wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 12:44:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3846 from kabuobeid/builtinEngsRandMethod

Browse Source 
Add wolfSSL_RAND_set_rand_method() and document ENGINE_load_builtin_engines()
This commit is contained in:
toddouska
2021-03-19 14:23:03 -07:00
committed by GitHub
parent a0a1406a43 a85e348c0e
commit 14b7d70ae4
6 changed files with 323 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
configure.ac
View File

@@ -954,16 +954,12 @@ then
AM_CFLAGS="-DHAVE_EXT_CACHE $AM_CFLAGS"
fi
if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_SMALL" = "yes"
then
AC_MSG_ERROR([cannot enable small and opensslextra, only one or the other.])
fi
if test "$ENABLED_OPENSSLEXTRA" = "x509small"
then
AC_MSG_NOTICE([Enabling only a subset of X509 opensslextra])
AM_CFLAGS="-DOPENSSL_EXTRA_X509_SMALL $AM_CFLAGS"
AM_CFLAGS="-DWOLFSSL_EKU_OID -DWOLFSSL_MULTI_ATTRIB $AM_CFLAGS"
AM_CFLAGS="-DWOLFSSL_NO_OPENSSL_RAND_CB $AM_CFLAGS"
fi
# One Error Queue per Thread
@@ -5208,11 +5204,6 @@ if test "$ENABLED_SP_NONBLOCK" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NONBLOCK"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NONBLOCK"
fi
if test "$ENABLED_SMALL" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL"
fi
if test "$ENABLED_SP_MATH" = "yes"; then
if test "$ENABLED_SP" = "no"; then

