Merge pull request #2291 from ejohnstown/random-clean

Random Cleanup
2019-06-24 15:36:00 -07:00 · 2019-06-24 15:36:00 -07:00 · 358757cd2e
commit 358757cd2e
parent 0100159079 fba89ae034
2 changed files with 6 additions and 18 deletions
--- a/configure.ac
+++ b/configure.ac
@ -380,6 +380,7 @@ then
 fi


+# RNG
 AC_ARG_ENABLE([rng],
    [AS_HELP_STRING([--enable-rng],[Enable compiling and using RNG (default: enabled)])],
    [ ENABLED_RNG=$enableval ],
@ -420,19 +421,6 @@ AC_ARG_ENABLE([mcast],
    [ENABLED_MCAST=no])


-# RNG
-AC_ARG_ENABLE([rng],
-    [AS_HELP_STRING([--enable-rng],[Enable compiling and using RNG (default: enabled)])],
-    [ ENABLED_RNG=$enableval ],
-    [ ENABLED_RNG=yes ]
-    )
-
-if test "$ENABLED_RNG" = "no"
-then
-    AM_CFLAGS="$AM_CFLAGS -DWC_NO_RNG"
-fi
-
-
 # List of open source project defines using our openssl compatibility layer:
 # openssh (--enable-openssh)
 # nginix (--enable-nginx) WOLFSSL_NGINX
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@ -780,9 +780,6 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
                            seed + SEED_BLOCK_SZ, seedSz - SEED_BLOCK_SZ,
                            nonce, nonceSz, rng->heap, devId);

-            if (ret == DRBG_SUCCESS)
-                ret = Hash_DRBG_Generate(rng->drbg, NULL, 0);
-
            if (ret != DRBG_SUCCESS) {
            #if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY)
                XFREE(rng->drbg, rng->heap, DYNAMIC_TYPE_RNG);
@ -908,8 +905,6 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
            if (ret == DRBG_SUCCESS)
                ret = Hash_DRBG_Reseed(rng->drbg, newSeed + SEED_BLOCK_SZ,
                                       SEED_SZ);
-            if (ret == DRBG_SUCCESS)
-                ret = Hash_DRBG_Generate(rng->drbg, NULL, 0);
            if (ret == DRBG_SUCCESS)
                ret = Hash_DRBG_Generate(rng->drbg, output, sz);

@ -1032,6 +1027,11 @@ int wc_RNG_HealthTest_ex(int reseed, const byte* nonce, word32 nonceSz,
        }
    }

+    /* This call to generate is prescribed by the NIST DRBGVS
+     * procedure. The results are thrown away. The known
+     * answer test checks the second block of DRBG out of
+     * the generator to ensure the internal state is updated
+     * as expected. */
    if (Hash_DRBG_Generate(drbg, output, outputSz) != 0) {
        goto exit_rng_ht;
    }