wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 12:44:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1833 from dgarske/norng_fixes

Browse Source 
Fixes for building without RNG enabled
This commit is contained in:
Chris Conlon
2018-09-18 14:52:21 -06:00
committed by GitHub
parent d05423af7e 4981480215
commit 085daa78cd
9 changed files with 60 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
configure.ac
View File

@@ -578,7 +578,11 @@ AC_ARG_ENABLE([harden],
if test "$ENABLED_HARDEN" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT -DWC_RSA_BLINDING"
AM_CFLAGS="$AM_CFLAGS -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT"
if test "$ENABLED_RNG" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_BLINDING"
fi
else
AM_CFLAGS="$AM_CFLAGS -DWC_NO_HARDEN"
fi

1
examples/client/client.c
View File

@@ -510,6 +510,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
else {
err_sys("wc_InitRng failed");
}
(void)rng; /* for WC_NO_RNG case */
}
else {
err_sys("Client buffer malloc failed");

15
src/ssl.c
View File

@@ -95,7 +95,6 @@
#if defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) \
&& !defined(WC_NO_RNG)
#include <wolfssl/wolfcrypt/srp.h>
#include <wolfssl/wolfcrypt/random.h>
#endif
#endif
@@ -21845,11 +21844,6 @@ int wolfSSL_RAND_write_file(const char* fname)
#include <sys/un.h>
#endif
/* at compile time check for HASH DRBG and throw warning if not found */
#ifndef HAVE_HASHDRBG
#warning HAVE_HASHDRBG is needed for wolfSSL_RAND_egd to seed
#endif
/* This collects entropy from the path nm and seeds the global PRNG with it.
* Makes a call to wolfSSL_RAND_Init which is not thread safe.
*
@@ -21859,7 +21853,8 @@ int wolfSSL_RAND_write_file(const char* fname)
*/
int wolfSSL_RAND_egd(const char* nm)
{
#if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) && !defined(HAVE_FIPS)
#if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) && !defined(HAVE_FIPS) && \
defined(HAVE_HASHDRBG)
struct sockaddr_un rem;
int fd;
int ret = WOLFSSL_SUCCESS;
@@ -21993,13 +21988,13 @@ int wolfSSL_RAND_egd(const char* nm)
else {
return ret;
}
#else /* defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) && !HAVE_FIPS */
#else
WOLFSSL_MSG("Type of socket needed is not available");
WOLFSSL_MSG("\tor using FIPS mode where RNG API is not available");
WOLFSSL_MSG("\tor using mode where DRBG API is not available");
(void)nm;
return WOLFSSL_FATAL_ERROR;
#endif /* defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) */
#endif /* USE_WOLFSSL_IO && !USE_WINDOWS_API && !HAVE_FIPS && HAVE_HASHDRBG */
}
#endif /* !FREERTOS_TCP */

