From 69535198ca0db34f86185843c9538a4b2f1004b8 Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 20 Mar 2017 09:08:44 -0700 Subject: [PATCH] Fix RNG to only allow disabling HASHDRBG if CUSTOM_RAND_GENERATE_BLOCK is defined. Added support for CUSTOM_RAND_GENERATE_BLOCK with Intel RDRAND. --- wolfcrypt/src/random.c | 65 +++++++++++--------------------------- wolfssl/wolfcrypt/random.h | 11 ++++--- 2 files changed, 24 insertions(+), 52 deletions(-) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 1c45f0872..f2b6ec2da 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -79,45 +79,6 @@ int wc_RNG_GenerateByte(WC_RNG* rng, byte* b) #ifndef WC_NO_RNG /* if not FIPS and RNG is disabled then do not compile */ #include - - -/* Allow custom RNG system */ -#ifdef CUSTOM_RAND_GENERATE_BLOCK - -int wc_InitRng_ex(WC_RNG* rng, void* heap) -{ - (void)rng; - (void)heap; - return 0; -} - -int wc_InitRng(WC_RNG* rng) -{ - return wc_InitRng_ex(rng, NULL); -} - -int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) -{ - (void)rng; - XMEMSET(output, 0, sz); - return CUSTOM_RAND_GENERATE_BLOCK(output, sz); -} - - -int wc_RNG_GenerateByte(WC_RNG* rng, byte* b) -{ - return wc_RNG_GenerateBlock(rng, b, 1); -} - - -int wc_FreeRng(WC_RNG* rng) -{ - (void)rng; - return 0; -} - -#else - #include #ifdef NO_INLINE @@ -594,6 +555,11 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) } #endif +#ifdef CUSTOM_RAND_GENERATE_BLOCK + XMEMSET(output, 0, sz); + return CUSTOM_RAND_GENERATE_BLOCK(output, sz); +#endif + #ifdef HAVE_HASHDRBG if (sz > RNG_MAX_BLOCK_LEN) return BAD_FUNC_ARG; @@ -1624,15 +1590,21 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return 0; } -#elif defined(WOLFSSL_SAFERTOS) || defined(WOLFSSL_LEANPSK) \ - || defined(WOLFSSL_IAR_ARM) || defined(WOLFSSL_MDK_ARM) \ - || defined(WOLFSSL_uITRON4) || defined(WOLFSSL_uTKERNEL2) \ - || defined(WOLFSSL_LPC43xx) || defined(WOLFSSL_STM32F2xx) \ - || defined(MBED) || defined(WOLFSSL_EMBOS) \ - || defined(WOLFSSL_GENSEED_FORTEST) +#elif defined(WOLFSSL_SAFERTOS) +#elif defined(WOLFSSL_LEANPSK) +#elif defined(WOLFSSL_IAR_ARM) +#elif defined(WOLFSSL_MDK_ARM) +#elif defined(WOLFSSL_uITRON4) +#elif defined(WOLFSSL_uTKERNEL2) +#elif defined(WOLFSSL_LPC43xx) +#elif defined(WOLFSSL_STM32F2xx) +#elif defined(MBED) +#elif defined(WOLFSSL_EMBOS) +#elif defined(WOLFSSL_GENSEED_FORTEST) /* these platforms do not have a default random seed and - you need to implement your own wc_GenerateSeed */ + you'll need to implement your own wc_GenerateSeed or define via + CUSTOM_RAND_GENERATE_BLOCK */ #define USE_TEST_GENSEED @@ -1727,6 +1699,5 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) /* End wc_GenerateSeed */ -#endif /* CUSTOM_RAND_GENERATE_BLOCK */ #endif /* WC_NO_RNG */ #endif /* HAVE_FIPS */ diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index 7ab7c7d06..a4e068f1d 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -45,8 +45,9 @@ #define CUSTOM_RAND_TYPE byte #endif -/* make sure Hash DRBG is enabled, unless WC_NO_HASHDRBG is defined */ -#ifndef WC_NO_HASHDRBG +/* make sure Hash DRBG is enabled, unless WC_NO_HASHDRBG is defined + or CUSTOM_RAND_GENERATE_BLOCK is defined*/ +#if !defined(WC_NO_HASHDRBG) || !defined(CUSTOM_RAND_GENERATE_BLOCK) #undef HAVE_HASHDRBG #define HAVE_HASHDRBG #endif @@ -79,8 +80,8 @@ #error "Hash DRBG requires SHA-256." #endif /* NO_SHA256 */ #include -#elif defined(HAVE_INTEL_RDRAND) #elif defined(HAVE_WNR) + /* allow whitewood as direct RNG source using wc_GenerateSeed directly */ #else #ifndef _MSC_VER #warning "No RNG source defined. Using wc_GenerateSeed directly" @@ -169,12 +170,12 @@ WOLFSSL_API int wc_RNG_GenerateByte(WC_RNG*, byte*); WOLFSSL_API int wc_FreeRng(WC_RNG*); -#if defined(HAVE_HASHDRBG) || defined(NO_RC4) +#ifdef HAVE_HASHDRBG WOLFSSL_API int wc_RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz, const byte* entropyB, word32 entropyBSz, byte* output, word32 outputSz); -#endif /* HAVE_HASHDRBG || NO_RC4 */ +#endif /* HAVE_HASHDRBG */ #ifdef __cplusplus } /* extern "C" */