Fix RNG to only allow disabling HASHDRBG if CUSTOM_RAND_GENERATE_BLOCK is defined. Added support for CUSTOM_RAND_GENERATE_BLOCK with Intel RDRAND.

wolfcrypt/src/random.c

@@ -79,45 +79,6 @@ int  wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
 #ifndef WC_NO_RNG /* if not FIPS and RNG is disabled then do not compile */
 
 #include <wolfssl/wolfcrypt/error-crypt.h>
-
-
-/* Allow custom RNG system */
-#ifdef CUSTOM_RAND_GENERATE_BLOCK
-
-int wc_InitRng_ex(WC_RNG* rng, void* heap)
-{
-    (void)rng;
-    (void)heap;
-    return 0;
-}
-
-int wc_InitRng(WC_RNG* rng)
-{
-    return wc_InitRng_ex(rng, NULL);
-}
-
-int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
-{
-    (void)rng;
-    XMEMSET(output, 0, sz);
-    return CUSTOM_RAND_GENERATE_BLOCK(output, sz);
-}
-
-
-int wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
-{
-    return wc_RNG_GenerateBlock(rng, b, 1);
-}
-
-
-int wc_FreeRng(WC_RNG* rng)
-{
-    (void)rng;
-    return 0;
-}
-
-#else
-
 #include <wolfssl/wolfcrypt/sha256.h>
 
 #ifdef NO_INLINE
@@ -594,6 +555,11 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
     }
 #endif
 
+#ifdef CUSTOM_RAND_GENERATE_BLOCK
+    XMEMSET(output, 0, sz);
+    return CUSTOM_RAND_GENERATE_BLOCK(output, sz);
+#endif
+
 #ifdef HAVE_HASHDRBG
     if (sz > RNG_MAX_BLOCK_LEN)
         return BAD_FUNC_ARG;
@@ -1624,15 +1590,21 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         return 0;
     }
 
-#elif defined(WOLFSSL_SAFERTOS) || defined(WOLFSSL_LEANPSK) \
+#elif defined(WOLFSSL_SAFERTOS)
-    || defined(WOLFSSL_IAR_ARM)  || defined(WOLFSSL_MDK_ARM) \
+#elif defined(WOLFSSL_LEANPSK)
-    || defined(WOLFSSL_uITRON4)  || defined(WOLFSSL_uTKERNEL2) \
+#elif defined(WOLFSSL_IAR_ARM)
-    || defined(WOLFSSL_LPC43xx) || defined(WOLFSSL_STM32F2xx) \
+#elif defined(WOLFSSL_MDK_ARM)
-    || defined(MBED) || defined(WOLFSSL_EMBOS) \
+#elif defined(WOLFSSL_uITRON4)
-    || defined(WOLFSSL_GENSEED_FORTEST)
+#elif defined(WOLFSSL_uTKERNEL2)
+#elif defined(WOLFSSL_LPC43xx)
+#elif defined(WOLFSSL_STM32F2xx)
+#elif defined(MBED)
+#elif defined(WOLFSSL_EMBOS)
+#elif defined(WOLFSSL_GENSEED_FORTEST)
 
     /* these platforms do not have a default random seed and
-       you need to implement your own wc_GenerateSeed */
+       you'll need to implement your own wc_GenerateSeed or define via
+       CUSTOM_RAND_GENERATE_BLOCK */
 
     #define USE_TEST_GENSEED
 
@@ -1727,6 +1699,5 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 
 /* End wc_GenerateSeed */
 
-#endif /* CUSTOM_RAND_GENERATE_BLOCK */
 #endif /* WC_NO_RNG */
 #endif /* HAVE_FIPS */

wolfssl/wolfcrypt/random.h

@@ -45,8 +45,9 @@
     #define CUSTOM_RAND_TYPE    byte
 #endif
 
-/* make sure Hash DRBG is enabled, unless WC_NO_HASHDRBG is defined */
+/* make sure Hash DRBG is enabled, unless WC_NO_HASHDRBG is defined
-#ifndef WC_NO_HASHDRBG
+    or CUSTOM_RAND_GENERATE_BLOCK is defined*/
+#if !defined(WC_NO_HASHDRBG) || !defined(CUSTOM_RAND_GENERATE_BLOCK)
     #undef  HAVE_HASHDRBG
     #define HAVE_HASHDRBG
 #endif
@@ -79,8 +80,8 @@
         #error "Hash DRBG requires SHA-256."
     #endif /* NO_SHA256 */
     #include <wolfssl/wolfcrypt/sha256.h>
-#elif defined(HAVE_INTEL_RDRAND)
 #elif defined(HAVE_WNR)
+     /* allow whitewood as direct RNG source using wc_GenerateSeed directly */
 #else
     #ifndef _MSC_VER
         #warning "No RNG source defined. Using wc_GenerateSeed directly"
@@ -169,12 +170,12 @@ WOLFSSL_API int  wc_RNG_GenerateByte(WC_RNG*, byte*);
 WOLFSSL_API int  wc_FreeRng(WC_RNG*);
 
 
-#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
+#ifdef HAVE_HASHDRBG
     WOLFSSL_API int wc_RNG_HealthTest(int reseed,
                                         const byte* entropyA, word32 entropyASz,
                                         const byte* entropyB, word32 entropyBSz,
                                         byte* output, word32 outputSz);
-#endif /* HAVE_HASHDRBG || NO_RC4 */
+#endif /* HAVE_HASHDRBG */
 
 #ifdef __cplusplus
     } /* extern "C" */