wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-05 21:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1833 from dgarske/norng_fixes

Browse Source 
Fixes for building without RNG enabled
This commit is contained in:
Chris Conlon
2018-09-18 14:52:21 -06:00
committed by GitHub
parent d05423af7e 4981480215
commit 085daa78cd
9 changed files with 60 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
configure.ac
View File

@@ -578,7 +578,11 @@ AC_ARG_ENABLE([harden],
if test "$ENABLED_HARDEN" = "yes" if test "$ENABLED_HARDEN" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT -DWC_RSA_BLINDING" AM_CFLAGS="$AM_CFLAGS -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT"
if test "$ENABLED_RNG" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_BLINDING"
fi
else else
AM_CFLAGS="$AM_CFLAGS -DWC_NO_HARDEN" AM_CFLAGS="$AM_CFLAGS -DWC_NO_HARDEN"
fi fi

1
examples/client/client.c
View File

@@ -510,6 +510,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
else { else {
err_sys("wc_InitRng failed"); err_sys("wc_InitRng failed");
} }
(void)rng; /* for WC_NO_RNG case */
} }
else { else {
err_sys("Client buffer malloc failed"); err_sys("Client buffer malloc failed");

15
src/ssl.c
View File

@@ -95,7 +95,6 @@
#if defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) \ #if defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) \
&& !defined(WC_NO_RNG) && !defined(WC_NO_RNG)
#include <wolfssl/wolfcrypt/srp.h> #include <wolfssl/wolfcrypt/srp.h>
#include <wolfssl/wolfcrypt/random.h>
#endif #endif
#endif #endif
@@ -21845,11 +21844,6 @@ int wolfSSL_RAND_write_file(const char* fname)
#include <sys/un.h> #include <sys/un.h>
#endif #endif
/* at compile time check for HASH DRBG and throw warning if not found */
#ifndef HAVE_HASHDRBG
#warning HAVE_HASHDRBG is needed for wolfSSL_RAND_egd to seed
#endif
/* This collects entropy from the path nm and seeds the global PRNG with it. /* This collects entropy from the path nm and seeds the global PRNG with it.
* Makes a call to wolfSSL_RAND_Init which is not thread safe. * Makes a call to wolfSSL_RAND_Init which is not thread safe.
* *
@@ -21859,7 +21853,8 @@ int wolfSSL_RAND_write_file(const char* fname)
*/ */
int wolfSSL_RAND_egd(const char* nm) int wolfSSL_RAND_egd(const char* nm)
{ {
#if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) && !defined(HAVE_FIPS) #if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) && !defined(HAVE_FIPS) && \
defined(HAVE_HASHDRBG)
struct sockaddr_un rem; struct sockaddr_un rem;
int fd; int fd;
int ret = WOLFSSL_SUCCESS; int ret = WOLFSSL_SUCCESS;
@@ -21993,13 +21988,13 @@ int wolfSSL_RAND_egd(const char* nm)
else { else {
return ret; return ret;
} }
#else /* defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) && !HAVE_FIPS */ #else
WOLFSSL_MSG("Type of socket needed is not available"); WOLFSSL_MSG("Type of socket needed is not available");
WOLFSSL_MSG("\tor using FIPS mode where RNG API is not available"); WOLFSSL_MSG("\tor using mode where DRBG API is not available");
(void)nm; (void)nm;
return WOLFSSL_FATAL_ERROR; return WOLFSSL_FATAL_ERROR;
#endif /* defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) */ #endif /* USE_WOLFSSL_IO && !USE_WINDOWS_API && !HAVE_FIPS && HAVE_HASHDRBG */
} }
#endif /* !FREERTOS_TCP */ #endif /* !FREERTOS_TCP */

