wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 04:34:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #805 from dgarske/rng_cleanup

Browse Source 
Fix RNG issue with Intel RD and cleanup to remove old ARC4 support
This commit is contained in:
toddouska
2017-04-03 14:57:09 -07:00
committed by GitHub
parent e168d4db09 d69c860ab8
commit 68076dee45
7 changed files with 488 additions and 539 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h
View File

@@ -278,17 +278,21 @@ extern "C" {
/* Size of returned HW RNG value */ /* Size of returned HW RNG value */
#define CUSTOM_RAND_TYPE unsigned int #define CUSTOM_RAND_TYPE unsigned int
/* Seed source */
extern unsigned int custom_rand_generate(void);
#undef CUSTOM_RAND_GENERATE
#define CUSTOM_RAND_GENERATE custom_rand_generate
/* Choose RNG method */ /* Choose RNG method */
#if 1 #if 1
/* Use built-in P-RNG (SHA256 based) with HW RNG */ /* Use built-in P-RNG (SHA256 based) with HW RNG */
/* P-RNG + HW RNG (P-RNG is ~8K) */ /* P-RNG + HW RNG (P-RNG is ~8K) */
#undef HAVE_HASHDRBG #undef HAVE_HASHDRBG
#define HAVE_HASHDRBG #define HAVE_HASHDRBG
extern unsigned int custom_rand_generate(void);
#undef CUSTOM_RAND_GENERATE
#define CUSTOM_RAND_GENERATE custom_rand_generate
#else #else
#undef WC_NO_HASHDRBG
#define WC_NO_HASHDRBG
/* Bypass P-RNG and use only HW RNG */ /* Bypass P-RNG and use only HW RNG */
extern int custom_rand_generate_block(unsigned char* output, unsigned int sz); extern int custom_rand_generate_block(unsigned char* output, unsigned int sz);
#undef CUSTOM_RAND_GENERATE_BLOCK #undef CUSTOM_RAND_GENERATE_BLOCK

26
IDE/ROWLEY-CROSSWORKS-ARM/wolfssl.hzp
View File

@@ -122,12 +122,26 @@
recurse="Yes" /> recurse="Yes" />
<file file_name="user_settings.h" /> <file file_name="user_settings.h" />
<file file_name="README.md" /> <file file_name="README.md" />
<folder <folder Name="source">
Name="source" <file file_name="../../src/bio.c">
exclude="" <configuration Name="ARM_Debug" build_exclude_from_build="Yes" />
filter="" </file>
path="../../src" <file file_name="../../src/crl.c" />
recurse="No" /> <file file_name="../../src/include.am" />
<file file_name="../../src/internal.c" />
<file file_name="../../src/io.c" />
<file file_name="../../src/keys.c" />
<file file_name="../../src/libwolfssl.la" />
<file file_name="../../src/ocsp.c" />
<file file_name="../../src/sniffer.c" />
<file file_name="../../src/src_libwolfssl_la-internal.lo" />
<file file_name="../../src/src_libwolfssl_la-io.lo" />
<file file_name="../../src/src_libwolfssl_la-keys.lo" />
<file file_name="../../src/src_libwolfssl_la-ssl.lo" />
<file file_name="../../src/src_libwolfssl_la-tls.lo" />
<file file_name="../../src/ssl.c" />
<file file_name="../../src/tls.c" />
</folder>
</folder> </folder>
</project> </project>
<project Name="test"> <project Name="test">

23
configure.ac
View File

@@ -613,7 +613,7 @@ fi
AM_CONDITIONAL([BUILD_ARMASM], [test "x$ENABLED_ARMASM" = "xyes"]) AM_CONDITIONAL([BUILD_ARMASM], [test "x$ENABLED_ARMASM" = "xyes"])
# AES-NI # INTEL AES-NI
AC_ARG_ENABLE([aesni], AC_ARG_ENABLE([aesni],
[AS_HELP_STRING([--enable-aesni],[Enable wolfSSL AES-NI support (default: disabled)])], [AS_HELP_STRING([--enable-aesni],[Enable wolfSSL AES-NI support (default: disabled)])],
[ ENABLED_AESNI=$enableval ], [ ENABLED_AESNI=$enableval ],
@@ -627,6 +627,7 @@ AC_ARG_ENABLE([intelasm],
[ ENABLED_INTELASM=no ] [ ENABLED_INTELASM=no ]
) )
if test "$ENABLED_AESNI" = "yes" || test "$ENABLED_INTELASM" = "yes" if test "$ENABLED_AESNI" = "yes" || test "$ENABLED_INTELASM" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI"
@@ -644,10 +645,22 @@ fi
if test "$ENABLED_INTELASM" = "yes" if test "$ENABLED_INTELASM" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDGEN -DUSE_INTEL_SPEEDUP" AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDSEED -DUSE_INTEL_SPEEDUP"
ENABLED_AESNI=yes ENABLED_AESNI=yes
fi fi
# INTEL RDRAND
AC_ARG_ENABLE([intelrand],
[AS_HELP_STRING([--enable-intelrand],[Enable Intel rdrand as preferred RNG source (default: disabled)])],
[ ENABLED_INTELRDRAND=$enableval ],
[ ENABLED_INTELRDRAND=no ]
)
if test "$ENABLED_INTELRDRAND" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDRAND"
fi
AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"]) AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"])
@@ -1683,11 +1696,13 @@ if test "x$ENABLED_HASHDRBG" = "xyes"
then then
AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG" AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG"
else else
