO_RNG static int random_rng_test(void) { WC_RNG rng; @@ -3947,6 +3960,7 @@ int random_test(void) } #endif /* (HAVE_HASHDRBG || NO_RC4) && !CUSTOM_RAND_GENERATE_BLOCK */ +#endif /* WC_NO_RNG */ #ifdef WOLFSSL_STATIC_MEMORY From 70e7e34c87174c5c7ba9cd9c58c07d8b6947e6c9 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 1 Nov 2016 10:21:29 -0600 Subject: [PATCH 2/2] RNG : change to --disable-rng, non-autoconf scenario, help msg --- configure.ac | 12 ++++++------ wolfcrypt/src/random.c | 2 ++ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/configure.ac b/configure.ac index 41750b74a..9d9afb3dd 100644 --- a/configure.ac +++ b/configure.ac @@ -221,17 +221,17 @@ then fi -AC_ARG_ENABLE([norng], - [ --enable-norng Enable Test Cert (default: disabled)], - [ ENABLED_NORNG=$enableval ], - [ ENABLED_NORNG=no ] +AC_ARG_ENABLE([rng], + [AS_HELP_STRING([ --enable-rng Enable compiling and using RNG (default: enabled)])], + [ ENABLED_RNG=$enableval ], + [ ENABLED_RNG=yes ] ) -if test "$ENABLED_NORNG" = "yes" +if test "$ENABLED_RNG" = "no" then AM_CFLAGS="$AM_CFLAGS -DWC_NO_RNG" fi -AM_CONDITIONAL([BUILD_RNG], [test "x$ENABLED_NORNG" = "xno"]) +AM_CONDITIONAL([BUILD_RNG], [test "x$ENABLED_RNG" = "xyes"]) # DTLS-SCTP diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 64198c0e9..8419fffe2 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -82,6 +82,7 @@ int wc_RNG_GenerateByte(WC_RNG* rng, byte* b) } #endif /* HAVE_HASHDRBG || NO_RC4 */ #else /* else build without fips */ +#ifndef WC_NO_RNG /* if not FIPS and RNG is disabled then do not compile */ #include /* Allow custom RNG system */ @@ -1671,5 +1672,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #endif /* USE_WINDOWS_API */ #endif /* CUSTOM_RAND_GENERATE_BLOCK */ +#endif /* WC_NO_RNG */ #endif /* HAVE_FIPS */