47
tests/api.c
View File

@@ -12773,7 +12773,7 @@ static int test_wc_ecc_make_key (void)
{ {
int ret = 0; int ret = 0;
#if defined(HAVE_ECC) #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
WC_RNG rng; WC_RNG rng;
ecc_key key; ecc_key key;
@@ -12853,7 +12853,7 @@ static int test_wc_ecc_check_key (void)
{ {
int ret = 0; int ret = 0;
#if defined(HAVE_ECC) #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
WC_RNG rng; WC_RNG rng;
ecc_key key; ecc_key key;
@@ -12900,7 +12900,7 @@ static int test_wc_ecc_size (void)
{ {
int ret = 0; int ret = 0;
#if defined(HAVE_ECC) #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
WC_RNG rng; WC_RNG rng;
ecc_key key; ecc_key key;
@@ -12946,7 +12946,7 @@ static int test_wc_ecc_signVerify_hash (void)
{ {
int ret = 0; int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && !defined(NO_ASN) #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && !defined(NO_ASN) && !defined(WC_NO_RNG)
WC_RNG rng; WC_RNG rng;
ecc_key key; ecc_key key;
int signH = WOLFSSL_FATAL_ERROR; int signH = WOLFSSL_FATAL_ERROR;
@@ -13056,7 +13056,7 @@ static int test_wc_ecc_shared_secret (void)
{ {
int ret = 0; int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) #if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
ecc_key key, pubKey; ecc_key key, pubKey;
WC_RNG rng; WC_RNG rng;
int keySz = KEY16; int keySz = KEY16;
@@ -13123,7 +13123,7 @@ static int test_wc_ecc_export_x963 (void)
{ {
int ret = 0; int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
ecc_key key; ecc_key key;
WC_RNG rng; WC_RNG rng;
byte out[ECC_ASN963_MAX_BUF_SZ]; byte out[ECC_ASN963_MAX_BUF_SZ];
@@ -13185,7 +13185,7 @@ static int test_wc_ecc_export_x963_ex (void)
{ {
int ret = 0; int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
ecc_key key; ecc_key key;
WC_RNG rng; WC_RNG rng;
byte out[ECC_ASN963_MAX_BUF_SZ]; byte out[ECC_ASN963_MAX_BUF_SZ];
@@ -13284,7 +13284,7 @@ static int test_wc_ecc_import_x963 (void)
int ret = 0; int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \ #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \
defined(HAVE_ECC_KEY_EXPORT) defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
ecc_key pubKey, key; ecc_key pubKey, key;
WC_RNG rng; WC_RNG rng;
byte x963[ECC_ASN963_MAX_BUF_SZ]; byte x963[ECC_ASN963_MAX_BUF_SZ];
@@ -13348,7 +13348,7 @@ static int ecc_import_private_key (void)
int ret = 0; int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \ #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \
defined(HAVE_ECC_KEY_EXPORT) defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
ecc_key key, keyImp; ecc_key key, keyImp;
WC_RNG rng; WC_RNG rng;
byte privKey[ECC_PRIV_KEY_BUF]; /* Raw private key.*/ byte privKey[ECC_PRIV_KEY_BUF]; /* Raw private key.*/
@@ -13419,7 +13419,7 @@ static int test_wc_ecc_export_private_only (void)
{ {
int ret = 0; int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
ecc_key key; ecc_key key;
WC_RNG rng; WC_RNG rng;
byte out[ECC_PRIV_KEY_BUF]; byte out[ECC_PRIV_KEY_BUF];
@@ -13616,7 +13616,7 @@ static int test_wc_ecc_sig_size (void)
{ {
int ret = 0; int ret = 0;
#ifdef HAVE_ECC #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
ecc_key key; ecc_key key;
WC_RNG rng; WC_RNG rng;
int keySz = KEY16; int keySz = KEY16;
@@ -13657,7 +13657,7 @@ static int test_wc_ecc_ctx_new (void)
{ {
int ret = 0; int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
WC_RNG rng; WC_RNG rng;
ecEncCtx* cli = NULL; ecEncCtx* cli = NULL;
ecEncCtx* srv = NULL; ecEncCtx* srv = NULL;
@@ -13708,7 +13708,7 @@ static int test_wc_ecc_ctx_reset (void)
{ {
int ret = 0; int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
ecEncCtx* ctx = NULL; ecEncCtx* ctx = NULL;
WC_RNG rng; WC_RNG rng;
@@ -13757,7 +13757,7 @@ static int test_wc_ecc_ctx_set_peer_salt (void)
{ {
int ret = 0; int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
WC_RNG rng; WC_RNG rng;
ecEncCtx* cliCtx = NULL; ecEncCtx* cliCtx = NULL;
ecEncCtx* servCtx = NULL; ecEncCtx* servCtx = NULL;
@@ -13829,7 +13829,7 @@ static int test_wc_ecc_ctx_set_info (void)
{ {
int ret = 0; int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
ecEncCtx* ctx = NULL; ecEncCtx* ctx = NULL;
WC_RNG rng; WC_RNG rng;
const char* optInfo = "Optional Test Info."; const char* optInfo = "Optional Test Info.";
@@ -13881,7 +13881,8 @@ static int test_wc_ecc_encryptDecrypt (void)
{ {
int ret = 0; int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128) #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128) \
&& !defined(WC_NO_RNG)
ecc_key srvKey, cliKey; ecc_key srvKey, cliKey;
WC_RNG rng; WC_RNG rng;
const char* msg = "EccBlock Size 16"; const char* msg = "EccBlock Size 16";
@@ -14026,7 +14027,7 @@ static int test_wc_ecc_pointFns (void)
{ {
int ret = 0; int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
ecc_key key; ecc_key key;
WC_RNG rng; WC_RNG rng;
ecc_point* point = NULL; ecc_point* point = NULL;
@@ -14200,7 +14201,7 @@ static int test_wc_ecc_shared_secret_ssh (void)
{ {
int ret = 0; int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) #if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
ecc_key key, key2; ecc_key key, key2;
WC_RNG rng; WC_RNG rng;
int keySz = KEY32; int keySz = KEY32;
@@ -14282,7 +14283,8 @@ static int test_wc_ecc_verify_hash_ex (void)
{ {
int ret = 0; int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && defined(WOLFSSL_PUBLIC_MP) #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && defined(WOLFSSL_PUBLIC_MP) \
&& !defined(WC_NO_RNG)
ecc_key key; ecc_key key;
WC_RNG rng; WC_RNG rng;
mp_int r; mp_int r;
@@ -14411,7 +14413,7 @@ static int test_wc_ecc_mulmod (void)
{ {
int ret = 0; int ret = 0;
#if defined(HAVE_ECC) && \ #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
!(defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_VALIDATE_ECC_IMPORT)) !(defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_VALIDATE_ECC_IMPORT))
ecc_key key1, key2, key3; ecc_key key1, key2, key3;
WC_RNG rng; WC_RNG rng;
@@ -14492,7 +14494,7 @@ static int test_wc_ecc_is_valid_idx (void)
{ {
int ret = 0; int ret = 0;
#if defined(HAVE_ECC) #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
ecc_key key; ecc_key key;
WC_RNG rng; WC_RNG rng;
int iVal = -2; int iVal = -2;
@@ -20897,6 +20899,9 @@ static int test_wc_RNG_GenerateBlock(void)
wc_FreeRng(&rng); wc_FreeRng(&rng);
(void)rng; /* for WC_NO_RNG case */
(void)key;
return ret; return ret;
} }
#endif #endif

