wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 11:17:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes and improvements for handling the --disable-rng case. Valid make check tests requires wolfCrypt only and no asymmetric crypto (./configure --disable-rng --enable-cryptonly --disable-dh --disable-rsa --disable-ecc).

Browse Source
This commit is contained in:
David Garske
2018-09-14 14:09:27 -07:00
parent 32d3cb6cfb
commit 2e4c07ed93
4 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
configure.ac
View File

@@ -578,7 +578,11 @@ AC_ARG_ENABLE([harden],
if test "$ENABLED_HARDEN" = "yes" if test "$ENABLED_HARDEN" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT -DWC_RSA_BLINDING" AM_CFLAGS="$AM_CFLAGS -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT"
if test "$ENABLED_RNG" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_BLINDING"
fi
else else
AM_CFLAGS="$AM_CFLAGS -DWC_NO_HARDEN" AM_CFLAGS="$AM_CFLAGS -DWC_NO_HARDEN"
fi fi

6
wolfcrypt/src/rsa.c
View File

@@ -957,9 +957,9 @@ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
{ {
int ret; int ret;
#ifndef WC_NO_RNG
switch (padType) switch (padType)
{ {
#ifndef WC_NO_RNG
case WC_RSA_PKCSV15_PAD: case WC_RSA_PKCSV15_PAD:
/*WOLFSSL_MSG("wolfSSL Using RSA PKCSV15 padding");*/ /*WOLFSSL_MSG("wolfSSL Using RSA PKCSV15 padding");*/
ret = RsaPad(input, inputLen, pkcsBlock, pkcsBlockLen, ret = RsaPad(input, inputLen, pkcsBlock, pkcsBlockLen,
@@ -981,6 +981,7 @@ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
hType, mgf, saltLen, bits, heap); hType, mgf, saltLen, bits, heap);
break; break;
#endif #endif
#endif /* !WC_NO_RNG */
#ifdef WC_RSA_NO_PADDING #ifdef WC_RSA_NO_PADDING
case WC_RSA_NO_PAD: case WC_RSA_NO_PAD:
@@ -1003,9 +1004,6 @@ static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
WOLFSSL_MSG("Unknown RSA Pad Type"); WOLFSSL_MSG("Unknown RSA Pad Type");
ret = RSA_PAD_E; ret = RSA_PAD_E;
} }
#else
ret = NOT_COMPILED_IN;
#endif
/* silence warning if not used with padding scheme */ /* silence warning if not used with padding scheme */
(void)input; (void)input;

2
wolfssl/wolfcrypt/random.h
View File

@@ -106,7 +106,7 @@
#include <wolfssl/wolfcrypt/sha256.h> #include <wolfssl/wolfcrypt/sha256.h>
#elif defined(HAVE_WNR) #elif defined(HAVE_WNR)
/* allow whitewood as direct RNG source using wc_GenerateSeed directly */ /* allow whitewood as direct RNG source using wc_GenerateSeed directly */
#elif defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND) #elif defined(HAVE_INTEL_RDRAND)
/* Intel RDRAND or RDSEED */ /* Intel RDRAND or RDSEED */
#elif !defined(WC_NO_RNG) #elif !defined(WC_NO_RNG)
#error No RNG source defined! #error No RNG source defined!

3
wolfssl/wolfcrypt/settings.h
View File

@@ -1751,7 +1751,8 @@ extern void uITRON4_free(void *p) ;
#ifndef WC_NO_HARDEN #ifndef WC_NO_HARDEN
#if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \ #if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \
(defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \ (defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \
(!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)) (!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) && \
!defined(WC_NO_RNG))
#ifndef _MSC_VER #ifndef _MSC_VER
#warning "For timing resistance / side-channel attack prevention consider using harden options" #warning "For timing resistance / side-channel attack prevention consider using harden options"