254
src/ssl.c
View File

@@ -151,9 +151,17 @@
#ifndef WOLFCRYPT_ONLY
#ifdef OPENSSL_EXTRA
/* Global pointer to constant BN on */
static WOLFSSL_BIGNUM* bn_one = NULL;
#endif
/* Global pointer to constant BN on */
static WOLFSSL_BIGNUM* bn_one = NULL;
/* WOLFSSL_NO_OPENSSL_RAND_CB: Allows way to reduce code size for
* OPENSSL_EXTRA where RAND callbacks are not used */
#ifndef WOLFSSL_NO_OPENSSL_RAND_CB
static const WOLFSSL_RAND_METHOD* gRandMethods = NULL;
static int gRandMethodsInit = 0;
static wolfSSL_Mutex gRandMethodMutex;
#endif /* !WOLFSSL_NO_OPENSSL_RAND_CB */
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
const WOLF_EC_NIST_NAME kNistCurves[] = {
@@ -4933,9 +4941,25 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
#if defined(OPENSSL_EXTRA) || \
(defined(OPENSSL_EXTRA_X509_SMALL) && !defined(NO_RSA))
static WC_RNG globalRNG;
static int initGlobalRNG = 0;
static wolfSSL_Mutex globalRNGMutex;
#define HAVE_GLOBAL_RNG /* consolidate flags for using globalRNG */
static WC_RNG globalRNG;
static int initGlobalRNG = 0;
static wolfSSL_Mutex globalRNGMutex;
#endif
#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB)
static int wolfSSL_RAND_InitMutex(void)
{
if (gRandMethodsInit == 0) {
if (wc_InitMutex(&gRandMethodMutex) != 0) {
WOLFSSL_MSG("Bad Init Mutex rand methods");
return BAD_MUTEX_E;
}
gRandMethodsInit = 1;
}
return 0;
}
#endif
WOLFSSL_ABI
@@ -4950,8 +4974,7 @@ int wolfSSL_Init(void)
return WC_INIT_E;
}
#if defined(OPENSSL_EXTRA) || \
(defined(OPENSSL_EXTRA_X509_SMALL) && !defined(NO_RSA))
#ifdef HAVE_GLOBAL_RNG
if (wc_InitMutex(&globalRNGMutex) != 0) {
WOLFSSL_MSG("Bad Init Mutex rng");
return BAD_MUTEX_E;
@@ -4959,6 +4982,11 @@ int wolfSSL_Init(void)
#endif
#ifdef OPENSSL_EXTRA
#ifndef WOLFSSL_NO_OPENSSL_RAND_CB
if (wolfSSL_RAND_InitMutex() != 0) {
return BAD_MUTEX_E;
}
#endif
if (wolfSSL_RAND_seed(NULL, 0) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("wolfSSL_RAND_Seed failed");
return WC_INIT_E;
@@ -17816,24 +17844,62 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
#endif
}
/* If a valid struct is provided with function pointers, will override
RAND_seed, bytes, cleanup, add, pseudo_bytes and status. If a NULL
pointer is passed in, it will cancel any previous function overrides.
int wolfSSL_RAND_status(void)
Returns WOLFSSL_SUCCESS on success, WOLFSSL_FAILURE on failure. */
int wolfSSL_RAND_set_rand_method(const WOLFSSL_RAND_METHOD *methods)
{
return WOLFSSL_SUCCESS; /* wolfCrypt provides enough seed internally */
#ifndef WOLFSSL_NO_OPENSSL_RAND_CB
if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) {
gRandMethods = methods;
wc_UnLockMutex(&gRandMethodMutex);
return WOLFSSL_SUCCESS;
}
#else
(void)methods;
#endif
return WOLFSSL_FAILURE;
}
/* Returns WOLFSSL_SUCCESS if the RNG has been seeded with enough data */
int wolfSSL_RAND_status(void)
{
int ret = WOLFSSL_SUCCESS;
#ifndef WOLFSSL_NO_OPENSSL_RAND_CB
if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) {
if (gRandMethods && gRandMethods->status)
ret = gRandMethods->status();
wc_UnLockMutex(&gRandMethodMutex);
}
else {
ret = WOLFSSL_FAILURE;
}
#else
/* wolfCrypt provides enough seed internally, so return success */
#endif
return ret;
}
#ifndef NO_WOLFSSL_STUB
void wolfSSL_RAND_add(const void* add, int len, double entropy)
{
#ifndef WOLFSSL_NO_OPENSSL_RAND_CB
if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) {
if (gRandMethods && gRandMethods->add) {
/* callback has return code, but RAND_add does not */
(void)gRandMethods->add(add, len, entropy);
}
wc_UnLockMutex(&gRandMethodMutex);
}
#else
/* wolfSSL seeds/adds internally, use explicit RNG if you want
to take control */
(void)add;
(void)len;
(void)entropy;
WOLFSSL_STUB("RAND_add");
/* wolfSSL seeds/adds internally, use explicit RNG if you want
to take control */
}
#endif
}
#ifndef NO_DES3
/* 0 on ok */
@@ -31500,33 +31566,41 @@ WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG, int *initTmpRng)
*/
static int wolfSSL_RAND_Init(void)
{
if (wc_LockMutex(&globalRNGMutex) != 0) {
WOLFSSL_MSG("Bad Lock Mutex rng");
return 0;
}
if (initGlobalRNG == 0) {
if (wc_InitRng(&globalRNG) < 0) {
WOLFSSL_MSG("wolfSSL Init Global RNG failed");
wc_UnLockMutex(&globalRNGMutex);
return 0;
int ret = WOLFSSL_FAILURE;
#ifdef HAVE_GLOBAL_RNG
if (wc_LockMutex(&globalRNGMutex) == 0) {
if (initGlobalRNG == 0) {
ret = wc_InitRng(&globalRNG);
if (ret == 0) {
initGlobalRNG = 1;
ret = WOLFSSL_SUCCESS;
}
}
initGlobalRNG = 1;
wc_UnLockMutex(&globalRNGMutex);
}
wc_UnLockMutex(&globalRNGMutex);
return WOLFSSL_SUCCESS;
#endif
return ret;
}
