Review Comments addressed

Signed-off-by: Robin Dubey <[email protected]>

Author: robindubeyibm

icc/TRNG/Makefile

@@ -58,7 +58,6 @@ TARGETS  = \
 	MINIMAL$(OBJSUFX) \
 	TRNG$(OBJSUFX) \
 	TRNG_ALT$(OBJSUFX) \
-	TRNG_ALT2$(OBJSUFX) \
 	entropy_to_NRBG$(OBJSUFX) \
 	SP800-90TRNG$(OBJSUFX)
 
@@ -87,7 +86,7 @@ clean:
 #- Note some platforms, SUN_SOL8/SUN64 AIX/AIX64 need added assembler tweaks
 #
 entropy_to_NRBG$(OBJSUFX): entropy_to_NRBG.h noise_to_entropy.h \
-	MINIMAL.h TRNG.h TRNG_ALT.h TRNG_ALT2.h
+	MINIMAL.h TRNG.h TRNG_ALT.h
 	$(CC) $(CFLAGS)  $(HDRS) $(ASM_TWEAKS) entropy_to_NRBG.c
 
 nist_algs$(OBJSUFX): nist_algs.c nist_algs.h
@@ -114,10 +113,7 @@ TRNG$(OBJSUFX): TRNG.c TRNG.h timer_entropy.h
 TRNG_ALT$(OBJSUFX): TRNG.c TRNG.h TRNG_ALT.h timer_entropy.h
 	$(CC) $(CFLAGS)  $(HDRS) TRNG_ALT.c
 
-TRNG_ALT2$(OBJSUFX): TRNG_ALT2.c timer_entropy.h ../fips-prng/SP800-90.h TRNG.h TRNG_ALT2.h
-	$(CC) $(CFLAGS) $(HDRS)  TRNG_ALT2.c
-
-ICC_NRBG$(OBJSUFX): ICC_NRBG.c MINIMAL.h TRNG.h TRNG_ALT.h TRNG_ALT2.h
+ICC_NRBG$(OBJSUFX): ICC_NRBG.c MINIMAL.h TRNG.h TRNG_ALT.h
 	$(CC) $(CFLAGS) $(HDRS)  ICC_NRBG.c
 
 SP800-90TRNG$(OBJSUFX):  ../fips-prng/SP800-90.h ../fips-prng/SP800-90i.h

icc/functions.txt

@@ -795,8 +795,8 @@ OPENSSLPREFIX=;
 #! @param callback Feedback for a progress indicator. See the OpenSSL docs. Typically, set this to NULL.;  
 #! @param cb_arg Information to be passed to the callback method when it is called. Typically, set this to NULL;
 #! @return an pointer to a newly allocated RSA structure containing both the public and private RSA keys or NULL on failure;
-#! @note The callback and cb_arg parameters should be set to NULL in IBM applications. ;
-#! While in theory these paramaters could be used we can envisage no IBM application scenario ;
+#! @note The callback and cb_arg parameters should be set to NULL for ICC consumers. ;
+#! While in theory these paramaters could be used we can envisage no ICC consumer scenario ;
 #! where it would be useful to set these to non-NULL values ;
 
 0abcdEPMC  RSA *  RSA_generate_key(int bits, unsigned long e,void (*callback)(int,int,void *),void *cb_arg);

icc/icc.h

@@ -5,7 +5,7 @@
  */
 
 /*************************************************************************
-// Copyright IBM Corp. 2023, 2025
+// Copyright IBM Corp. 2023
 //
 // Licensed under the Apache License 2.0 (the "License"). You may not use
 // this file except in compliance with the License. You can obtain a copy

