Fixes and improvements for handling the --disable-rng case. Valid make check tests requires wolfCrypt only and no asymmetric crypto (./configure --disable-rng --enable-cryptonly --disable-dh --disable-rsa --disable-ecc).

2025-07-30 02:37:28 +02:00 · 2018-09-14 14:09:27 -07:00
parent 32d3cb6cfb
commit 2e4c07ed93
4 changed files with 10 additions and 7 deletions
--- a/configure.ac
+++ b/configure.ac
@ -578,7 +578,11 @@ AC_ARG_ENABLE([harden],

 if test "$ENABLED_HARDEN" = "yes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT -DWC_RSA_BLINDING"
+    AM_CFLAGS="$AM_CFLAGS -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT"
+    if test "$ENABLED_RNG" = "yes"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DWC_RSA_BLINDING"
+    fi
 else
    AM_CFLAGS="$AM_CFLAGS -DWC_NO_HARDEN"
 fi
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@ -957,9 +957,9 @@ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
 {
    int ret;

-#ifndef WC_NO_RNG
    switch (padType)
    {
+#ifndef WC_NO_RNG
        case WC_RSA_PKCSV15_PAD:
            /*WOLFSSL_MSG("wolfSSL Using RSA PKCSV15 padding");*/
            ret = RsaPad(input, inputLen, pkcsBlock, pkcsBlockLen,
@ -981,6 +981,7 @@ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
                                               hType, mgf, saltLen, bits, heap);
            break;
    #endif
+#endif /* !WC_NO_RNG */

    #ifdef WC_RSA_NO_PADDING
        case WC_RSA_NO_PAD:
@ -1003,9 +1004,6 @@ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
            WOLFSSL_MSG("Unknown RSA Pad Type");
            ret = RSA_PAD_E;
    }
-#else
-    ret = NOT_COMPILED_IN;
-#endif

    /* silence warning if not used with padding scheme */
    (void)input;
--- a/wolfssl/wolfcrypt/random.h
+++ b/wolfssl/wolfcrypt/random.h
@ -106,7 +106,7 @@
    #include <wolfssl/wolfcrypt/sha256.h>
 #elif defined(HAVE_WNR)
     /* allow whitewood as direct RNG source using wc_GenerateSeed directly */
-#elif defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND)
+#elif defined(HAVE_INTEL_RDRAND)
    /* Intel RDRAND or RDSEED */
 #elif !defined(WC_NO_RNG)
    #error No RNG source defined!
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@ -1751,7 +1751,8 @@ extern void uITRON4_free(void *p) ;
 #ifndef WC_NO_HARDEN
    #if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \
        (defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \
-        (!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS))
+        (!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) && \
+            !defined(WC_NO_RNG))

        #ifndef _MSC_VER
            #warning "For timing resistance / side-channel attack prevention consider using harden options"