# turn on Hash DRBG if FIPS is on or ARC4 is off # turn on Hash DRBG if FIPS is on
if test "x$ENABLED_FIPS" = "xyes" || test "x$ENABLED_ARC4" = "xno" if test "x$ENABLED_FIPS" = "xyes"
then then
AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG" AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG"
ENABLED_HASHDRBG=yes ENABLED_HASHDRBG=yes
else
AM_CFLAGS="$AM_CFLAGS -DWC_NO_HASHDRBG"
fi fi
fi fi

517
wolfcrypt/src/random.c
View File

@@ -33,13 +33,6 @@
#include <wolfssl/wolfcrypt/random.h> #include <wolfssl/wolfcrypt/random.h>
#if defined(CUSTOM_RAND_GENERATE) && !defined(CUSTOM_RAND_TYPE)
/* To maintain compatibility the default return value from CUSTOM_RAND_GENERATE is byte */
#define CUSTOM_RAND_TYPE byte
#endif
#define RNG_HEALTH_TEST_CHECK_SIZE (SHA256_DIGEST_SIZE * 4)
#ifdef HAVE_FIPS #ifdef HAVE_FIPS
int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz) int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz)
@@ -64,14 +57,13 @@ int wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
return RNG_GenerateByte(rng, b); return RNG_GenerateByte(rng, b);
} }
#if defined(HAVE_HASHDRBG) || defined(NO_RC4) #ifdef HAVE_HASHDRBG
int wc_FreeRng(WC_RNG* rng) int wc_FreeRng(WC_RNG* rng)
{ {
return FreeRng_fips(rng); return FreeRng_fips(rng);
} }
int wc_RNG_HealthTest(int reseed, int wc_RNG_HealthTest(int reseed,
const byte* entropyA, word32 entropyASz, const byte* entropyA, word32 entropyASz,
const byte* entropyB, word32 entropyBSz, const byte* entropyB, word32 entropyBSz,
@@ -80,51 +72,13 @@ int wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
return RNG_HealthTest_fips(reseed, entropyA, entropyASz, return RNG_HealthTest_fips(reseed, entropyA, entropyASz,
entropyB, entropyBSz, output, outputSz); entropyB, entropyBSz, output, outputSz);
} }
#endif /* HAVE_HASHDRBG || NO_RC4 */ #endif /* HAVE_HASHDRBG */
#else /* else build without fips */ #else /* else build without fips */
#ifndef WC_NO_RNG /* if not FIPS and RNG is disabled then do not compile */ #ifndef WC_NO_RNG /* if not FIPS and RNG is disabled then do not compile */
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
/* Allow custom RNG system */
#ifdef CUSTOM_RAND_GENERATE_BLOCK
int wc_InitRng_ex(WC_RNG* rng, void* heap)
{
(void)rng;
(void)heap;
return 0;
}
int wc_InitRng(WC_RNG* rng)
{
return wc_InitRng_ex(rng, NULL);
}
int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
{
(void)rng;
XMEMSET(output, 0, sz);
return CUSTOM_RAND_GENERATE_BLOCK(output, sz);
}
int wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
{
return wc_RNG_GenerateBlock(rng, b, 1);
}
int wc_FreeRng(WC_RNG* rng)
{
(void)rng;
return 0;
}
#else
/* Use HASHDRGB with SHA256 */
#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
#include <wolfssl/wolfcrypt/sha256.h> #include <wolfssl/wolfcrypt/sha256.h>
#ifdef NO_INLINE #ifdef NO_INLINE
@@ -133,7 +87,6 @@ int wc_FreeRng(WC_RNG* rng)
#define WOLFSSL_MISC_INCLUDED #define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c> #include <wolfcrypt/src/misc.c>
#endif #endif
#endif /* HAVE_HASHDRBG || NO_RC4 */
#if defined(WOLFSSL_SGX) #if defined(WOLFSSL_SGX)
#include <sgx_trts.h> #include <sgx_trts.h>
@@ -143,36 +96,41 @@ int wc_FreeRng(WC_RNG* rng)
#endif #endif
#include <windows.h> #include <windows.h>
#include <wincrypt.h> #include <wincrypt.h>
#else #elif defined(HAVE_WNR)
#ifdef HAVE_WNR
#include <wnr.h> #include <wnr.h>
#include <wolfssl/wolfcrypt/logging.h> #include <wolfssl/wolfcrypt/logging.h>
wolfSSL_Mutex wnr_mutex; /* global netRandom mutex */ wolfSSL_Mutex wnr_mutex; /* global netRandom mutex */
int wnr_timeout = 0; /* entropy timeout, mililseconds */ int wnr_timeout = 0; /* entropy timeout, mililseconds */
int wnr_mutex_init = 0; /* flag for mutex init */ int wnr_mutex_init = 0; /* flag for mutex init */
wnr_context* wnr_ctx; /* global netRandom context */ wnr_context* wnr_ctx; /* global netRandom context */
#elif !defined(NO_DEV_RANDOM) && !defined(CUSTOM_RAND_GENERATE) && \
!defined(WOLFSSL_GENSEED_FORTEST) && !defined(WOLFSSL_MDK_ARM) && \
!defined(WOLFSSL_IAR_ARM) && !defined(WOLFSSL_ROWLEY_ARM) && \
!defined(WOLFSSL_EMBOS)
#include <fcntl.h>
#ifndef EBSNET
#include <unistd.h>
#endif
#elif defined(FREESCALE_KSDK_2_0_TRNG) #elif defined(FREESCALE_KSDK_2_0_TRNG)
#include "fsl_trng.h" #include "fsl_trng.h"
#elif defined(FREESCALE_KSDK_2_0_RNGA) #elif defined(FREESCALE_KSDK_2_0_RNGA)
#include "fsl_rnga.h" #include "fsl_rnga.h"
#elif defined(NO_DEV_RANDOM)
#elif defined(CUSTOM_RAND_GENERATE)
#elif defined(CUSTOM_RAND_GENERATE_BLOCK)
#elif defined(WOLFSSL_GENSEED_FORTEST)
#elif defined(WOLFSSL_MDK_ARM)
#elif defined(WOLFSSL_IAR_ARM)
#elif defined(WOLFSSL_ROWLEY_ARM)
#elif defined(WOLFSSL_EMBOS)
