Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 21 additions & 18 deletions wolfcrypt/src/random.c
Original file line number Diff line number Diff line change
Expand Up @@ -367,16 +367,17 @@ static int Hash512_DRBG_Uninstantiate(DRBG_SHA512_internal* drbg);
* calls cannot bypass the mutual-exclusion guard and disable both DRBG types.
* _InitRng also holds the mutex while reading the flags to get a consistent
* snapshot, and returns BAD_STATE_E if both are somehow disabled. */
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
#ifndef NO_SHA256
#ifdef WOLFSSL_NO_SHA256_DRBG
static int sha256DrbgDisabled = 1;
#else
static int sha256DrbgDisabled = 0;
#endif
#endif
#endif /* WOLFSSL_NO_SHA256_DRBG */
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_DRBG_SHA512
static int sha512DrbgDisabled = 0;
#endif
#endif /* WOLFSSL_DRBG_SHA512 */

#ifndef SINGLE_THREADED
static wolfSSL_Mutex drbgStateMutex
Expand Down Expand Up @@ -433,6 +434,8 @@ static int UnlockDrbgState(void)
#endif
}

#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS v7+) */

static int wc_RNG_HealthTestLocal(WC_RNG* rng, int reseed, void* heap,
int devId);

Expand Down Expand Up @@ -1669,7 +1672,6 @@ int wc_Sha256Drbg_Disable(void) { return NOT_COMPILED_IN; }
int wc_Sha256Drbg_Enable(void) { return 0; }
int wc_Sha256Drbg_IsDisabled(void) { return 1; } /* always disabled */
#endif /* !NO_SHA256 */
#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS v7+) */

#ifdef WOLFSSL_DRBG_SHA512
int wc_Sha512Drbg_Disable(void)
Expand Down Expand Up @@ -1708,7 +1710,7 @@ int wc_Sha512Drbg_IsDisabled(void)
return val;
}
#endif /* WOLFSSL_DRBG_SHA512 */

#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS v7+) */
#endif /* HAVE_HASHDRBG */
/* End NIST DRBG Code */

Expand Down Expand Up @@ -1764,20 +1766,20 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
#ifdef WOLFSSL_SMALL_STACK_CACHE
rng->drbg_scratch = NULL;
#endif
#endif
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_DRBG_SHA512
rng->drbg512 = NULL;
#ifdef WOLFSSL_SMALL_STACK_CACHE
rng->drbg512_scratch = NULL;
rng->health_check_scratch_512 = NULL;
#endif
#endif
#endif /* WOLFSSL_DRBG_SHA512 */
#ifdef WOLFSSL_SMALL_STACK_CACHE
rng->newSeed_buf = NULL;
#ifndef NO_SHA256
#ifndef NO_SHA256
rng->health_check_scratch = NULL;
#endif
#endif
#endif /* !NO_SHA256 */
#endif /* WOLFSSL_SMALL_STACK_CACHE */
rng->status = DRBG_NOT_INIT;

/* Select DRBG type: prefer SHA-512 unless disabled or not compiled.
Expand All @@ -1786,25 +1788,25 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
ret = LockDrbgState();
if (ret != 0)
return ret;
#ifdef WOLFSSL_DRBG_SHA512
#ifdef WOLFSSL_DRBG_SHA512
if (!sha512DrbgDisabled)
rng->drbgType = WC_DRBG_SHA512;
else
#endif
#ifndef NO_SHA256
#endif /* WOLFSSL_DRBG_SHA512 */
#ifndef NO_SHA256
if (!sha256DrbgDisabled)
rng->drbgType = WC_DRBG_SHA256;
else
#endif
#endif /* !NO_SHA256 */
{
UnlockDrbgState();
return BAD_STATE_E; /* no DRBG available */
}
UnlockDrbgState();
#else
rng->drbgType = WC_DRBG_SHA256;
#endif
#endif
#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS v7+) */
#endif /* HAVE_HASHDRBG */

#if defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND) || \
defined(HAVE_AMD_RDSEED)
Expand Down Expand Up @@ -3289,7 +3291,8 @@ int wc_RNG_HealthTest_SHA512(int reseed,

#endif /* WOLFSSL_DRBG_SHA512 */

#ifndef NO_SHA256
#if !defined(NO_SHA256) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
/* Extended SHA-256 Hash_DRBG health test per SP 800-90A.
* Supports flexible output sizes, prediction resistance, personalization
* strings, and additional input.
Expand Down Expand Up @@ -3387,7 +3390,7 @@ int wc_RNG_HealthTest_SHA256_ex(

return ret;
}
#endif /* !NO_SHA256 */
#endif /* !NO_SHA256 && !HAVE_SELFTEST && FIPS v7+ */


#ifdef WOLFSSL_DRBG_SHA512
Expand Down
Loading