diff --git a/IDE/NETOS/user_settings.h b/IDE/NETOS/user_settings.h index d7b5d4d29..8c6ac7730 100644 --- a/IDE/NETOS/user_settings.h +++ b/IDE/NETOS/user_settings.h @@ -458,7 +458,6 @@ extern "C" { /* RNG */ /* ------------------------------------------------------------------------- */ -/* Seed Source */ /* Seed Source */ #if 1 extern int my_rng_generate_seed(unsigned char* output, int sz); diff --git a/configure.ac b/configure.ac index 016b9045f..927a570b4 100644 --- a/configure.ac +++ b/configure.ac @@ -1849,10 +1849,13 @@ AC_ARG_ENABLE([lowresource], if test "$ENABLED_LOWRESOURCE" = "yes" then # low memory / flash flags - AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE -DRSA_LOW_MEM -DGCM_SMALL -DCURVE25519_SMALL -DED25519_SMALL -DWOLFSSL_SMALL_CERT_VERIFY -DWOLFSSL_NO_ASYNC_IO" + AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE -DRSA_LOW_MEM -DCURVE25519_SMALL -DED25519_SMALL -DWOLFSSL_SMALL_CERT_VERIFY -DWOLFSSL_NO_ASYNC_IO" # low flash flags AM_CFLAGS="$AM_CFLAGS -DUSE_SLOW_SHA -DUSE_SLOW_SHA256 -DUSE_SLOW_SHA512" + + # AES small + AM_CFLAGS="$AM_CFLAGS -DGCM_SMALL -DWOLFSSL_AES_NO_UNROLL -DWOLFSSL_AES_SMALL_TABLES" fi @@ -3998,7 +4001,7 @@ else fi if test "$ENABLED_RSA" = "yes" && test "$ENABLED_RSAVFY" = "no" && \ - test "$ENABLED_ASN" = "no" + test "$ENABLED_ASN" = "no" && test "$ENABLED_LOWRESOURCE" = "no" then AC_MSG_ERROR([please disable rsa if disabling asn.]) fi @@ -8465,7 +8468,7 @@ AM_CONDITIONAL([BUILD_SAKKE],[test "x$ENABLED_SAKKE" = "xyes" || test "x$ENABLED AM_CONDITIONAL([BUILD_MEMORY],[test "x$ENABLED_MEMORY" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_RSA],[test "x$ENABLED_RSA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_DH],[test "x$ENABLED_DH" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) -AM_CONDITIONAL([BUILD_ASN],[test "x$ENABLED_ASN" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) +AM_CONDITIONAL([BUILD_ASN],[test "x$ENABLED_ASN" != "xno" || test "x$ENABLED_RSA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_AES],[test "x$ENABLED_AES" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_CODING],[test "x$ENABLED_CODING" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_RC4],[test "x$ENABLED_ARC4" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) diff --git a/examples/configs/user_settings_wolftpm.h b/examples/configs/user_settings_wolftpm.h index 8c6a3ebf6..679721130 100644 --- a/examples/configs/user_settings_wolftpm.h +++ b/examples/configs/user_settings_wolftpm.h @@ -20,16 +20,44 @@ */ -/* should be renamed to user_settings.h for customer use - * generated from configure and wolfssl/options.h using: - * ./configure --enable-wolftpm --disable-dh --disable-oldtls \ - * --disable-sha3 --disable-sha512 --disable-sha384 --disable-sha224 \ - * --disable-pkcs12 --disable-chacha --disable-poly1305 \ - * --disable-sys-ca-certs --disable-examples - * - * Cleaned up by David Garske +/* To use the rename file to user_settings.h and define WOLFSSL_USER_SETTINGS */ + +/* Test using: +cp ./examples/configs/user_settings_wolftpm.h user_settings.h +./configure --enable-usersettings --disable-examples CFLAGS="-Os" +make +*/ + +/* Options generated from configure and wolfssl/options.h using: +./configure --enable-wolftpm --disable-dh --disable-oldtls \ + --disable-sha3 --disable-sha512 --disable-sha384 --disable-sha224 \ + --disable-pkcs12 --disable-chacha --disable-poly1305 \ + --disable-sys-ca-certs --disable-examples +*/ + +/* Options for USE_LOW_RESOURCE generated with configure and wolfssl/options.h + * using: +./configure --enable-lowresource --enable-cryptonly --enable-aescfb \ + --enable-hmac --enable-cryptocb --enable-singlethreaded \ + --enable-sp=smallrsa2048 --enable-sp-math --disable-sp-asm \ + --disable-filesystem --disable-asm --disable-pkcs8 --disable-pkcs12 \ + --disable-ecc --disable-dh \ + --disable-sha224 --disable-sha384 --disable-sha512 \ + --disable-md5 --disable-sha3 \ + --disable-aescbc --disable-aesgcm --disable-aesccm \ + --disable-poly1305 --disable-chacha \ + --disable-hashdrbg \ + --disable-sys-ca-certs --disable-error-queue-per-thread \ + --disable-oldtls --disable-errorstrings --disable-memory --disable-coding \ + --disable-examples --disable-optflags \ + CFLAGS="-Os -DNO_SIG_WRAPPER -DNO_AES_192 -DNO_AES_256 \ + -DWOLFSSL_RSA_PUBLIC_ONLY -DWOLFSSL_RSA_VERIFY_INLINE -DNO_CHECK_PRIVATE_KEY" */ +/* For the wolfTPM build: +./configure --enable-swtpm CFLAGS="-Os" && make +*/ + #ifndef WOLF_USER_SETTINGS_TPM_H #define WOLF_USER_SETTINGS_TPM_H @@ -38,7 +66,15 @@ extern "C" { #endif -#if 1 +/* enable for low resource options */ +#if 0 + #define USE_LOW_RESOURCE +#endif + +#ifdef USE_LOW_RESOURCE + /* wolfCrypt only (no SSL/TLS) */ + #define WOLFCRYPT_ONLY +#else /* wolfTPM with TLS example (v1.3 only) */ #define WOLFSSL_TLS13 #define WOLFSSL_NO_TLS12 @@ -52,78 +88,136 @@ extern "C" { #define HAVE_HKDF #define WC_RSA_PSS #define WOLFSSL_PSS_LONG_SALT -#else - /* wolfCrypt only (no SSL/TLS) */ - #define WOLFCRYPT_ONLY #endif /* No threading or file system */ #define SINGLE_THREADED -/* File system disable */ -#if 0 - #define NO_FILESYSTEM -#endif /* Enable crypto callbacks */ #define WOLF_CRYPTO_CB -/* Enable PRNG (SHA2-256) */ -#define HAVE_HASHDRBG - -/* Enable SP math all (sp_int.c) with multi-precision support */ -#define WOLFSSL_SP_MATH_ALL +#ifdef USE_LOW_RESOURCE + /* Single Precision math for RSA 2048 only (small) */ + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_MATH + #define WOLFSSL_SP_SMALL + #define WOLFSSL_SP_NO_3072 /* 2048-only */ +#else + /* Enable SP math all (sp_int.c) with multi-precision support */ + #define WOLFSSL_SP_MATH_ALL +#endif /* Enable hardening (timing resistance) */ #define TFM_TIMING_RESISTANT #define ECC_TIMING_RESISTANT #define WC_RSA_BLINDING +/* Enable PRNG (SHA2-256) */ +#ifdef USE_LOW_RESOURCE + /* use TPM TRNG */ + #define WC_NO_HASHDRBG +#else + #define HAVE_HASHDRBG +#endif + /* Asymmetric */ -#define HAVE_ECC -#undef NO_RSA -#define NO_DH -#ifndef NO_DH +#if 1 /* RSA - needed to encrypt salt */ + #undef NO_RSA + #ifdef USE_LOW_RESOURCE + #define WOLFSSL_RSA_PUBLIC_ONLY + #define WOLFSSL_RSA_VERIFY_INLINE + #define NO_CHECK_PRIVATE_KEY + #endif +#else + #define NO_RSA +#endif +#ifndef USE_LOW_RESOURCE /* ECC */ + #define HAVE_ECC + #define ECC_USER_CURVES /* default to only SECP256R1 */ +#endif +#ifndef USE_LOW_RESOURCE /* DH */ + #undef NO_DH #define HAVE_FFDHE_2048 #define HAVE_DH_DEFAULT_PARAMS +#else + #define NO_DH #endif /* Symmetric Hash */ #undef NO_SHA #undef NO_SHA256 -#define WOLFSSL_SHA512 -#define WOLFSSL_SHA384 +#ifndef USE_LOW_RESOURCE + #define WOLFSSL_SHA512 + #define WOLFSSL_SHA384 +#endif /* Symmetric Cipher */ -#define HAVE_AES_KEYWRAP -#define WOLFSSL_AES_DIRECT #define WOLFSSL_AES_CFB -#define HAVE_AESGCM -#define GCM_TABLE_4BIT +#define HAVE_AES_DECRYPT +#ifndef USE_LOW_RESOURCE + #define HAVE_AES_KEYWRAP + #define WOLFSSL_AES_DIRECT + #define HAVE_AESGCM + #define GCM_TABLE_4BIT +#else + #define NO_AES_CBC +#endif -#if 0 +#if 0 /* ChaCha20 / Poly1305 */ #define HAVE_POLY1305 #define HAVE_CHACHA #endif /* Features */ -#define WOLFSSL_CERT_GEN -#define WOLFSSL_CERT_REQ -#define WOLFSSL_CERT_EXT - -#define HAVE_PKCS7 -#define HAVE_X963_KDF -#define WOLFSSL_BASE64_ENCODE +#define WOLFSSL_ASN_TEMPLATE +#define WOLFSSL_USER_IO /* user recv/send callbacks for network IO */ +#ifndef USE_LOW_RESOURCE + #define WOLFSSL_CERT_GEN + #define WOLFSSL_CERT_REQ + #define WOLFSSL_CERT_EXT + #define HAVE_PKCS7 + #define HAVE_X963_KDF + #define WOLFSSL_BASE64_ENCODE +#endif /* Disables */ +#define NO_PKCS8 +#define NO_PKCS12 +#define NO_PWDBASED #define NO_DSA #define NO_DES3 #define NO_RC4 #define NO_PSK #define NO_MD4 +#define NO_MD5 #define WOLFSSL_NO_SHAKE128 #define WOLFSSL_NO_SHAKE256 +#define NO_WRITEV +/* Low Resource Options */ +#ifdef USE_LOW_RESOURCE + #define NO_FILESYSTEM /* File system disable */ + #define NO_ERROR_STRINGS + #define WOLFSSL_NO_ASM + #define TFM_NO_ASM + #define NO_WOLFSSL_MEMORY + #define NO_SESSION_CACHE + #define RSA_LOW_MEM + #define WOLFSSL_AES_SMALL_TABLES + #define WOLFSSL_AES_NO_UNROLL + #define GCM_SMALL + #undef GCM_TABLE_4BIT + #define NO_AES_192 + #define NO_AES_256 + #define USE_SLOW_SHA + #define USE_SLOW_SHA256 + #define USE_SLOW_SHA512 + #define NO_SIG_WRAPPER + #define NO_ASN_TIME + #define NO_CODING + #define NO_BIG_INT +#endif #ifdef __cplusplus } diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 42f12b73d..5d354d9be 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -6516,7 +6516,7 @@ exit_rsa_pub: BENCH_ASYNC_GET_DEV(&rsaKey[i]), 1, ×, ntimes, &pending)) { ret = wc_RsaSSL_Sign(message, len, enc[i], - rsaKeySz/8, &rsaKey[i], &gRng); + rsaKeySz/8, &rsaKey[i], GLOBAL_RNG); if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&rsaKey[i]), 1, ×, &pending)) { @@ -7371,7 +7371,7 @@ exit_ecdhe: } ret = wc_ecc_sign_hash(digest[i], (word32)keySize, sig[i], - &x[i], &gRng, &genKey[i]); + &x[i], GLOBAL_RNG, &genKey[i]); if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(&genKey[i]), 1, ×, diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 2ddcbb17d..46ab68d0b 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -96,12 +96,20 @@ ASN Options: * WC_ASN_HASH_SHA256: Force use of SHA2-256 for the internal hash ID calcs. */ +#include +#ifndef NO_RSA + #include + #if defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_CRYPTOCELL) + extern int wc_InitRsaHw(RsaKey* key); + #endif +#endif + #ifndef NO_ASN + #include #include #include #include -#include #include #include #include @@ -168,13 +176,6 @@ ASN Options: #include #endif -#ifndef NO_RSA - #include -#if defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_CRYPTOCELL) -extern int wc_InitRsaHw(RsaKey* key); -#endif -#endif - #ifndef NO_DSA #include #else @@ -9518,56 +9519,6 @@ int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, return ret; } - -/* import RSA public key elements (n, e) into RsaKey structure (key) */ -int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e, - word32 eSz, RsaKey* key) -{ - if (n == NULL || e == NULL || key == NULL) - return BAD_FUNC_ARG; - - key->type = RSA_PUBLIC; - - if (mp_init(&key->n) != MP_OKAY) - return MP_INIT_E; - - if (mp_read_unsigned_bin(&key->n, n, nSz) != 0) { - mp_clear(&key->n); - return ASN_GETINT_E; - } -#ifdef HAVE_WOLF_BIGINT - if ((int)nSz > 0 && wc_bigint_from_unsigned_bin(&key->n.raw, n, nSz) != 0) { - mp_clear(&key->n); - return ASN_GETINT_E; - } -#endif /* HAVE_WOLF_BIGINT */ - - if (mp_init(&key->e) != MP_OKAY) { - mp_clear(&key->n); - return MP_INIT_E; - } - - if (mp_read_unsigned_bin(&key->e, e, eSz) != 0) { - mp_clear(&key->n); - mp_clear(&key->e); - return ASN_GETINT_E; - } -#ifdef HAVE_WOLF_BIGINT - if ((int)eSz > 0 && wc_bigint_from_unsigned_bin(&key->e.raw, e, eSz) != 0) { - mp_clear(&key->n); - mp_clear(&key->e); - return ASN_GETINT_E; - } -#endif /* HAVE_WOLF_BIGINT */ - -#ifdef WOLFSSL_XILINX_CRYPT - if (wc_InitRsaHw(key) != 0) { - return BAD_STATE_E; - } -#endif - - return 0; -} #endif /* HAVE_USER_RSA */ #endif /* !NO_RSA */ @@ -37022,6 +36973,62 @@ int wc_MIME_free_hdrs(MimeHdr* head) #endif /* !NO_ASN */ +/* Functions that parse, but are not using ASN.1 */ +#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \ + (!defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH)) +/* import RSA public key elements (n, e) into RsaKey structure (key) */ +/* this function does not use any ASN.1 parsing */ +int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e, + word32 eSz, RsaKey* key) +{ + if (n == NULL || e == NULL || key == NULL) + return BAD_FUNC_ARG; + + key->type = RSA_PUBLIC; + + if (mp_init(&key->n) != MP_OKAY) + return MP_INIT_E; + + if (mp_read_unsigned_bin(&key->n, n, nSz) != 0) { + mp_clear(&key->n); + return ASN_GETINT_E; + } +#ifdef HAVE_WOLF_BIGINT + if ((int)nSz > 0 && wc_bigint_from_unsigned_bin(&key->n.raw, n, nSz) != 0) { + mp_clear(&key->n); + return ASN_GETINT_E; + } +#endif /* HAVE_WOLF_BIGINT */ + + if (mp_init(&key->e) != MP_OKAY) { + mp_clear(&key->n); + return MP_INIT_E; + } + + if (mp_read_unsigned_bin(&key->e, e, eSz) != 0) { + mp_clear(&key->n); + mp_clear(&key->e); + return ASN_GETINT_E; + } +#ifdef HAVE_WOLF_BIGINT + if ((int)eSz > 0 && wc_bigint_from_unsigned_bin(&key->e.raw, e, eSz) != 0) { + mp_clear(&key->n); + mp_clear(&key->e); + return ASN_GETINT_E; + } +#endif /* HAVE_WOLF_BIGINT */ + +#ifdef WOLFSSL_XILINX_CRYPT + if (wc_InitRsaHw(key) != 0) { + return BAD_STATE_E; + } +#endif + + return 0; +} +#endif /* !NO_RSA && !HAVE_USER_RSA && (!NO_BIG_INT || WOLFSSL_SP_MATH) */ + + #ifdef WOLFSSL_SEP diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c index 8d3a68356..ed4f95188 100644 --- a/wolfcrypt/src/cryptocb.c +++ b/wolfcrypt/src/cryptocb.c @@ -235,7 +235,7 @@ int wc_CryptoCb_GetDevIdAtIndex(int startIdx) /* Used to register a find device function. Useful for cases where the * device ID in the struct may not have been set but still wanting to use - * a specifice crypto callback device ID. The find callback is global and + * a specific crypto callback device ID. The find callback is global and * not thread safe. */ void wc_CryptoCb_SetDeviceFindCb(CryptoDevCallbackFind cb) { diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index 7eaf259db..d15a4e27e 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -5605,7 +5605,7 @@ int sp_cnt_lsb(const sp_int* a) } #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH || (HAVE_ECC && FP_ECC) */ -#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || \ +#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_ASN_TEMPLATE) || \ (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_ASN)) /* Determine if the most significant byte of the encoded multi-precision number * has the top bit set. diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 