From 8d6ea61a4f4185a274943145d75b5662f4578107 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 6 Sep 2016 16:42:53 -0700 Subject: [PATCH] Fix to allow disabling P-RNG and SHA256 when CUSTOM_RAND_GENERATE_BLOCK is used. Added inline documentation to describe RNG source options. Example: ./configure --enable-cryptonly --disable-hashdrbg CFLAGS="-DNO_SHA256 -DCUSTOM_RAND_GENERATE_BLOCK" --- wolfssl/wolfcrypt/random.h | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index 64889f15e..29d3a9385 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -39,18 +39,35 @@ #define RNG_MAX_BLOCK_LEN (0x10000) #ifndef HAVE_FIPS /* avoid redefining structs and macros */ + #if defined(WOLFSSL_FORCE_RC4_DRBG) && defined(NO_RC4) #error Cannot have WOLFSSL_FORCE_RC4_DRBG and NO_RC4 defined. #endif /* WOLFSSL_FORCE_RC4_DRBG && NO_RC4 */ -#if defined(HAVE_HASHDRBG) || defined(NO_RC4) + + +/* RNG supports the following sources (in order): + * 1. CUSTOM_RAND_GENERATE_BLOCK: Defines name of function as RNG source and + * bypasses the P-RNG. + * 2. HAVE_HASHDRBG && !SHA256 (default). Uses SHA256 based P-RNG + * seeded via wc_GenerateSeed. + * 3. !HAVE_HASHDRBG && RC4 enabled. Uses RC4 + */ + +#if defined(CUSTOM_RAND_GENERATE_BLOCK) + /* To use define the following: + * #define CUSTOM_RAND_GENERATE_BLOCK myRngFunc + * extern int myRngFunc(byte* output, word32 sz); + */ +#elif (defined(HAVE_HASHDRBG) || defined(NO_RC4)) #ifdef NO_SHA256 #error "Hash DRBG requires SHA-256." #endif /* NO_SHA256 */ #include -#else /* HAVE_HASHDRBG || NO_RC4 */ +#else #include -#endif /* HAVE_HASHDRBG || NO_RC4 */ +#endif + #ifdef HAVE_WNR #include