#else #else
/* include headers that may be needed to get good seed */ /* include headers that may be needed to get good seed */
#include <fcntl.h>
#ifndef EBSNET
#include <unistd.h>
#endif
#endif #endif
#endif /* USE_WINDOWS_API */
#ifdef HAVE_INTEL_RDGEN
static int wc_InitRng_IntelRD(void) ; #if defined(HAVE_INTEL_RDRAND) || defined(HAVE_INTEL_RDSEED)
#if defined(HAVE_HASHDRBG) || defined(NO_RC4) static void wc_InitRng_IntelRD(void);
#ifdef HAVE_INTEL_RDSEED
static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz); static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz);
#else #endif
#ifdef HAVE_INTEL_RDRAND
static int wc_GenerateRand_IntelRD(OS_Seed* os, byte* output, word32 sz); static int wc_GenerateRand_IntelRD(OS_Seed* os, byte* output, word32 sz);
#endif #endif
static word32 cpuid_check = 0; static word32 cpuid_check = 0;
@@ -183,10 +141,8 @@ int wc_FreeRng(WC_RNG* rng)
#define IS_INTEL_RDSEED (cpuid_flags & CPUID_RDSEED) #define IS_INTEL_RDSEED (cpuid_flags & CPUID_RDSEED)
#endif #endif
#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
/* Start NIST DRBG code */ /* Start NIST DRBG code */
#ifdef HAVE_HASHDRBG
#define OUTPUT_BLOCK_LEN (SHA256_DIGEST_SIZE) #define OUTPUT_BLOCK_LEN (SHA256_DIGEST_SIZE)
#define MAX_REQUEST_LEN (0x10000) #define MAX_REQUEST_LEN (0x10000)
@@ -209,12 +165,13 @@ int wc_FreeRng(WC_RNG* rng)
#define DRBG_FAILED 2 #define DRBG_FAILED 2
#define DRBG_CONT_FAILED 3 #define DRBG_CONT_FAILED 3
#define RNG_HEALTH_TEST_CHECK_SIZE (SHA256_DIGEST_SIZE * 4)
/* Verify max gen block len */ /* Verify max gen block len */
#if RNG_MAX_BLOCK_LEN > MAX_REQUEST_LEN #if RNG_MAX_BLOCK_LEN > MAX_REQUEST_LEN
#error RNG_MAX_BLOCK_LEN is larger than NIST DBRG max request length #error RNG_MAX_BLOCK_LEN is larger than NIST DBRG max request length
#endif #endif
enum { enum {
drbgInitC = 0, drbgInitC = 0,
drbgReseed = 1, drbgReseed = 1,
@@ -295,7 +252,6 @@ static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type,
return DRBG_SUCCESS; return DRBG_SUCCESS;
} }
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ /* Returns: DRBG_SUCCESS or DRBG_FAILURE */
static int Hash_DRBG_Reseed(DRBG* drbg, const byte* entropy, word32 entropySz) static int Hash_DRBG_Reseed(DRBG* drbg, const byte* entropy, word32 entropySz)
{ {
@@ -331,7 +287,6 @@ static INLINE void array_add_one(byte* data, word32 dataSz)
} }
} }
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ /* Returns: DRBG_SUCCESS or DRBG_FAILURE */
static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V) static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
{ {
@@ -393,7 +348,6 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
return DRBG_SUCCESS; return DRBG_SUCCESS;
} }
static INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen) static INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen)
{ {
word16 carry = 0; word16 carry = 0;
@@ -416,7 +370,6 @@ static INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen)
} }
} }
/* Returns: DRBG_SUCCESS, DRBG_NEED_RESEED, or DRBG_FAILURE */ /* Returns: DRBG_SUCCESS, DRBG_NEED_RESEED, or DRBG_FAILURE */
static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz) static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz)
{ {
@@ -455,7 +408,6 @@ static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz)
return ret; return ret;
} }
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ /* Returns: DRBG_SUCCESS or DRBG_FAILURE */
static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz, static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz,
const byte* nonce, word32 nonceSz) const byte* nonce, word32 nonceSz)
@@ -478,7 +430,6 @@ static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz,
return ret; return ret;
} }
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ /* Returns: DRBG_SUCCESS or DRBG_FAILURE */
static int Hash_DRBG_Uninstantiate(DRBG* drbg) static int Hash_DRBG_Uninstantiate(DRBG* drbg)
{ {
@@ -493,22 +444,50 @@ static int Hash_DRBG_Uninstantiate(DRBG* drbg)
return (compareSum == 0) ? DRBG_SUCCESS : DRBG_FAILURE; return (compareSum == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
} }
#endif /* HAVE_HASHDRBG */
/* End NIST DRBG Code */ /* End NIST DRBG Code */
/* Get seed and key cipher */
int wc_InitRng_ex(WC_RNG* rng, void* heap) int wc_InitRng_ex(WC_RNG* rng, void* heap)
{ {
int ret = BAD_FUNC_ARG; int ret = RNG_FAILURE_E;
if (rng == NULL)
return BAD_FUNC_ARG;
if (rng != NULL) {
#ifdef WOLFSSL_HEAP_TEST #ifdef WOLFSSL_HEAP_TEST
rng->heap = (void*)WOLFSSL_HEAP_TEST; rng->heap = (void*)WOLFSSL_HEAP_TEST;
(void)heap; (void)heap;
