Skip to content

Fix RNG issue with Intel RD and cleanup to remove old ARC4 support#805

Merged
toddouska merged 5 commits into
wolfSSL:masterfrom
dgarske:rng_cleanup
Apr 3, 2017
Merged

Fix RNG issue with Intel RD and cleanup to remove old ARC4 support#805
toddouska merged 5 commits into
wolfSSL:masterfrom
dgarske:rng_cleanup

Conversation

@dgarske

@dgarske dgarske commented Mar 17, 2017

Copy link
Copy Markdown
Member

Fix RNG issue with Intel RDRAND and RDSEED accelerations not being used because HAVE_HASHDRBG was always being defined if !WOLFSSL_FORCE_RC4_DRBG. Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source (if RDRAND not supported by CPU then HASHDRBG will be used). The --enable-intelasm option enables the RDSEED support for seeding HASHDRBG if CPU supports it. Allow use of seed as RNG source if --disable-hashdbrg (shows build warning). Cleanup to remove old ARC4 RNG support. Fixed random_test return code with !HAVE_HASHDRBG. Cleanup of ./configure --help alignment.

@dgarske dgarske assigned dgarske and toddouska and unassigned dgarske Mar 18, 2017
@toddouska

Copy link
Copy Markdown
Contributor

rdseed should not be used as PRNG, it should only be used to seed an PRNG.

Was rdseed tested?

@dgarske

dgarske commented Mar 21, 2017

Copy link
Copy Markdown
Member Author

The RDSEED is only used to seed the PRNG. RDRAND can be used with --enable-intelrand as the RNG source with DRBG as backup. I tested RDSEED on the SGX machine and it is used with --enable-intelasm. Also tested with --enable-intelrand and the RDSEED was not used, but RDRAND was used.

@toddouska

Copy link
Copy Markdown
Contributor

This still needs a little work.

  1. Using GenerateSeed() as GenerateBlock() backup isn't good. Some of the seeds aren't suitable (in speed or stirring) for this output.

  2. --disable-hashdrbg is still using hashdrbg at build time

  3. --enable-intelrand --disable-hashdrbg still builds (probably because of 1 and 2). I think CUSTOM rand generate block should be required in this case for a suitable backup.

@dgarske dgarske assigned dgarske and unassigned toddouska Mar 22, 2017
@dgarske

dgarske commented Mar 22, 2017

Copy link
Copy Markdown
Member Author

@toddouska : Thanks of the review.

  1. Using generate seed as backup only occurs if HASHDRBG is disabled and produces a build #warning. This was an idea I had for supporting Whitewood and other future good RNG seed sources. My thought was the compiling warning was sufficient to indicate issue.

  2. To maintain comparability with existing functionality the only way to actually disable the HASHDBRG is to also have CUSTOM_RAND_GENERATE_BLOCK defined.
    See random.h line 50: https://github.com/wolfSSL/wolfssl/pull/805/files#diff-e78474b4037227cbca46c247ec6779e1R50

  3. Yes it builds and works because HASHDRBG is still enabled unless CUSTOM_RAND_GENERATE_BLOCK is defined.

@dgarske dgarske assigned toddouska and unassigned dgarske Mar 23, 2017
dgarske added 5 commits March 31, 2017 13:16
…ed because HAVE_HASHDRBG was always being defined if !WOLFSSL_FORCE_RC4_DRBG. Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source (if RDRAND not supported by CPU then HASHDRBG will be used). The --enable-intelasm option enables the RDSEED support for seeding HASHDRBG if CPU supports it. Allow use of seed as RNG source if --disable-hashdbrg (shows build warning). Cleanup to remove old ARC4 RNG support. Fixed random_test return code with !HAVE_HASHDRBG. Cleanup of ./configure --help alignment.
…figure --disable-hashdrbg or WC_NO_HASHDRBG defined. Fix use of warning with VS. Fix to only use rng seed as source if no DRBG.
…K is defined. Added support for CUSTOM_RAND_GENERATE_BLOCK with Intel RDRAND.
… backup RNG source. Fixed building on embedded system with time_t not defined (test.c should use long for asn_test).

@toddouska toddouska left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks.

@toddouska toddouska merged commit 68076de into wolfSSL:master Apr 3, 2017
@dgarske dgarske deleted the rng_cleanup branch April 5, 2017 14:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants