KAT check should run without OpenSSL (#386)

* Kat check should run without openssl

* Add rand_nist.c back

* Add MacOS build without OpenSSL to check KAT

.travis.yml

@@ -82,6 +82,14 @@ matrix:
     before_install:
     - brew update
     - brew install libsodium doxygen graphviz
+  - os: osx
+    compiler: clang
+    env:
+    - CC_OVERRIDE=clang
+    - AES_NI=0
+    before_install:
+    - brew update
+    - brew install doxygen graphviz
 
 script:
   - .travis/all-tests.sh

Makefile.am

@@ -77,8 +77,7 @@ if ENABLE_SIG_PICNIC
 	tests/minimal_sig_oqs
 endif
 
-kat: clean-kats
-	make
+kat: clean-kats check
 	tests/kat_kem
 	scripts/check_kats.sh
 

VisualStudio/oqs/oqs.vcxproj

@@ -76,6 +76,7 @@
   <ItemGroup>
     <ClCompile Include="..\..\src\common\common.c" />
     <ClCompile Include="..\..\src\common\rand.c" />
+    <ClCompile Include="..\..\src\common\rand_nist.c" />
     <ClCompile Include="..\..\src\crypto\aes\aes.c" />
     <ClCompile Include="..\..\src\crypto\aes\aes_c.c" />
     <ClCompile Include="..\..\src\crypto\aes\aes_ni.c" />

src/common/rand.c

@@ -22,21 +22,15 @@ static void (*oqs_randombytes_algorithm)(uint8_t *, size_t) = (void (*)(uint8_t
 static void (*oqs_randombytes_algorithm)(uint8_t *, size_t) = &OQS_randombytes_system;
 #endif
 
-#ifdef USE_OPENSSL
 void OQS_randombytes_nist_kat(uint8_t *random_array, size_t bytes_to_read);
-#endif
 
 OQS_STATUS OQS_randombytes_switch_algorithm(const char *algorithm) {
 	if (0 == strcasecmp(OQS_RAND_alg_system, algorithm)) {
 		oqs_randombytes_algorithm = &OQS_randombytes_system;
 		return OQS_SUCCESS;
 	} else if (0 == strcasecmp(OQS_RAND_alg_nist_kat, algorithm)) {
-#ifdef USE_OPENSSL
 		oqs_randombytes_algorithm = &OQS_randombytes_nist_kat;
 		return OQS_SUCCESS;
-#else
-		return OQS_ERROR;
-#endif
 	} else if (0 == strcasecmp(OQS_RAND_alg_openssl, algorithm)) {
 #ifdef USE_OPENSSL
 		oqs_randombytes_algorithm = (void (*)(uint8_t *, size_t)) & RAND_bytes;
@@ -92,7 +86,7 @@ void OQS_randombytes_system(uint8_t *random_array, size_t bytes_to_read) {
 void OQS_randombytes_system(uint8_t *random_array, size_t bytes_to_read) {
 	HCRYPTPROV hCryptProv;
 	if (!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) ||
-		!CryptGenRandom(hCryptProv, (DWORD)bytes_to_read, random_array)) {
+	    !CryptGenRandom(hCryptProv, (DWORD) bytes_to_read, random_array)) {
 		assert(0); // no other way to return an error; better fail than return bad random data
 	}
 	CryptReleaseContext(hCryptProv, 0);

src/common/rand_nist.c

@@ -9,9 +9,13 @@
 #include <assert.h>
 #include <string.h>
 
+#ifdef USE_OPENSSL
 #include <openssl/conf.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
+#else
+#include <oqs/aes.h>
+#endif
 
 typedef struct {
 	unsigned char Key[32];
@@ -22,16 +26,19 @@ typedef struct {
 static AES256_CTR_DRBG_struct DRBG_ctx;
 static void AES256_CTR_DRBG_Update(unsigned char *provided_data, unsigned char *Key, unsigned char *V);
 
+#ifdef USE_OPENSSL
 static void handleErrors(void) {
 	ERR_print_errors_fp(stderr);
 	abort();
 }
+#endif
 
 // Use whatever AES implementation you have. This uses AES from openSSL library
 //    key - 256-bit AES key
 //    ctr - a 128-bit plaintext value
 //    buffer - a 128-bit ciphertext value
 static void AES256_ECB(unsigned char *key, unsigned char *ctr, unsigned char *buffer) {
+#ifdef USE_OPENSSL
 	EVP_CIPHER_CTX *ctx;
 
 	int len;
@@ -48,6 +55,12 @@ static void AES256_ECB(unsigned char *key, unsigned char *ctr, unsigned char *bu
 
 	/* Clean up */
 	EVP_CIPHER_CTX_free(ctx);
+#else
+	void *schedule = NULL;
+	OQS_AES256_load_schedule(key, &schedule, 1);
+	OQS_AES256_ECB_enc(ctr, 16, key, buffer);
+	OQS_AES256_free_schedule(schedule);
+#endif
 }
 
 void OQS_randombytes_nist_kat_init(unsigned char *entropy_input, unsigned char *personalization_string, int security_strength) {