7
wolfcrypt/src/asn.c
View File

@@ -2690,6 +2690,9 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
(void)curveOID; (void)curveOID;
(void)oidSz; (void)oidSz;
(void)tmpIdx;
(void)keySz;
(void)heap;
return 1; return 1;
} }
@@ -2927,6 +2930,8 @@ int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz,
sz = SetSequence(totalSz, out); sz = SetSequence(totalSz, out);
XMEMMOVE(out + sz, out + MAX_SEQ_SZ, totalSz); XMEMMOVE(out + sz, out + MAX_SEQ_SZ, totalSz);
(void)rng;
return totalSz + sz; return totalSz + sz;
} }
@@ -3275,6 +3280,8 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
(void)rng;
return totalSz; return totalSz;
} }

6
wolfcrypt/src/rsa.c
View File

@@ -957,9 +957,9 @@ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
{ {
int ret; int ret;
#ifndef WC_NO_RNG
switch (padType) switch (padType)
{ {
#ifndef WC_NO_RNG
case WC_RSA_PKCSV15_PAD: case WC_RSA_PKCSV15_PAD:
/*WOLFSSL_MSG("wolfSSL Using RSA PKCSV15 padding");*/ /*WOLFSSL_MSG("wolfSSL Using RSA PKCSV15 padding");*/
ret = RsaPad(input, inputLen, pkcsBlock, pkcsBlockLen, ret = RsaPad(input, inputLen, pkcsBlock, pkcsBlockLen,
@@ -981,6 +981,7 @@ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
hType, mgf, saltLen, bits, heap); hType, mgf, saltLen, bits, heap);
break; break;
#endif #endif
#endif /* !WC_NO_RNG */
#ifdef WC_RSA_NO_PADDING #ifdef WC_RSA_NO_PADDING
case WC_RSA_NO_PAD: case WC_RSA_NO_PAD:
@@ -1003,9 +1004,6 @@ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
WOLFSSL_MSG("Unknown RSA Pad Type"); WOLFSSL_MSG("Unknown RSA Pad Type");
ret = RSA_PAD_E; ret = RSA_PAD_E;
} }
#else
ret = NOT_COMPILED_IN;
#endif
/* silence warning if not used with padding scheme */ /* silence warning if not used with padding scheme */
(void)input; (void)input;