47
tests/api.c
View File

@@ -12773,7 +12773,7 @@ static int test_wc_ecc_make_key (void)
{
int ret = 0;
#if defined(HAVE_ECC)
#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
WC_RNG rng;
ecc_key key;
@@ -12853,7 +12853,7 @@ static int test_wc_ecc_check_key (void)
{
int ret = 0;
#if defined(HAVE_ECC)
#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
WC_RNG rng;
ecc_key key;
@@ -12900,7 +12900,7 @@ static int test_wc_ecc_size (void)
{
int ret = 0;
#if defined(HAVE_ECC)
#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
WC_RNG rng;
ecc_key key;
@@ -12946,7 +12946,7 @@ static int test_wc_ecc_signVerify_hash (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && !defined(NO_ASN)
#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && !defined(NO_ASN) && !defined(WC_NO_RNG)
WC_RNG rng;
ecc_key key;
int signH = WOLFSSL_FATAL_ERROR;
@@ -13056,7 +13056,7 @@ static int test_wc_ecc_shared_secret (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE)
#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
ecc_key key, pubKey;
WC_RNG rng;
int keySz = KEY16;
@@ -13123,7 +13123,7 @@ static int test_wc_ecc_export_x963 (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
ecc_key key;
WC_RNG rng;
byte out[ECC_ASN963_MAX_BUF_SZ];
@@ -13185,7 +13185,7 @@ static int test_wc_ecc_export_x963_ex (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
ecc_key key;
WC_RNG rng;
byte out[ECC_ASN963_MAX_BUF_SZ];
@@ -13284,7 +13284,7 @@ static int test_wc_ecc_import_x963 (void)
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \
defined(HAVE_ECC_KEY_EXPORT)
defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
ecc_key pubKey, key;
WC_RNG rng;
byte x963[ECC_ASN963_MAX_BUF_SZ];
@@ -13348,7 +13348,7 @@ static int ecc_import_private_key (void)
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \
defined(HAVE_ECC_KEY_EXPORT)
defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
ecc_key key, keyImp;
WC_RNG rng;
byte privKey[ECC_PRIV_KEY_BUF]; /* Raw private key.*/
@@ -13419,7 +13419,7 @@ static int test_wc_ecc_export_private_only (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
ecc_key key;
WC_RNG rng;
byte out[ECC_PRIV_KEY_BUF];
@@ -13616,7 +13616,7 @@ static int test_wc_ecc_sig_size (void)
{
int ret = 0;
#ifdef HAVE_ECC
#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
ecc_key key;
WC_RNG rng;
int keySz = KEY16;
@@ -13657,7 +13657,7 @@ static int test_wc_ecc_ctx_new (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT)
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
WC_RNG rng;
ecEncCtx* cli = NULL;
ecEncCtx* srv = NULL;
@@ -13708,7 +13708,7 @@ static int test_wc_ecc_ctx_reset (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT)
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
ecEncCtx* ctx = NULL;
WC_RNG rng;
@@ -13757,7 +13757,7 @@ static int test_wc_ecc_ctx_set_peer_salt (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT)
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
WC_RNG rng;
ecEncCtx* cliCtx = NULL;
ecEncCtx* servCtx = NULL;
@@ -13829,7 +13829,7 @@ static int test_wc_ecc_ctx_set_info (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT)
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
ecEncCtx* ctx = NULL;
WC_RNG rng;
const char* optInfo = "Optional Test Info.";
@@ -13881,7 +13881,8 @@ static int test_wc_ecc_encryptDecrypt (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128)
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128) \
&& !defined(WC_NO_RNG)
ecc_key srvKey, cliKey;
WC_RNG rng;
const char* msg = "EccBlock Size 16";
@@ -14026,7 +14027,7 @@ static int test_wc_ecc_pointFns (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
ecc_key key;
WC_RNG rng;
ecc_point* point = NULL;
@@ -14200,7 +14201,7 @@ static int test_wc_ecc_shared_secret_ssh (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE)
#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
ecc_key key, key2;
WC_RNG rng;
int keySz = KEY32;
@@ -14282,7 +14283,8 @@ static int test_wc_ecc_verify_hash_ex (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && defined(WOLFSSL_PUBLIC_MP)
#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && defined(WOLFSSL_PUBLIC_MP) \
&& !defined(WC_NO_RNG)
ecc_key key;
WC_RNG rng;
mp_int r;
@@ -14411,7 +14413,7 @@ static int test_wc_ecc_mulmod (void)
{
int ret = 0;
#if defined(HAVE_ECC) && \
#if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
!(defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_VALIDATE_ECC_IMPORT))
ecc_key key1, key2, key3;
WC_RNG rng;
@@ -14492,7 +14494,7 @@ static int test_wc_ecc_is_valid_idx (void)
{
int ret = 0;
#if defined(HAVE_ECC)
#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
ecc_key key;
WC_RNG rng;
int iVal = -2;
@@ -20897,6 +20899,9 @@ static int test_wc_RNG_GenerateBlock(void)
wc_FreeRng(&rng);
(void)rng; /* for WC_NO_RNG case */
(void)key;
return ret;
}
#endif

7
wolfcrypt/src/asn.c
View File

@@ -2690,6 +2690,9 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
(void)curveOID;
(void)oidSz;
(void)tmpIdx;
(void)keySz;
(void)heap;
return 1;
}
@@ -2927,6 +2930,8 @@ int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz,
sz = SetSequence(totalSz, out);
XMEMMOVE(out + sz, out + MAX_SEQ_SZ, totalSz);
(void)rng;
return totalSz + sz;
}
@@ -3275,6 +3280,8 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
(void)rng;
return totalSz;
}

