diff --git a/configure.ac b/configure.ac index 652f5dc88..d67f1ba4d 100644 --- a/configure.ac +++ b/configure.ac @@ -380,6 +380,7 @@ then fi +# RNG AC_ARG_ENABLE([rng], [AS_HELP_STRING([--enable-rng],[Enable compiling and using RNG (default: enabled)])], [ ENABLED_RNG=$enableval ], @@ -420,19 +421,6 @@ AC_ARG_ENABLE([mcast], [ENABLED_MCAST=no]) -# RNG -AC_ARG_ENABLE([rng], - [AS_HELP_STRING([--enable-rng],[Enable compiling and using RNG (default: enabled)])], - [ ENABLED_RNG=$enableval ], - [ ENABLED_RNG=yes ] - ) - -if test "$ENABLED_RNG" = "no" -then - AM_CFLAGS="$AM_CFLAGS -DWC_NO_RNG" -fi - - # List of open source project defines using our openssl compatibility layer: # openssh (--enable-openssh) # nginix (--enable-nginx) WOLFSSL_NGINX diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 4903ac9ea..8ccdd3de7 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -780,9 +780,6 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz, seed + SEED_BLOCK_SZ, seedSz - SEED_BLOCK_SZ, nonce, nonceSz, rng->heap, devId); - if (ret == DRBG_SUCCESS) - ret = Hash_DRBG_Generate(rng->drbg, NULL, 0); - if (ret != DRBG_SUCCESS) { #if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY) XFREE(rng->drbg, rng->heap, DYNAMIC_TYPE_RNG); @@ -908,8 +905,6 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) if (ret == DRBG_SUCCESS) ret = Hash_DRBG_Reseed(rng->drbg, newSeed + SEED_BLOCK_SZ, SEED_SZ); - if (ret == DRBG_SUCCESS) - ret = Hash_DRBG_Generate(rng->drbg, NULL, 0); if (ret == DRBG_SUCCESS) ret = Hash_DRBG_Generate(rng->drbg, output, sz); @@ -1032,6 +1027,11 @@ int wc_RNG_HealthTest_ex(int reseed, const byte* nonce, word32 nonceSz, } } + /* This call to generate is prescribed by the NIST DRBGVS + * procedure. The results are thrown away. The known + * answer test checks the second block of DRBG out of + * the generator to ensure the internal state is updated + * as expected. */ if (Hash_DRBG_Generate(drbg, output, outputSz) != 0) { goto exit_rng_ht; }