#else #else
rng->heap = heap; rng->heap = heap;
#endif #endif
#ifdef HAVE_HASHDRBG
/* init the DBRG to known values */
rng->drbg = NULL;
rng->status = DRBG_NOT_INIT;
#endif
#if defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND)
/* init the intel RD seed and/or rand */
wc_InitRng_IntelRD();
#endif
/* configure async RNG source if available */
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
ret = wolfAsync_DevCtxInit(&rng->asyncDev, WOLFSSL_ASYNC_MARKER_RNG, INVALID_DEVID);
if (ret != 0)
return ret;
#endif
#ifdef HAVE_INTEL_RDRAND
/* if CPU supports RDRAND, use it directly and by-pass DRBG init */
if (IS_INTEL_RDRAND)
return 0;
#endif
#ifdef HAVE_HASHDRBG
if (wc_RNG_HealthTestLocal(0) == 0) { if (wc_RNG_HealthTestLocal(0) == 0) {
byte entropy[ENTROPY_NONCE_SZ]; byte entropy[ENTROPY_NONCE_SZ];
@@ -551,7 +530,7 @@ int wc_InitRng_ex(WC_RNG* rng, void* heap)
else { else {
rng->status = DRBG_FAILED; rng->status = DRBG_FAILED;
} }
} #endif /* HAVE_HASHDRBG */
return ret; return ret;
} }
@@ -567,14 +546,33 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
{ {
int ret; int ret;
if (rng == NULL || output == NULL || sz > RNG_MAX_BLOCK_LEN) if (rng == NULL || output == NULL)
return BAD_FUNC_ARG;
#ifdef HAVE_INTEL_RDRAND
if (IS_INTEL_RDRAND)
return wc_GenerateRand_IntelRD(NULL, output, sz);
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
if (aes->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RNG) {
return NitroxRngGenerateBlock(rng, output, sz);
}
#endif
#ifdef CUSTOM_RAND_GENERATE_BLOCK
XMEMSET(output, 0, sz);
return CUSTOM_RAND_GENERATE_BLOCK(output, sz);
#endif
#ifdef HAVE_HASHDRBG
if (sz > RNG_MAX_BLOCK_LEN)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
if (rng->status != DRBG_OK) if (rng->status != DRBG_OK)
return RNG_FAILURE_E; return RNG_FAILURE_E;
ret = Hash_DRBG_Generate(rng->drbg, output, sz); ret = Hash_DRBG_Generate(rng->drbg, output, sz);
if (ret == DRBG_NEED_RESEED) { if (ret == DRBG_NEED_RESEED) {
if (wc_RNG_HealthTestLocal(1) == 0) { if (wc_RNG_HealthTestLocal(1) == 0) {
byte entropy[ENTROPY_SZ]; byte entropy[ENTROPY_SZ];
@@ -607,6 +605,12 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
ret = RNG_FAILURE_E; ret = RNG_FAILURE_E;
rng->status = DRBG_FAILED; rng->status = DRBG_FAILED;
} }
#else
/* if we get here then there is an RNG configuration error */
ret = RNG_FAILURE_E;
#endif /* HAVE_HASHDRBG */
return ret; return ret;
} }
@@ -620,13 +624,18 @@ int wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
int wc_FreeRng(WC_RNG* rng) int wc_FreeRng(WC_RNG* rng)
{ {
int ret = BAD_FUNC_ARG; int ret = 0;
if (rng != NULL) { if (rng == NULL)
return BAD_FUNC_ARG;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
wolfAsync_DevCtxFree(&rng->asyncDev);
#endif
#ifdef HAVE_HASHDRBG
if (rng->drbg != NULL) { if (rng->drbg != NULL) {
if (Hash_DRBG_Uninstantiate(rng->drbg) == DRBG_SUCCESS) if (Hash_DRBG_Uninstantiate(rng->drbg) != DRBG_SUCCESS)
ret = 0;
else
ret = RNG_FAILURE_E; ret = RNG_FAILURE_E;
XFREE(rng->drbg, rng->heap, DYNAMIC_TYPE_RNG); XFREE(rng->drbg, rng->heap, DYNAMIC_TYPE_RNG);
@@ -634,12 +643,12 @@ int wc_FreeRng(WC_RNG* rng)
} }
rng->status = DRBG_NOT_INIT; rng->status = DRBG_NOT_INIT;
} #endif /* HAVE_HASHDRBG */
return ret; return ret;
} }
#ifdef HAVE_HASHDRBG
int wc_RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz, int wc_RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz,
const byte* entropyB, word32 entropyBSz, const byte* entropyB, word32 entropyBSz,
byte* output, word32 outputSz) byte* output, word32 outputSz)
@@ -801,97 +810,7 @@ static int wc_RNG_HealthTestLocal(int reseed)
return ret; return ret;
} }
#endif /* HAVE_HASHDRBG */
#else /* HAVE_HASHDRBG || NO_RC4 */
/* Get seed and key cipher */
int wc_InitRng(WC_RNG* rng)
{
int ret;
#ifdef WOLFSSL_SMALL_STACK
byte* key;
byte* junk;
#else
byte key[32];
byte junk[256];
#endif
#ifdef HAVE_INTEL_RDGEN
wc_InitRng_IntelRD();
if(IS_INTEL_RDRAND) return 0;
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
ret = wolfAsync_DevCtxInit(&rng->asyncDev, WOLFSSL_ASYNC_MARKER_RNG, INVALID_DEVID);
if (ret != 0) return ret;
#endif
#ifdef WOLFSSL_SMALL_STACK
key = (byte*)XMALLOC(32, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL)
return MEMORY_E;
junk = (byte*)XMALLOC(256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (junk == NULL) {
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
key = NULL;
return MEMORY_E;
}
#endif
ret = wc_GenerateSeed(&rng->seed, key, 32);
if (ret == 0) {
wc_Arc4SetKey(&rng->cipher, key, sizeof(key));
ret = wc_RNG_GenerateBlock(rng, junk, 256); /*rid initial state*/
