From 72e9ea8e4b60a9f0c446cd51affe20def02a2069 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 7 May 2014 11:54:12 -0700
Subject: [PATCH] added Hash DRBG as configure option

---
 configure.ac              | 21 ++++++++++++++
 ctaocrypt/src/random.c    | 11 ++++----
 cyassl/ctaocrypt/random.h | 58 +++++++++++++++++++++++----------------
 3 files changed, 61 insertions(+), 29 deletions(-)

diff --git a/configure.ac b/configure.ac
index 2de6912a1..2ea028446 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1085,6 +1085,26 @@ fi
 AM_CONDITIONAL([BUILD_FIPS], [test "x$ENABLED_FIPS" = "xyes"])
 
 
+# Hash DRBG
+AC_ARG_ENABLE([hashdrbg],
+    [  --enable-hashdrbg       Enable Hash DRBG support (default: disabled)],
+    [ ENABLED_HASHDRBG=$enableval ],
+    [ ENABLED_HASHDRBG=no ]
+    )
+
+if test "x$ENABLED_HASHDRBG" = "xyes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG"
+else
+    # turn on Hash DRBG if FIPS is on or ARC4 is off
+    if test "x$ENABLED_FIPS" = "xyes" || test "x$ENABLED_ARC4" = "xno"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG"
+        ENABLED_HASHDRBG=yes
+    fi
+fi
+
+
 # Filesystem Build 
 AC_ARG_ENABLE([filesystem],
     [  --enable-filesystem     Enable Filesystem support (default: enabled)],
@@ -1739,6 +1759,7 @@ echo "   * certgen:                   $ENABLED_CERTGEN"
 echo "   * certreq:                   $ENABLED_CERTREQ"
 echo "   * HC-128:                    $ENABLED_HC128"
 echo "   * RABBIT:                    $ENABLED_RABBIT"
+echo "   * Hash DRBG:                 $ENABLED_HASHDRBG"
 echo "   * PWDBASED:                  $ENABLED_PWDBASED"
 echo "   * HKDF:                      $ENABLED_HKDF"
 echo "   * MD4:                       $ENABLED_MD4"
diff --git a/ctaocrypt/src/random.c b/ctaocrypt/src/random.c
index 51171df06..2ba0fc096 100644
--- a/ctaocrypt/src/random.c
+++ b/ctaocrypt/src/random.c
@@ -33,16 +33,15 @@
 #include <cyassl/ctaocrypt/random.h>
 #include <cyassl/ctaocrypt/error-crypt.h>
 
-#ifdef NO_RC4
+#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
     #include <cyassl/ctaocrypt/sha256.h>
 
     #ifdef NO_INLINE
         #include <cyassl/ctaocrypt/misc.h>
     #else
-        #define MISC_DUMM_FUNC misc_dummy_random
         #include <ctaocrypt/src/misc.c>
     #endif
-#endif
+#endif /* HAVE_HASHDRBG || NO_RC4 */
 
 #if defined(USE_WINDOWS_API)
     #ifndef _WIN32_WINNT
@@ -63,7 +62,7 @@
 #endif /* USE_WINDOWS_API */
 
 
-#ifdef NO_RC4
+#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
 
 /* Start NIST DRBG code */
 
@@ -370,7 +369,7 @@ void FreeRng(RNG* rng)
     Hash_DRBG_Uninstantiate(rng);
 }
 
-#else /* NO_RC4 */
+#else /* HAVE_HASHDRBG || NO_RC4 */
 
 /* Get seed and key cipher */
 int InitRng(RNG* rng)
@@ -484,7 +483,7 @@ static void CaviumRNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
 
 #endif /* HAVE_CAVIUM */
 
-#endif /* NO_RC4 */
+#endif /* HAVE_HASHDRBG || NO_RC4 */
 
 
 #if defined(USE_WINDOWS_API)
diff --git a/cyassl/ctaocrypt/random.h b/cyassl/ctaocrypt/random.h
index c41f4ae6c..8111ac494 100644
--- a/cyassl/ctaocrypt/random.h
+++ b/cyassl/ctaocrypt/random.h
@@ -25,11 +25,15 @@
 
 #include <cyassl/ctaocrypt/types.h>
 
-#ifndef NO_RC4
-    #include <cyassl/ctaocrypt/arc4.h>
-#else
+#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
+    #ifdef NO_SHA256
+        #error "Hash DRBG requires SHA-256."
+    #endif /* NO_SHA256 */
+
     #include <cyassl/ctaocrypt/sha256.h>
-#endif
+#else /* HAVE_HASHDRBG || NO_RC4 */
+    #include <cyassl/ctaocrypt/arc4.h>
+#endif /* HAVE_HASHDRBG || NO_RC4 */
 
 #ifdef __cplusplus
     extern "C" {
@@ -64,11 +68,31 @@ int GenerateSeed(OS_Seed* os, byte* seed, word32 sz);
 #define RNG CyaSSL_RNG   /* for avoiding name conflict in "stm32f2xx.h" */
 #endif
 
-#ifndef NO_RC4
+
+#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
+
+
+#define DRBG_SEED_LEN (440/8)
+
+
+/* Hash-based Deterministic Random Bit Generator */
+typedef struct RNG {
+    OS_Seed seed;
+
+    Sha256 sha;
+    byte digest[SHA256_DIGEST_SIZE];
+    byte V[DRBG_SEED_LEN];
+    byte C[DRBG_SEED_LEN];
+    word32 reseedCtr;
+} RNG;
+
+
+#else /* HAVE_HASHDRBG || NO_RC4 */
+
 
 #define CYASSL_RNG_CAVIUM_MAGIC 0xBEEF0004
 
-/* secure Random Nnumber Generator */
+/* secure Random Number Generator */
 
 
 typedef struct RNG {
@@ -85,31 +109,19 @@ typedef struct RNG {
     CYASSL_API int  InitRngCavium(RNG*, int);
 #endif
 
-#else /* NO_RC4 */
 
-#define DRBG_SEED_LEN (440/8)
+#endif /* HAVE_HASH_DRBG || NO_RC4 */
 
 
-/* secure Random Nnumber Generator */
-typedef struct RNG {
-    OS_Seed seed;
-
-    Sha256 sha;
-    byte digest[SHA256_DIGEST_SIZE];
-    byte V[DRBG_SEED_LEN];
-    byte C[DRBG_SEED_LEN];
-    word32 reseedCtr;
-} RNG;
-
-#endif
-
 CYASSL_API int  InitRng(RNG*);
 CYASSL_API int  RNG_GenerateBlock(RNG*, byte*, word32 sz);
 CYASSL_API int  RNG_GenerateByte(RNG*, byte*);
 
-#ifdef NO_RC4
+
+#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
     CYASSL_API void FreeRng(RNG*);
-#endif
+#endif /* HAVE_HASHDRBG || NO_RC4 */
+
 
 #ifdef __cplusplus
     } /* extern "C" */