7
wolfssl/test.h
View File

@@ -2858,6 +2858,7 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
tempfn[len] = '\0'; tempfn[len] = '\0';
wc_FreeRng(&rng); wc_FreeRng(&rng);
(void)rng; /* for WC_NO_RNG case */
return tempfn; return tempfn;
} }
@@ -2969,10 +2970,12 @@ static WC_INLINE word16 GetRandomPort(void)
/* Generate random port for testing */ /* Generate random port for testing */
WC_RNG rng; WC_RNG rng;
if (wc_InitRng(&rng) == 0) { if (wc_InitRng(&rng) == 0) {
wc_RNG_GenerateBlock(&rng, (byte*)&port, sizeof(port)); if (wc_RNG_GenerateBlock(&rng, (byte*)&port, sizeof(port)) == 0) {
port |= 0xC000; /* Make sure its in the 49152 - 65535 range */ port |= 0xC000; /* Make sure its in the 49152 - 65535 range */
}
wc_FreeRng(&rng); wc_FreeRng(&rng);
} }
(void)rng; /* for WC_NO_RNG case */
return port; return port;
} }

11
wolfssl/wolfcrypt/random.h
View File

@@ -66,8 +66,8 @@
#endif #endif
/* make sure Hash DRBG is enabled, unless WC_NO_HASHDRBG is defined /* make sure Hash DRBG is enabled, unless WC_NO_HASHDRBG is defined
or CUSTOM_RAND_GENERATE_BLOCK is defined*/ or CUSTOM_RAND_GENERATE_BLOCK is defined */
#if !defined(WC_NO_HASHDRBG) || !defined(CUSTOM_RAND_GENERATE_BLOCK) #if !defined(WC_NO_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
#undef HAVE_HASHDRBG #undef HAVE_HASHDRBG
#define HAVE_HASHDRBG #define HAVE_HASHDRBG
#ifndef WC_RESEED_INTERVAL #ifndef WC_RESEED_INTERVAL
@@ -106,7 +106,9 @@
#include <wolfssl/wolfcrypt/sha256.h> #include <wolfssl/wolfcrypt/sha256.h>
#elif defined(HAVE_WNR) #elif defined(HAVE_WNR)
/* allow whitewood as direct RNG source using wc_GenerateSeed directly */ /* allow whitewood as direct RNG source using wc_GenerateSeed directly */
#else #elif defined(HAVE_INTEL_RDRAND)
/* Intel RDRAND or RDSEED */
#elif !defined(WC_NO_RNG)
#error No RNG source defined! #error No RNG source defined!
#endif #endif
@@ -188,13 +190,14 @@ WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG*, byte*, word32 sz);
WOLFSSL_API int wc_RNG_GenerateByte(WC_RNG*, byte*); WOLFSSL_API int wc_RNG_GenerateByte(WC_RNG*, byte*);
WOLFSSL_API int wc_FreeRng(WC_RNG*); WOLFSSL_API int wc_FreeRng(WC_RNG*);
#else #else
#include <wolfssl/wolfcrypt/error-crypt.h>
#define wc_InitRng(rng) NOT_COMPILED_IN #define wc_InitRng(rng) NOT_COMPILED_IN
#define wc_InitRng_ex(rng, h, d) NOT_COMPILED_IN #define wc_InitRng_ex(rng, h, d) NOT_COMPILED_IN
#define wc_InitRngNonce(rng, n, s) NOT_COMPILED_IN #define wc_InitRngNonce(rng, n, s) NOT_COMPILED_IN
#define wc_InitRngNonce_ex(rng, n, s, h, d) NOT_COMPILED_IN #define wc_InitRngNonce_ex(rng, n, s, h, d) NOT_COMPILED_IN
#define wc_RNG_GenerateBlock(rng, b, s) NOT_COMPILED_IN #define wc_RNG_GenerateBlock(rng, b, s) NOT_COMPILED_IN
#define wc_RNG_GenerateByte(rng, b) NOT_COMPILED_IN #define wc_RNG_GenerateByte(rng, b) NOT_COMPILED_IN
#define wc_FreeRng(rng) NOT_COMPILED_IN #define wc_FreeRng(rng) (void)NOT_COMPILED_IN
#endif #endif

3
wolfssl/wolfcrypt/settings.h
View File

@@ -1743,7 +1743,8 @@ extern void uITRON4_free(void *p) ;
#ifndef WC_NO_HARDEN #ifndef WC_NO_HARDEN
#if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \ #if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \
(defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \ (defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \
(!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)) (!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) && \
!defined(WC_NO_RNG))
#ifndef _MSC_VER #ifndef _MSC_VER
#warning "For timing resistance / side-channel attack prevention consider using harden options" #warning "For timing resistance / side-channel attack prevention consider using harden options"