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(junk, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
/* place a generated block in output */
int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
{
#ifdef HAVE_INTEL_RDGEN
if(IS_INTEL_RDRAND)
return wc_GenerateRand_IntelRD(NULL, output, sz) ;
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
if (aes->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RNG) {
return NitroxRngGenerateBlock(rng, output, sz);
}
#endif
XMEMSET(output, 0, sz);
wc_Arc4Process(&rng->cipher, output, output, sz);
return 0;
}
int wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
{
return wc_RNG_GenerateBlock(rng, b, 1);
}
int wc_FreeRng(WC_RNG* rng)
{
(void)rng;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
wolfAsync_DevCtxFree(&rng->asyncDev);
#endif
return 0;
}
#endif /* HAVE_HASHDRBG || NO_RC4 */
#ifdef HAVE_WNR #ifdef HAVE_WNR
@@ -992,7 +911,7 @@ int wc_FreeNetRandom(void)
#endif /* HAVE_WNR */ #endif /* HAVE_WNR */
#if defined(HAVE_INTEL_RDGEN) #if defined(HAVE_INTEL_RDRAND) || defined(HAVE_INTEL_RDSEED)
#ifndef _MSC_VER #ifndef _MSC_VER
#define cpuid(reg, leaf, sub)\ #define cpuid(reg, leaf, sub)\
@@ -1023,7 +942,8 @@ static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) {
cpuid(reg, 0, 0); cpuid(reg, 0, 0);
if (XMEMCMP((char *)&(reg[EBX]), "Genu", 4) == 0 && if (XMEMCMP((char *)&(reg[EBX]), "Genu", 4) == 0 &&
XMEMCMP((char *)&(reg[EDX]), "ineI", 4) == 0 && XMEMCMP((char *)&(reg[EDX]), "ineI", 4) == 0 &&
XMEMCMP((char *)&(reg[ECX]), "ntel", 4) == 0) { XMEMCMP((char *)&(reg[ECX]), "ntel", 4) == 0)
{
got_intel_cpu = 1; got_intel_cpu = 1;
} }
if (got_intel_cpu) { if (got_intel_cpu) {
@@ -1033,19 +953,17 @@ static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) {
return 0; return 0;
} }
static int wc_InitRng_IntelRD() static void wc_InitRng_IntelRD(void) {
{
if (cpuid_check==0) { if (cpuid_check==0) {
if (cpuid_flag(1, 0, ECX, 30)) { cpuid_flags |= CPUID_RDRAND; } if (cpuid_flag(1, 0, ECX, 30)) { cpuid_flags |= CPUID_RDRAND; }
if (cpuid_flag(7, 0, EBX, 18)) { cpuid_flags |= CPUID_RDSEED; } if (cpuid_flag(7, 0, EBX, 18)) { cpuid_flags |= CPUID_RDSEED; }
cpuid_check = 1; cpuid_check = 1;
} }
return 1 ;
} }
#define INTELRD_RETRY 32 #define INTELRD_RETRY 32
#if defined(HAVE_HASHDRBG) || defined(NO_RC4) #ifdef HAVE_INTEL_RDSEED
/* return 0 on success */ /* return 0 on success */
static INLINE int IntelRDseed64(word64* seed) static INLINE int IntelRDseed64(word64* seed)
@@ -1053,10 +971,7 @@ static INLINE int IntelRDseed64(word64* seed)
unsigned char ok; unsigned char ok;
__asm__ volatile("rdseed %0; setc %1":"=r"(*seed), "=qm"(ok)); __asm__ volatile("rdseed %0; setc %1":"=r"(*seed), "=qm"(ok));
if(ok){ return (ok) ? 0 : -1;
return 0 ;
} else
return 1;
} }
/* return 0 on success */ /* return 0 on success */
@@ -1064,46 +979,54 @@ static INLINE int IntelRDseed64_r(word64* rnd)
{ {
int i; int i;
for (i = 0; i < INTELRD_RETRY; i++) { for (i = 0; i < INTELRD_RETRY; i++) {
if(IntelRDseed64(rnd) == 0) return 0 ; if (IntelRDseed64(rnd) == 0)
return 0;
} }
return 1 ; return -1;
} }
/* return 0 on success */ /* return 0 on success */
static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz) static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz)
{ {
(void) os ;
int ret; int ret;
word64 rndTmp; word64 rndTmp;
for( ; sz/8 > 0; sz-=8, output+=8) { (void)os;
if(IS_INTEL_RDSEED)ret = IntelRDseed64_r((word64*)output);
else return 1 ; if (!IS_INTEL_RDSEED)
if(ret) return -1;
return 1 ;
} for (; (sz / sizeof(word64)) > 0; sz -= sizeof(word64),
if(sz == 0)return 0 ; output += sizeof(word64)) {
ret = IntelRDseed64_r((word64*)output);
if (ret != 0)
return ret;
}
if (sz == 0)
return 0;
/* handle unaligned remainder */
ret = IntelRDseed64_r(&rndTmp);
if (ret != 0)
return ret;
if(IS_INTEL_RDSEED)ret = IntelRDseed64_r(&rndTmp) ;
else return 1 ;
if(ret)
return 1 ;
XMEMCPY(output, &rndTmp, sz); XMEMCPY(output, &rndTmp, sz);
return 0; return 0;
} }
#else /* HAVE_HASHDRBG || NO_RC4 */ #endif /* HAVE_INTEL_RDSEED */
#ifdef HAVE_INTEL_RDRAND
/* return 0 on success */ /* return 0 on success */
static INLINE int IntelRDrand32(unsigned int *rnd) static INLINE int IntelRDrand32(unsigned int *rnd)
{ {
int rdrand; unsigned char ok ; unsigned char ok;
__asm__ volatile("rdrand %0; setc %1":"=r"(rdrand), "=qm"(ok));
if(ok){ __asm__ volatile("rdrand %0; setc %1":"=r"(*rnd), "=qm"(ok));
*rnd = rdrand;
return 0 ; return (ok) ? 0 : -1;
} else
return 1;
} }
/* return 0 on success */ /* return 0 on success */
@@ -1111,39 +1034,47 @@ static INLINE int IntelRDrand32_r(unsigned int *rnd)
{ {