/* WOLFSSL_SUCCESS on ok */
int wolfSSL_RAND_seed(const void* seed, int len)
{
WOLFSSL_MSG("wolfSSL_RAND_seed");
#ifndef WOLFSSL_NO_OPENSSL_RAND_CB
if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) {
if (gRandMethods && gRandMethods->seed) {
int ret = gRandMethods->seed(seed, len);
wc_UnLockMutex(&gRandMethodMutex);
return ret;
}
wc_UnLockMutex(&gRandMethodMutex);
}
#else
(void)seed;
(void)len;
#endif
/* Make sure global shared RNG (globalRNG) is initialized */
return wolfSSL_RAND_Init();
}
@@ -31830,48 +31904,75 @@ int wolfSSL_RAND_egd(const char* nm)
void wolfSSL_RAND_Cleanup(void)
{
WOLFSSL_ENTER("wolfSSL_RAND_Cleanup()");
#ifndef WOLFSSL_NO_OPENSSL_RAND_CB
if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) {
if (gRandMethods && gRandMethods->cleanup)
gRandMethods->cleanup();
wc_UnLockMutex(&gRandMethodMutex);
}
if (wc_LockMutex(&globalRNGMutex) != 0) {
WOLFSSL_MSG("Bad Lock Mutex rng");
return;
if (wc_FreeMutex(&gRandMethodMutex) == 0)
gRandMethodsInit = 0;
#endif
#ifdef HAVE_GLOBAL_RNG
if (wc_LockMutex(&globalRNGMutex) == 0) {
if (initGlobalRNG) {
wc_FreeRng(&globalRNG);
initGlobalRNG = 0;
}
wc_UnLockMutex(&globalRNGMutex);
}
if (initGlobalRNG != 0) {
wc_FreeRng(&globalRNG);
initGlobalRNG = 0;
}
wc_UnLockMutex(&globalRNGMutex);
#endif
}
/* returns WOLFSSL_SUCCESS if the bytes generated are valid otherwise WOLFSSL_FAILURE */
int wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num)
{
#ifndef WOLFSSL_NO_OPENSSL_RAND_CB
if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) {
if (gRandMethods && gRandMethods->pseudorand) {
int ret = gRandMethods->pseudorand(buf, num);
wc_UnLockMutex(&gRandMethodMutex);
return ret;
}
wc_UnLockMutex(&gRandMethodMutex);
}
#endif
/* fallback to using the global shared RNG */
return wolfSSL_RAND_bytes(buf, num);
}
/* WOLFSSL_SUCCESS on ok */
/* returns WOLFSSL_SUCCESS if the bytes generated are valid otherwise WOLFSSL_FAILURE */
int wolfSSL_RAND_bytes(unsigned char* buf, int num)
{
int ret = 0;
int initTmpRng = 0;
WC_RNG* rng = NULL;
#ifdef WOLFSSL_SMALL_STACK
WC_RNG* tmpRNG;
WC_RNG* tmpRNG = NULL;
#else
WC_RNG tmpRNG[1];
#endif
int used_global = 0;
int initTmpRng = 0;
int blockCount = 0;
#ifdef HAVE_GLOBAL_RNG
int used_global = 0;
#endif
WOLFSSL_ENTER("wolfSSL_RAND_bytes");
#ifdef WOLFSSL_SMALL_STACK
tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
if (tmpRNG == NULL)
return ret;
/* if a RAND callback has been set try and use it */
#ifndef WOLFSSL_NO_OPENSSL_RAND_CB
if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) {
if (gRandMethods && gRandMethods->bytes) {
ret = gRandMethods->bytes(buf, num);
wc_UnLockMutex(&gRandMethodMutex);
return ret;
}
wc_UnLockMutex(&gRandMethodMutex);
}
#endif
#ifdef HAVE_GLOBAL_RNG
if (initGlobalRNG) {
if (wc_LockMutex(&globalRNGMutex) != 0) {
WOLFSSL_MSG("Bad Lock Mutex rng");
@@ -31881,41 +31982,51 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
rng = &globalRNG;
used_global = 1;
}
else if(wc_InitRng(tmpRNG) == 0) {
rng = tmpRNG;
initTmpRng = 1;
else
#endif
{
#ifdef WOLFSSL_SMALL_STACK
tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
if (tmpRNG == NULL)
return ret;
#endif
if (wc_InitRng(tmpRNG) == 0) {
rng = tmpRNG;
initTmpRng = 1;
}
}
if (rng) {
/* handles size grater than RNG_MAX_BLOCK_LEN */
/* handles size greater than RNG_MAX_BLOCK_LEN */
blockCount = num / RNG_MAX_BLOCK_LEN;
while(blockCount--) {
if((ret = wc_RNG_GenerateBlock(rng, buf, RNG_MAX_BLOCK_LEN) != 0)){
while (blockCount--) {
ret = wc_RNG_GenerateBlock(rng, buf, RNG_MAX_BLOCK_LEN);
if (ret != 0) {
WOLFSSL_MSG("Bad wc_RNG_GenerateBlock");
break;
}
num -= RNG_MAX_BLOCK_LEN;
buf += RNG_MAX_BLOCK_LEN;
}
if (ret == 0 && num)
ret = wc_RNG_GenerateBlock(rng, buf, num);
if (ret != 0)
WOLFSSL_MSG("Bad wc_RNG_GenerateBlock");
else
ret = WOLFSSL_SUCCESS;
}
if (used_global == 1) {
#ifdef HAVE_GLOBAL_RNG
if (used_global == 1)
wc_UnLockMutex(&globalRNGMutex);
}
#endif
if (initTmpRng)
wc_FreeRng(tmpRNG);
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
if (tmpRNG)
XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
#endif
return ret;
@@ -45769,19 +45880,6 @@ int wolfSSL_FIPS_mode_set(int r)
}
#endif
#ifndef NO_WOLFSSL_STUB
int wolfSSL_RAND_set_rand_method(const void *meth)
{
(void) meth;
WOLFSSL_ENTER("wolfSSL_RAND_set_rand_method");
WOLFSSL_STUB("RAND_set_rand_method");
/* if implemented RAND_bytes and RAND_pseudo_bytes need updated
* those two functions will call the respective functions from meth */
return SSL_FAILURE;
}
#endif
int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits)
{
int ret = WOLFSSL_FAILURE;

