From 32d3cb6cfb1793fd2e69096aafdfe7ec4aad43f2 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 14 Sep 2018 09:48:57 -0700 Subject: [PATCH] Fixes for case with Intel rand source and no DRBG (`./configure --enable-intelasm --enable-intelrand --disable-hashdrbg`). Fixes to `wolfSSL_RAND_egd` to better handle no DRBG case. --- src/ssl.c | 15 +++++---------- wolfssl/wolfcrypt/random.h | 2 ++ 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index aab29c707..9b4a0f27d 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -95,7 +95,6 @@ #if defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) \ && !defined(WC_NO_RNG) #include - #include #endif #endif @@ -21811,11 +21810,6 @@ int wolfSSL_RAND_write_file(const char* fname) #include #endif -/* at compile time check for HASH DRBG and throw warning if not found */ -#ifndef HAVE_HASHDRBG - #warning HAVE_HASHDRBG is needed for wolfSSL_RAND_egd to seed -#endif - /* This collects entropy from the path nm and seeds the global PRNG with it. * Makes a call to wolfSSL_RAND_Init which is not thread safe. * @@ -21825,7 +21819,8 @@ int wolfSSL_RAND_write_file(const char* fname) */ int wolfSSL_RAND_egd(const char* nm) { -#if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) && !defined(HAVE_FIPS) +#if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) && !defined(HAVE_FIPS) && \ + defined(HAVE_HASHDRBG) struct sockaddr_un rem; int fd; int ret = WOLFSSL_SUCCESS; @@ -21959,13 +21954,13 @@ int wolfSSL_RAND_egd(const char* nm) else { return ret; } -#else /* defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) && !HAVE_FIPS */ +#else WOLFSSL_MSG("Type of socket needed is not available"); - WOLFSSL_MSG("\tor using FIPS mode where RNG API is not available"); + WOLFSSL_MSG("\tor using mode where DRBG API is not available"); (void)nm; return WOLFSSL_FATAL_ERROR; -#endif /* defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) */ +#endif /* USE_WOLFSSL_IO && !USE_WINDOWS_API && !HAVE_FIPS && HAVE_HASHDRBG */ } #endif /* !FREERTOS_TCP */ diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index 9290be631..7fa501c81 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -106,6 +106,8 @@ #include #elif defined(HAVE_WNR) /* allow whitewood as direct RNG source using wc_GenerateSeed directly */ +#elif defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND) + /* Intel RDRAND or RDSEED */ #elif !defined(WC_NO_RNG) #error No RNG source defined! #endif