int i; int i;
for (i = 0; i < INTELRD_RETRY; i++) { for (i = 0; i < INTELRD_RETRY; i++) {
if(IntelRDrand32(rnd) == 0) return 0 ; if (IntelRDrand32(rnd) == 0)
return 0;
} }
return 1 ; return -1;
} }
/* return 0 on success */ /* return 0 on success */
static int wc_GenerateRand_IntelRD(OS_Seed* os, byte* output, word32 sz) static int wc_GenerateRand_IntelRD(OS_Seed* os, byte* output, word32 sz)
{ {
(void) os ;
int ret; int ret;
unsigned int rndTmp; unsigned int rndTmp;
for( ; sz/4 > 0; sz-=4, output+=4) { (void)os;
if(IS_INTEL_RDRAND)ret = IntelRDrand32_r((word32 *)output);
else return 1 ; if (!IS_INTEL_RDRAND)
if(ret) return -1;
return 1 ;
} for (; (sz / sizeof(word32)) > 0; sz -= sizeof(word32),
if(sz == 0)return 0 ; output += sizeof(word32)) {
ret = IntelRDrand32_r((word32 *)output);
if (ret != 0)
return ret;
}
if (sz == 0)
return 0;
/* handle unaligned remainder */
ret = IntelRDrand32_r(&rndTmp);
if (ret != 0)
return ret;
if(IS_INTEL_RDRAND)ret = IntelRDrand32_r(&rndTmp);
else return 1 ;
if(ret)
return 1 ;
XMEMCPY(output, &rndTmp, sz); XMEMCPY(output, &rndTmp, sz);
return 0; return 0;
} }
#endif /* defined(HAVE_HASHDRBG) || defined(NO_RC4) */
#endif /* HAVE_INTEL_RDGEN */ #endif /* HAVE_INTEL_RDRAND */
#endif /* HAVE_INTEL_RDRAND || HAVE_INTEL_RDSEED */
/* wc_GenerateSeed Implementations */ /* Begin wc_GenerateSeed Implementations */
#if defined(CUSTOM_RAND_GENERATE_SEED) #if defined(CUSTOM_RAND_GENERATE_SEED)
/* Implement your own random generation function /* Implement your own random generation function
@@ -1170,7 +1101,6 @@ static int wc_GenerateRand_IntelRD(OS_Seed* os, byte* output, word32 sz)
return CUSTOM_RAND_GENERATE_SEED_OS(os, output, sz); return CUSTOM_RAND_GENERATE_SEED_OS(os, output, sz);
} }
#elif defined(CUSTOM_RAND_GENERATE) #elif defined(CUSTOM_RAND_GENERATE)
/* Implement your own random generation function /* Implement your own random generation function
@@ -1275,6 +1205,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
#endif #endif
#define PIC32_SEED_COUNT ReadCoreTimer #define PIC32_SEED_COUNT ReadCoreTimer
#endif #endif
#ifdef WOLFSSL_MIC32MZ_RNG #ifdef WOLFSSL_MIC32MZ_RNG
#include "xc.h" #include "xc.h"
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
@@ -1451,40 +1382,9 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
} }
#else #else
#warning "write a real random seed!!!!, just for testing now" #define USE_TEST_GENSEED
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
int i;
for (i = 0; i < sz; i++ )
output[i] = i;
return 0;
}
#endif /* FREESCALE_K70_RNGA */ #endif /* FREESCALE_K70_RNGA */
#elif defined(WOLFSSL_SAFERTOS) || defined(WOLFSSL_LEANPSK) \
|| defined(WOLFSSL_IAR_ARM) || defined(WOLFSSL_MDK_ARM) \
|| defined(WOLFSSL_uITRON4) || defined(WOLFSSL_uTKERNEL2)\
|| defined(WOLFSSL_GENSEED_FORTEST)
#ifndef _MSC_VER
#warning "write a real random seed!!!!, just for testing now"
#else
#pragma message("Warning: write a real random seed!!!!, just for testing now")
#endif
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
word32 i;
for (i = 0; i < sz; i++ )
output[i] = i;
(void)os;
return 0;
}
#elif defined(STM32F2_RNG) || defined(STM32F4_RNG) #elif defined(STM32F2_RNG) || defined(STM32F4_RNG)
/* /*
* wc_Generate a RNG seed using the hardware random number generator * wc_Generate a RNG seed using the hardware random number generator
@@ -1535,21 +1435,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
} }
#endif /* WOLFSSL_STM32_CUBEMX */ #endif /* WOLFSSL_STM32_CUBEMX */
#elif defined(WOLFSSL_LPC43xx) || defined(WOLFSSL_STM32F2xx) || defined(MBED) \
|| defined(WOLFSSL_EMBOS)
#warning "write a real random seed!!!!, just for testing now"
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
int i;
for (i = 0; i < sz; i++ )
output[i] = i;
return 0;
}
#elif defined(WOLFSSL_TIRTOS) #elif defined(WOLFSSL_TIRTOS)
#include <xdc/runtime/Timestamp.h> #include <xdc/runtime/Timestamp.h>
@@ -1693,18 +1578,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return ret; return ret;
} }
#elif defined(NO_DEV_RANDOM)
#error "you need to write an os specific wc_GenerateSeed() here"
/*
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
return 0;
}
*/
#elif defined(IDIRECT_DEV_RANDOM) #elif defined(IDIRECT_DEV_RANDOM)
extern int getRandom( int sz, unsigned char *output ); extern int getRandom( int sz, unsigned char *output );
@@ -1718,17 +1591,43 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return 0; return 0;
} }
#elif defined(CUSTOM_RAND_GENERATE_BLOCK)
/* #define CUSTOM_RAND_GENERATE_BLOCK myRngFunc
* extern int myRngFunc(byte* output, word32 sz);
*/