121
tests/api.c
View File

@@ -307,6 +307,7 @@
#include <wolfssl/openssl/crypto.h>
#include <wolfssl/openssl/hmac.h>
#include <wolfssl/openssl/objects.h>
#include <wolfssl/openssl/rand.h>
#ifdef OPENSSL_ALL
#include <wolfssl/openssl/txt_db.h>
#include <wolfssl/openssl/lhash.h>
@@ -30582,6 +30583,125 @@ static void test_wolfSSL_BUF(void)
#endif /* OPENSSL_EXTRA */
}
#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB)
static int stub_rand_seed(const void *buf, int num)
{
(void)buf;
(void)num;
return 123;
}
static int stub_rand_bytes(unsigned char *buf, int num)
{
(void)buf;
(void)num;
return 456;
}
static byte* was_stub_rand_cleanup_called(void)
{
static byte was_called = 0;
return &was_called;
}
static void stub_rand_cleanup(void)
{
byte* was_called = was_stub_rand_cleanup_called();
*was_called = 1;
return;
}
static byte* was_stub_rand_add_called(void)
{
static byte was_called = 0;
return &was_called;
}
static int stub_rand_add(const void *buf, int num, double entropy)
{
byte* was_called = was_stub_rand_add_called();
(void)buf;
(void)num;
(void)entropy;
*was_called = 1;
return 0;
}
static int stub_rand_pseudo_bytes(unsigned char *buf, int num)
{
(void)buf;
(void)num;
return 9876;
}
static int stub_rand_status(void)
{
return 5432;
}
#endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */
static void test_wolfSSL_RAND_set_rand_method(void)
{
#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB)
WOLFSSL_RAND_METHOD rand_methods = {NULL, NULL, NULL, NULL, NULL, NULL};
unsigned char* buf = NULL;
int num = 0;
double entropy = 0;
byte* was_cleanup_called = was_stub_rand_cleanup_called();
byte* was_add_called = was_stub_rand_add_called();
printf(testingFmt, "wolfSSL_RAND_set_rand_method()");
AssertIntNE(wolfSSL_RAND_status(), 5432);
AssertIntEQ(*was_cleanup_called, 0);
wolfSSL_RAND_Cleanup();
AssertIntEQ(*was_cleanup_called, 0);
rand_methods.seed = &stub_rand_seed;
rand_methods.bytes = &stub_rand_bytes;
rand_methods.cleanup = &stub_rand_cleanup;
rand_methods.add = &stub_rand_add;
rand_methods.pseudorand = &stub_rand_pseudo_bytes;
rand_methods.status = &stub_rand_status;
AssertIntEQ(wolfSSL_RAND_set_rand_method(&rand_methods), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_RAND_seed(buf, num), 123);
AssertIntEQ(wolfSSL_RAND_bytes(buf, num), 456);
AssertIntEQ(wolfSSL_RAND_pseudo_bytes(buf, num), 9876);
AssertIntEQ(wolfSSL_RAND_status(), 5432);
AssertIntEQ(*was_add_called, 0);
/* The function pointer for RAND_add returns int, but RAND_add itself returns void. */
wolfSSL_RAND_add(buf, num, entropy);
AssertIntEQ(*was_add_called, 1);
was_add_called = 0;
AssertIntEQ(*was_cleanup_called, 0);
wolfSSL_RAND_Cleanup();
AssertIntEQ(*was_cleanup_called, 1);
*was_cleanup_called = 0;
AssertIntEQ(wolfSSL_RAND_set_rand_method(NULL), WOLFSSL_SUCCESS);
AssertIntNE(wolfSSL_RAND_status(), 5432);
AssertIntEQ(*was_cleanup_called, 0);
wolfSSL_RAND_Cleanup();
AssertIntEQ(*was_cleanup_called, 0);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */
}
static void test_wolfSSL_RAND_bytes(void)
{
#if defined(OPENSSL_EXTRA)
@@ -41734,6 +41854,7 @@ void ApiTest(void)
test_wolfSSL_CTX_set_srp_password();
test_wolfSSL_CTX_set_ecdh_auto();
test_wolfSSL_THREADID_hash();
test_wolfSSL_RAND_set_rand_method();
test_wolfSSL_RAND_bytes();
test_wolfSSL_pseudo_rand();
test_wolfSSL_PKCS8_Compat();