2a0d99f7f..dcf2c727b 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -758,6 +758,22 @@ static int wolfssl_pb_print(const char* msg, ...) } #endif /* WOLFSSL_PB */ + +#if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \ + !defined(WC_NO_RNG) && !defined(CUSTOM_RAND_GENERATE_BLOCK) +/* Enable support for RNG with crypto callback */ +static int rng_crypto_cb(int thisDevId, wc_CryptoInfo* info, void* ctx) +{ + int rc = CRYPTOCB_UNAVAILABLE; + if (info->algo_type == WC_ALGO_TYPE_RNG) { + rc = wc_GenerateSeed(&info->rng.rng->seed, info->rng.out, info->rng.sz); + } + (void)ctx; + (void)thisDevId; + return rc; +} +#endif + /* optional macro to add sleep between tests */ #ifndef TEST_SLEEP #define TEST_SLEEP() @@ -925,6 +941,16 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #endif #endif +#if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \ + !defined(WC_NO_RNG) && !defined(CUSTOM_RAND_GENERATE_BLOCK) + if (devId == INVALID_DEVID) { + /* for testing RNG with crypto callback register function */ + devId = 100; /* any value beside -2 (INVALID_DEVID) */ + wc_CryptoCb_RegisterDevice(devId, rng_crypto_cb, NULL); + } +#endif + + #ifdef HAVE_SELFTEST if ( (ret = wolfCrypt_SelfTest()) != 0) TEST_FAIL("CAVP selftest failed!\n", ret); @@ -8561,6 +8587,7 @@ EVP_TEST_END: } #endif #endif +#endif /* WOLFSSL_AES_256 */ out: @@ -8580,7 +8607,6 @@ EVP_TEST_END: #endif #endif -#endif /* WOLFSSL_AES_256 */ return ret; } @@ -8776,6 +8802,7 @@ EVP_TEST_END: goto out; } #endif +#endif /* WOLFSSL_AES_256 */ out: @@ -8795,8 +8822,6 @@ EVP_TEST_END: #endif #endif -#endif /* WOLFSSL_AES_256 */ - return ret; } #endif /* !HAVE_SELFTEST && !HAVE_FIPS */ @@ -13244,7 +13269,6 @@ exit: return ret; } - static int random_rng_test(void) { WC_RNG localRng; @@ -13277,6 +13301,9 @@ static int random_rng_test(void) if (rng == NULL) return WC_TEST_RET_ENC_ERRNO; + #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) + rng->devId = devId; + #endif ret = _rng_test(rng, WC_TEST_RET_ENC_NC); wc_rng_free(rng); @@ -44565,7 +44592,12 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) #endif if (info->algo_type == WC_ALGO_TYPE_RNG) { - #ifndef WC_NO_RNG + #if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \ + !defined(WC_NO_RNG) && !defined(CUSTOM_RAND_GENERATE_BLOCK) + /* if RNG only supports crypto callback, just use seed */ + ret = wc_GenerateSeed(&info->rng.rng->seed, + info->rng.out, info->rng.sz); + #elif !defined(WC_NO_RNG) /* set devId to invalid, so software is used */ info->rng.rng->devId = INVALID_DEVID; @@ -45172,6 +45204,7 @@ static int myCryptoCbFind(int currentId, int algoType) WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void) { int ret = 0; + int origDevId = devId; myCryptoDevCtx myCtx; /* example data for callback */ @@ -45272,8 +45305,8 @@ WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void) ret = cmac_test(); #endif - /* reset devId */ - devId = INVALID_DEVID; + /* restore devId */ + devId = origDevId; return ret; } diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index 07707edc2..b7d758849 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -113,6 +113,8 @@ /* allow whitewood as direct RNG source using wc_GenerateSeed directly */ #elif defined(HAVE_INTEL_RDRAND) /* Intel RDRAND or RDSEED */ +#elif defined(WOLF_CRYPTO_CB) + /* Requires registered Crypto Callback to service RNG, with devId set */ #elif !defined(WC_NO_RNG) #error No RNG source defined! #endif