#else /* !USE_WINDOWS_API && !HAVE_RPT_SYS && !MICRIUM && !NO_DEV_RANDOM */ #elif defined(WOLFSSL_SAFERTOS) || defined(WOLFSSL_LEANPSK) || \
defined(WOLFSSL_IAR_ARM) || defined(WOLFSSL_MDK_ARM) || \
defined(WOLFSSL_uITRON4) || defined(WOLFSSL_uTKERNEL2) || \
defined(WOLFSSL_LPC43xx) || defined(WOLFSSL_STM32F2xx) || \
defined(MBED) || defined(WOLFSSL_EMBOS) || \
defined(WOLFSSL_GENSEED_FORTEST)
/* these platforms do not have a default random seed and
you'll need to implement your own wc_GenerateSeed or define via
CUSTOM_RAND_GENERATE_BLOCK */
#define USE_TEST_GENSEED
#elif defined(NO_DEV_RANDOM)
#error "you need to write an os specific wc_GenerateSeed() here"
/*
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
return 0;
}
*/
#else
/* may block */ /* may block */
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{ {
int ret = 0; int ret = 0;
#ifdef HAVE_INTEL_RDSEED
#if defined(HAVE_INTEL_RDGEN) && (defined(HAVE_HASHDRBG) || defined(NO_RC4))
wc_InitRng_IntelRD() ; /* set cpuid_flags if not yet */
if (IS_INTEL_RDSEED) { if (IS_INTEL_RDSEED) {
ret = wc_GenerateSeed_IntelRD(NULL, output, sz); ret = wc_GenerateSeed_IntelRD(NULL, output, sz);
if (ret == 0) { if (ret == 0) {
@@ -1744,7 +1643,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
#endif #endif
} }
#endif #endif /* HAVE_INTEL_RDSEED */
os->fd = open("/dev/urandom",O_RDONLY); os->fd = open("/dev/urandom",O_RDONLY);
if (os->fd == -1) { if (os->fd == -1) {
@@ -1778,8 +1677,28 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return ret; return ret;
} }
#endif /* USE_WINDOWS_API */ #endif
#endif /* CUSTOM_RAND_GENERATE_BLOCK */
#ifdef USE_TEST_GENSEED
#ifndef _MSC_VER
#warning "write a real random seed!!!!, just for testing now"
#else
#pragma message("Warning: write a real random seed!!!!, just for testing now")
#endif
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
word32 i;
for (i = 0; i < sz; i++ )
output[i] = i;
(void)os;
return 0;
}
#endif
/* End wc_GenerateSeed */
#endif /* WC_NO_RNG */ #endif /* WC_NO_RNG */
#endif /* HAVE_FIPS */ #endif /* HAVE_FIPS */

14
wolfcrypt/test/test.c
View File

@@ -1025,8 +1025,7 @@ int base64_test()
int asn_test() int asn_test()
{ {
#ifndef NO_ASN_TIME #ifndef NO_ASN_TIME
{ long now;
time_t now;
/* Parameter Validation tests. */ /* Parameter Validation tests. */
if (wc_GetTime(NULL, sizeof(now)) != BAD_FUNC_ARG) if (wc_GetTime(NULL, sizeof(now)) != BAD_FUNC_ARG)
@@ -1039,7 +1038,6 @@ int asn_test()
return -102; return -102;
if (now == 0) if (now == 0)
return -103; return -103;
}
#endif #endif
return 0; return 0;
@@ -5047,7 +5045,7 @@ exit:
return ret; return ret;
} }
#if (defined(HAVE_HASHDRBG) || defined(NO_RC4)) && !defined(CUSTOM_RAND_GENERATE_BLOCK) #if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
int random_test(void) int random_test(void)
{ {
@@ -5126,17 +5124,15 @@ int random_test(void)
return 0; return 0;
} }
#else /* (HAVE_HASHDRBG || NO_RC4) && !CUSTOM_RAND_GENERATE_BLOCK */ #else
int random_test(void) int random_test(void)
{ {
/* Basic RNG generate block test */ /* Basic RNG generate block test */
random_rng_test(); return random_rng_test();
return 0;
} }
#endif /* (HAVE_HASHDRBG || NO_RC4) && !CUSTOM_RAND_GENERATE_BLOCK */ #endif /* HAVE_HASHDRBG && !CUSTOM_RAND_GENERATE_BLOCK */
#endif /* WC_NO_RNG */ #endif /* WC_NO_RNG */

95
wolfssl/wolfcrypt/random.h
View File

@@ -36,43 +36,70 @@
#endif #endif
/* Maximum generate block length */ /* Maximum generate block length */
#ifndef RNG_MAX_BLOCK_LEN
#define RNG_MAX_BLOCK_LEN (0x10000) #define RNG_MAX_BLOCK_LEN (0x10000)
#endif
/* Size of the BRBG seed */
#ifndef DRBG_SEED_LEN
#define DRBG_SEED_LEN (440/8)
#endif
#if defined(CUSTOM_RAND_GENERATE) && !defined(CUSTOM_RAND_TYPE)
/* To maintain compatibility the default is byte */
#define CUSTOM_RAND_TYPE byte
#endif
/* make sure Hash DRBG is enabled, unless WC_NO_HASHDRBG is defined
or CUSTOM_RAND_GENERATE_BLOCK is defined*/
#if !defined(WC_NO_HASHDRBG) || !defined(CUSTOM_RAND_GENERATE_BLOCK)
#undef HAVE_HASHDRBG
#define HAVE_HASHDRBG
#endif
#ifndef HAVE_FIPS /* avoid redefining structs and macros */ #ifndef HAVE_FIPS /* avoid redefining structs and macros */
#if defined(WOLFSSL_FORCE_RC4_DRBG) && defined(NO_RC4)
#error Cannot have WOLFSSL_FORCE_RC4_DRBG and NO_RC4 defined.
#endif /* WOLFSSL_FORCE_RC4_DRBG && NO_RC4 */
/* RNG supports the following sources (in order): /* RNG supports the following sources (in order):
* 1. CUSTOM_RAND_GENERATE_BLOCK: Defines name of function as RNG source and * 1. CUSTOM_RAND_GENERATE_BLOCK: Defines name of function as RNG source and
* bypasses the P-RNG. * bypasses the options below.
* 2. HAVE_HASHDRBG && !NO_SHA256 (SHA256 enabled): Uses SHA256 based P-RNG * 2. HAVE_INTEL_RDRAND: Uses the Intel RDRAND if supported by CPU.
* 3. HAVE_HASHDRBG (requires SHA256 enabled): Uses SHA256 based P-RNG
* seeded via wc_GenerateSeed. This is the default source. * seeded via wc_GenerateSeed. This is the default source.
* 3. !NO_RC4 (RC4 enabled): Uses RC4
*/ */
/* Seed source can be overriden by defining one of these:
CUSTOM_RAND_GENERATE_SEED
CUSTOM_RAND_GENERATE_SEED_OS
CUSTOM_RAND_GENERATE */
#if defined(CUSTOM_RAND_GENERATE_BLOCK) #if defined(CUSTOM_RAND_GENERATE_BLOCK)
/* To use define the following: /* To use define the following:
* #define CUSTOM_RAND_GENERATE_BLOCK myRngFunc * #define CUSTOM_RAND_GENERATE_BLOCK myRngFunc
* extern int myRngFunc(byte* output, word32 sz); * extern int myRngFunc(byte* output, word32 sz);
*/ */
#elif (defined(HAVE_HASHDRBG) || defined(NO_RC4)) #elif defined(HAVE_HASHDRBG)
#ifdef NO_SHA256 #ifdef NO_SHA256
#error "Hash DRBG requires SHA-256." #error "Hash DRBG requires SHA-256."
#endif /* NO_SHA256 */ #endif /* NO_SHA256 */
#include <wolfssl/wolfcrypt/sha256.h> #include <wolfssl/wolfcrypt/sha256.h>
#elif defined(HAVE_WNR)
/* allow whitewood as direct RNG source using wc_GenerateSeed directly */
#else #else
#include <wolfssl/wolfcrypt/arc4.h> #error No RNG source defined!
#endif #endif
#ifdef HAVE_WNR #ifdef HAVE_WNR
#include <wnr.h> #include <wnr.h>
#endif #endif
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
#if defined(USE_WINDOWS_API) #if defined(USE_WINDOWS_API)
#if defined(_WIN64) #if defined(_WIN64)
typedef unsigned __int64 ProviderHandle; typedef unsigned __int64 ProviderHandle;
@@ -98,46 +125,25 @@ typedef struct OS_Seed {
#define WC_RNG_TYPE_DEFINED #define WC_RNG_TYPE_DEFINED
#endif #endif
#if (defined(HAVE_HASHDRBG) || defined(NO_RC4)) && !defined(CUSTOM_RAND_GENERATE_BLOCK) #ifdef HAVE_HASHDRBG
/* Private DRBG state */
#define DRBG_SEED_LEN (440/8) struct DRBG;
struct DRBG; /* Private DRBG state */
/* Hash-based Deterministic Random Bit Generator */
struct WC_RNG {
struct DRBG* drbg;
OS_Seed seed;
void* heap;
byte status;
};
#else /* (HAVE_HASHDRBG || NO_RC4) && !CUSTOM_RAND_GENERATE_BLOCK */
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif #endif
/* secure Random Number Generator */ /* RNG context */
struct WC_RNG { struct WC_RNG {
OS_Seed seed; OS_Seed seed;
#ifndef NO_RC4 void* heap;
Arc4 cipher; #ifdef HAVE_HASHDRBG
/* Hash-based Deterministic Random Bit Generator */
struct DRBG* drbg;
byte status;
#endif #endif
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
AsyncCryptDev asyncDev; AsyncCryptDev asyncDev;
#endif #endif
}; };
#endif /* (HAVE_HASHDRBG || NO_RC4) && !CUSTOM_RAND_GENERATE_BLOCK */
#endif /* HAVE_FIPS */ #endif /* HAVE_FIPS */
/* NO_OLD_RNGNAME removes RNG struct name to prevent possible type conflicts, /* NO_OLD_RNGNAME removes RNG struct name to prevent possible type conflicts,
@@ -146,6 +152,7 @@ struct WC_RNG {
#define RNG WC_RNG #define RNG WC_RNG
#endif #endif
WOLFSSL_LOCAL WOLFSSL_LOCAL
int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz); int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz);
@@ -164,12 +171,12 @@ WOLFSSL_API int wc_RNG_GenerateByte(WC_RNG*, byte*);
WOLFSSL_API int wc_FreeRng(WC_RNG*); WOLFSSL_API int wc_FreeRng(WC_RNG*);
#if defined(HAVE_HASHDRBG) || defined(NO_RC4) #ifdef HAVE_HASHDRBG
WOLFSSL_API int wc_RNG_HealthTest(int reseed, WOLFSSL_API int wc_RNG_HealthTest(int reseed,
const byte* entropyA, word32 entropyASz, const byte* entropyA, word32 entropyASz,
const byte* entropyB, word32 entropyBSz, const byte* entropyB, word32 entropyBSz,
byte* output, word32 outputSz); byte* output, word32 outputSz);
#endif /* HAVE_HASHDRBG || NO_RC4 */ #endif /* HAVE_HASHDRBG */
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */

6
wolfssl/wolfcrypt/settings.h
View File

@@ -1405,12 +1405,6 @@ extern void uITRON4_free(void *p) ;
#define WOLFSSL_MIN_AUTH_TAG_SZ 12 #define WOLFSSL_MIN_AUTH_TAG_SZ 12
#endif #endif
/* If not forcing ARC4 as the DRBG or using custom RNG block gen, enable Hash_DRBG */
#undef HAVE_HASHDRBG
#if !defined(WOLFSSL_FORCE_RC4_DRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
#define HAVE_HASHDRBG
#endif
/* sniffer requires: /* sniffer requires:
* static RSA cipher suites * static RSA cipher suites