4
wolfssl/openssl/engine.h
View File

@@ -4,5 +4,7 @@
#undef HAVE_OPENSSL_ENGINE_H
#define ENGINE_load_builtin_engines() /*ENGINE_load_builtin_engines not needed*/
/* ENGINE_load_builtin_engines not needed, as all builtin engines are already
loaded into memory and used on startup. */
#define ENGINE_load_builtin_engines()

2
wolfssl/openssl/rand.h
View File

@@ -24,4 +24,6 @@
#include <wolfssl/openssl/ssl.h>
#include <wolfssl/wolfcrypt/random.h>
typedef WOLFSSL_RAND_METHOD RAND_METHOD;
#define RAND_set_rand_method wolfSSL_RAND_set_rand_method

21
wolfssl/ssl.h
View File

@@ -639,6 +639,25 @@ struct WOLFSSL_X509_STORE_CTX {
typedef char* WOLFSSL_STRING;
typedef struct WOLFSSL_RAND_METHOD {
/* seed = Data to mix into the random generator.
* len = Number of bytes to mix from seed. */
int (*seed)(const void* seed, int len);
/* buf = Buffer to store random bytes in.
* len = Number of bytes to store in buf. */
int (*bytes)(unsigned char* buf, int len);
void (*cleanup)(void);
/* add = Data to mix into the random generator.
* len = Number of bytes to mix from add.
* entropy = Estimate of randomness contained in seed.
* Should be between 0 and len. */
int (*add)(const void* add, int len, double entropy);
/* buf = Buffer to store pseudorandom bytes in.
* len = Number of bytes to store in buf. */
int (*pseudorand)(unsigned char *buf, int len);
int (*status)(void);
} WOLFSSL_RAND_METHOD;
/* Valid Alert types from page 16/17
* Add alert string to the function wolfSSL_alert_type_string_long in src/ssl.c
*/
@@ -3769,7 +3788,7 @@ WOLFSSL_API int wolfSSL_FIPS_mode(void);
WOLFSSL_API int wolfSSL_FIPS_mode_set(int r);
WOLFSSL_API int wolfSSL_RAND_set_rand_method(const void *meth);
WOLFSSL_API int wolfSSL_RAND_set_rand_method(const WOLFSSL_RAND_METHOD *methods);
WOLFSSL_API int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits);