wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for case with Intel rand source and no DRBG (./configure --enable-intelasm --enable-intelrand --disable-hashdrbg). Fixes to wolfSSL_RAND_egd to better handle no DRBG case.

Browse Source
This commit is contained in:
David Garske
2018-09-14 09:48:57 -07:00
parent a4d502e22a
commit 32d3cb6cfb
2 changed files with 7 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/ssl.c
View File

@@ -95,7 +95,6 @@
#if defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) \ #if defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) \
&& !defined(WC_NO_RNG) && !defined(WC_NO_RNG)
#include <wolfssl/wolfcrypt/srp.h> #include <wolfssl/wolfcrypt/srp.h>
#include <wolfssl/wolfcrypt/random.h>
#endif #endif
#endif #endif
@@ -21811,11 +21810,6 @@ int wolfSSL_RAND_write_file(const char* fname)
#include <sys/un.h> #include <sys/un.h>
#endif #endif
/* at compile time check for HASH DRBG and throw warning if not found */
#ifndef HAVE_HASHDRBG
#warning HAVE_HASHDRBG is needed for wolfSSL_RAND_egd to seed
#endif
/* This collects entropy from the path nm and seeds the global PRNG with it. /* This collects entropy from the path nm and seeds the global PRNG with it.
* Makes a call to wolfSSL_RAND_Init which is not thread safe. * Makes a call to wolfSSL_RAND_Init which is not thread safe.
* *
@@ -21825,7 +21819,8 @@ int wolfSSL_RAND_write_file(const char* fname)
*/ */
int wolfSSL_RAND_egd(const char* nm) int wolfSSL_RAND_egd(const char* nm)
{ {
#if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) && !defined(HAVE_FIPS) #if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) && !defined(HAVE_FIPS) && \
defined(HAVE_HASHDRBG)
struct sockaddr_un rem; struct sockaddr_un rem;
int fd; int fd;
int ret = WOLFSSL_SUCCESS; int ret = WOLFSSL_SUCCESS;
@@ -21959,13 +21954,13 @@ int wolfSSL_RAND_egd(const char* nm)
else { else {
return ret; return ret;
} }
#else /* defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) && !HAVE_FIPS */ #else
WOLFSSL_MSG("Type of socket needed is not available"); WOLFSSL_MSG("Type of socket needed is not available");
WOLFSSL_MSG("\tor using FIPS mode where RNG API is not available"); WOLFSSL_MSG("\tor using mode where DRBG API is not available");
(void)nm; (void)nm;
return WOLFSSL_FATAL_ERROR; return WOLFSSL_FATAL_ERROR;
#endif /* defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) */ #endif /* USE_WOLFSSL_IO && !USE_WINDOWS_API && !HAVE_FIPS && HAVE_HASHDRBG */
} }
#endif /* !FREERTOS_TCP */ #endif /* !FREERTOS_TCP */

2
wolfssl/wolfcrypt/random.h
View File

@@ -106,6 +106,8 @@
#include <wolfssl/wolfcrypt/sha256.h> #include <wolfssl/wolfcrypt/sha256.h>
#elif defined(HAVE_WNR) #elif defined(HAVE_WNR)
/* allow whitewood as direct RNG source using wc_GenerateSeed directly */ /* allow whitewood as direct RNG source using wc_GenerateSeed directly */
#elif defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND)
/* Intel RDRAND or RDSEED */
#elif !defined(WC_NO_RNG) #elif !defined(WC_NO_RNG)
#error No RNG source defined! #error No RNG source defined!
#endif #endif