6
wolfcrypt/src/rsa.c
View File

@@ -957,9 +957,9 @@ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
{
int ret;
#ifndef WC_NO_RNG
switch (padType)
{
#ifndef WC_NO_RNG
case WC_RSA_PKCSV15_PAD:
/*WOLFSSL_MSG("wolfSSL Using RSA PKCSV15 padding");*/
ret = RsaPad(input, inputLen, pkcsBlock, pkcsBlockLen,
@@ -981,6 +981,7 @@ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
hType, mgf, saltLen, bits, heap);
break;
#endif
#endif /* !WC_NO_RNG */
#ifdef WC_RSA_NO_PADDING
case WC_RSA_NO_PAD:
@@ -1003,9 +1004,6 @@ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
WOLFSSL_MSG("Unknown RSA Pad Type");
ret = RSA_PAD_E;
}
#else
ret = NOT_COMPILED_IN;
#endif
/* silence warning if not used with padding scheme */
(void)input;

7
wolfssl/test.h
View File

@@ -2858,6 +2858,7 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
tempfn[len] = '\0';
wc_FreeRng(&rng);
(void)rng; /* for WC_NO_RNG case */
return tempfn;
}
@@ -2969,10 +2970,12 @@ static WC_INLINE word16 GetRandomPort(void)
/* Generate random port for testing */
WC_RNG rng;
if (wc_InitRng(&rng) == 0) {
wc_RNG_GenerateBlock(&rng, (byte*)&port, sizeof(port));
port |= 0xC000; /* Make sure its in the 49152 - 65535 range */
if (wc_RNG_GenerateBlock(&rng, (byte*)&port, sizeof(port)) == 0) {
port |= 0xC000; /* Make sure its in the 49152 - 65535 range */
}
wc_FreeRng(&rng);
}
(void)rng; /* for WC_NO_RNG case */
return port;
}

11
wolfssl/wolfcrypt/random.h
View File

@@ -66,8 +66,8 @@
#endif
/* make sure Hash DRBG is enabled, unless WC_NO_HASHDRBG is defined
or CUSTOM_RAND_GENERATE_BLOCK is defined*/
#if !defined(WC_NO_HASHDRBG) || !defined(CUSTOM_RAND_GENERATE_BLOCK)
or CUSTOM_RAND_GENERATE_BLOCK is defined */
#if !defined(WC_NO_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
#undef HAVE_HASHDRBG
#define HAVE_HASHDRBG
#ifndef WC_RESEED_INTERVAL
@@ -106,7 +106,9 @@
#include <wolfssl/wolfcrypt/sha256.h>
#elif defined(HAVE_WNR)
/* allow whitewood as direct RNG source using wc_GenerateSeed directly */
#else
#elif defined(HAVE_INTEL_RDRAND)
/* Intel RDRAND or RDSEED */
#elif !defined(WC_NO_RNG)
#error No RNG source defined!
#endif
@@ -188,13 +190,14 @@ WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG*, byte*, word32 sz);
WOLFSSL_API int wc_RNG_GenerateByte(WC_RNG*, byte*);
WOLFSSL_API int wc_FreeRng(WC_RNG*);
#else
#include <wolfssl/wolfcrypt/error-crypt.h>
#define wc_InitRng(rng) NOT_COMPILED_IN
#define wc_InitRng_ex(rng, h, d) NOT_COMPILED_IN
#define wc_InitRngNonce(rng, n, s) NOT_COMPILED_IN
#define wc_InitRngNonce_ex(rng, n, s, h, d) NOT_COMPILED_IN
#define wc_RNG_GenerateBlock(rng, b, s) NOT_COMPILED_IN
#define wc_RNG_GenerateByte(rng, b) NOT_COMPILED_IN
#define wc_FreeRng(rng) NOT_COMPILED_IN
#define wc_FreeRng(rng) (void)NOT_COMPILED_IN
#endif

3
wolfssl/wolfcrypt/settings.h
View File

@@ -1743,7 +1743,8 @@ extern void uITRON4_free(void *p) ;
#ifndef WC_NO_HARDEN
#if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \
(defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \
(!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS))
(!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) && \
!defined(WC_NO_RNG))
#ifndef _MSC_VER
#warning "For timing resistance / side-channel attack prevention consider using harden options"