From 52754123d94f240e6f128098acc9aa90218d82f5 Mon Sep 17 00:00:00 2001 From: Hayden Roche Date: Wed, 22 Dec 2021 14:21:06 -0800 Subject: [PATCH] Call wc_SetSeed_Cb and wolfCrypt_SetPrivateKeyReadEnable_fips in wolfSSL_Init. Additionally, remove wc_SetSeed_Cb calls applications (e.g. example client and server), since they are now redundant. --- examples/benchmark/tls_bench.c | 3 --- examples/client/client.c | 3 --- examples/echoclient/echoclient.c | 3 --- examples/echoserver/echoserver.c | 3 --- examples/sctp/sctp-client-dtls.c | 3 --- examples/sctp/sctp-server-dtls.c | 3 --- src/ssl.c | 8 ++++++++ testsuite/testsuite.c | 7 ------- 8 files changed, 8 insertions(+), 25 deletions(-) diff --git a/examples/benchmark/tls_bench.c b/examples/benchmark/tls_bench.c index 2294cd08f..a2c2fc2bc 100644 --- a/examples/benchmark/tls_bench.c +++ b/examples/benchmark/tls_bench.c @@ -1754,9 +1754,6 @@ int bench_tls(void* args) /* Initialize wolfSSL */ wolfSSL_Init(); -#ifdef WC_RNG_SEED_CB - wc_SetSeed_Cb(wc_GenerateSeed); -#endif /* Parse command line arguments */ while ((ch = mygetopt(argc, argv, "?" "udeil:p:t:vT:sch:P:mS:g")) != -1) { diff --git a/examples/client/client.c b/examples/client/client.c index 93f3cc48c..08e2e1aa7 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -4224,9 +4224,6 @@ exit: wolfSSL_Debugging_ON(); #endif wolfSSL_Init(); -#ifdef WC_RNG_SEED_CB - wc_SetSeed_Cb(wc_GenerateSeed); -#endif ChangeToWolfRoot(); #ifndef NO_WOLFSSL_CLIENT diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c index 081477eae..6d1a234c4 100644 --- a/examples/echoclient/echoclient.c +++ b/examples/echoclient/echoclient.c @@ -385,9 +385,6 @@ void echoclient_test(void* args) #if defined(DEBUG_CYASSL) && !defined(WOLFSSL_MDK_SHELL) CyaSSL_Debugging_ON(); #endif -#ifdef WC_RNG_SEED_CB - wc_SetSeed_Cb(wc_GenerateSeed); -#endif #ifndef CYASSL_TIRTOS ChangeToWolfRoot(); #endif diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index ba3d4d42f..a133a7e78 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -546,9 +546,6 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) CyaSSL_Init(); #if defined(DEBUG_CYASSL) && !defined(CYASSL_MDK_SHELL) CyaSSL_Debugging_ON(); -#endif -#ifdef WC_RNG_SEED_CB - wc_SetSeed_Cb(wc_GenerateSeed); #endif ChangeToWolfRoot(); #ifndef NO_WOLFSSL_SERVER diff --git a/examples/sctp/sctp-client-dtls.c b/examples/sctp/sctp-client-dtls.c index 6da77e975..8022e50ed 100644 --- a/examples/sctp/sctp-client-dtls.c +++ b/examples/sctp/sctp-client-dtls.c @@ -70,9 +70,6 @@ int main() const char* response = "hello there"; char buffer[80]; -#ifdef WC_RNG_SEED_CB - wc_SetSeed_Cb(wc_GenerateSeed); -#endif WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method()); if (ctx == NULL) err_sys("ctx new dtls client failed"); diff --git a/examples/sctp/sctp-server-dtls.c b/examples/sctp/sctp-server-dtls.c index b8544c739..5d14ca872 100644 --- a/examples/sctp/sctp-server-dtls.c +++ b/examples/sctp/sctp-server-dtls.c @@ -76,9 +76,6 @@ int main() const char* response = "well hello to you"; char buffer[80]; -#ifdef WC_RNG_SEED_CB - wc_SetSeed_Cb(wc_GenerateSeed); -#endif WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()); if (ctx == NULL) err_sys("ctx new dtls server failed"); diff --git a/src/ssl.c b/src/ssl.c index 435130577..4e302d8f6 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5194,6 +5194,14 @@ int wolfSSL_Init(void) } #endif + #ifdef WC_RNG_SEED_CB + wc_SetSeed_Cb(wc_GenerateSeed); + #endif + + #if defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION == 5 + wolfCrypt_SetPrivateKeyReadEnable_fips(1, WC_KEYTYPE_ALL); + #endif + #ifdef OPENSSL_EXTRA #ifndef WOLFSSL_NO_OPENSSL_RAND_CB if ((ret == WOLFSSL_SUCCESS) && (wolfSSL_RAND_InitMutex() != 0)) { diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c index c7e2b2fd0..7583ed94a 100644 --- a/testsuite/testsuite.c +++ b/testsuite/testsuite.c @@ -133,9 +133,6 @@ int testsuite_test(int argc, char** argv) #if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND) wolfSSL_Debugging_ON(); #endif -#ifdef WC_RNG_SEED_CB - wc_SetSeed_Cb(wc_GenerateSeed); -#endif #if !defined(WOLFSSL_TIRTOS) ChangeToWolfRoot(); @@ -603,10 +600,6 @@ int main(int argc, char** argv) wolfcrypt_test_args.argc = argc; wolfcrypt_test_args.argv = argv; -#ifdef WC_RNG_SEED_CB - wc_SetSeed_Cb(wc_GenerateSeed); -#endif - wolfSSL_Init(); ChangeToWolfRoot();