icc/icc_defs.mk

@@ -17,7 +17,7 @@ DEFAULT_TEST_CMD       = ./icctest$(EXESUFX)
 DEFAULT_OPENSSL_TEST_CMD = cd $(OSSL_DIR); make tests; apps/openssl speed
 # This is actually used to build an rc file on Windows
 DEFAULT_ASMOBJS        =
-DEFAULT_EXTRAS         = PKCS11 PKCS11_PERF
+DEFAULT_EXTRAS         =
 DEFAULT_debug_FILES    = icclib$(VTAG).pdb openssl.pdb vc90.pdb \
 			$(OSSL_DIR)/out32dll/libeay32.pdb 
 DEFAULT_MANIFESTS      =
@@ -279,7 +279,7 @@ WIN32_TEST_CMD       = $(DEFAULT_TEST_CMD)
 WIN32_OPENSSL_TEST_CMD = echo openssl tests not run
 # This is actually used to build an rc file on Windows
 WIN32_ASMOBJS        = icc.res
-WIN32_EXTRAS         = PKCS11 PKCS11_PERF
+WIN32_EXTRAS         =
 WIN32_debug_FILES    = icclib$(VTAG).pdb openssl.pdb vc90.pdb \
 			$(OSSL_DIR)/out32dll/libeay32.pdb 
 WIN32_MANIFESTS      =
@@ -332,7 +332,7 @@ WIN32_VS2013_TEST_CMD       = $(WIN32_TEST_CMD)
 WIN32_VS2013_OPENSSL_TEST_CMD = $(WIN32_OPENSSL_TEST_CMD)
 # This is actually used to build an rc file on Windows
 WIN32_VS2013_ASMOBJS        = icc.res
-WIN32_VS2013_EXTRAS         = PKCS11 PKCS11_PERF
+WIN32_VS2013_EXTRAS         = $(WIN32_EXTRAS)
 WIN32_VS2013_debug_FILES    = icclib$(VTAG).pdb openssl.pdb vc90.pdb \
 			$(OSSL_DIR)/out32dll/libeay32.pdb 
 WIN32_VS2013_MANIFESTS      =
@@ -414,7 +414,7 @@ LINUX_OPENSSL_PATH_SETUP = export LD_LIBRARY_PATH=$(OSSL_DIR);
 LINUX_BUILD_OSSL     = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) $(LINUX_$(CONFIG)_CFLAGS) -m32 linux-elf; make depend; make
 LINUX_CLEAN_OSSL     = cd $(OSSL_DIR); make clean
 LINUX_TEST_CMD       = $(DEFAULT_TEST_CMD)
-LINUX_EXTRAS  	     = PKCS11 PKCS11_PERF
+# LINUX_EXTRAS  	     = PKCS11 PKCS11_PERF
 
 LINUX_CMAKE_OQS      = cmake -G "Unix Makefiles" $(OQS_FLAGS) -DBUILD_ONLY="s3;iam;sts" -DCMAKE_C_FLAGS=-m32 .
 

icc/iccglobals.h

@@ -412,23 +412,10 @@ typedef enum {
 				   default entropy source is unusable, most likely
 				   a virtualized system or new hardware.
 				 - Valid values:  (<b>R/W1</b>)
-				   - "TRNG" (default) . Uses timing jitter. Tuned on startup to
-				       optimize performance.
-				   - "TRNG_ALT" Timing jitter mixed with an external source
-				     - If a hardware RNG is available, it will be used, otherwise
-				     - Unix/Linux it requires /dev/urandom or /dev/random
-				     - On Windows MSCAPI is used,
-				   - FIPS: allowed in FIPS mode
-			             - Reason: ALL modes meet FIPS requirements as entropy sources,
-				       and offline testing show they are of equivalent strength.
-				   - "TRNG" is in theory more resistant
-			               to local timing attacks and compromises of the extern RNG's
-				       than "TRNG_ALT" but neither class of attack is
-				       possible if the environmental constraints on FIPS compliance 
-				       are valid. i.e. single user mode
-				   - TRNG_ALT with hardware RNG is theoretically better on 
-				       virtualized systems.
-			         */
+				   - "TRNG_HW" (default)
+				   - "TRNG_OS"
+				   - "TRNG_FIPS"
+			    */
   ICC_INDUCED_FAILURE = 11,     /*!< Set to an active value (>0)
 				  before ICC_Init is called for the first time 
 				  this will force errors in ICC.

icc/platforms/1.1.1/API/aes_gcm.h

@@ -6,8 +6,6 @@
 // this file except in compliance with the License. You can obtain a copy
 // in the file LICENSE in the source distribution.
 *************************************************************************/
-/* GCM table driven acceleration: Aaron Cristensen November 2007. */
-
 
 #ifndef HEADER_AES_GCM_H
 #define HEADER_AES_GCM_H

icc/platforms/1.1.1/BASE_OSSL_FILES.mk

@@ -1,6 +1,4 @@
 
-ICC_RAND_OBJ = icc_rand$(OBJSUFX)
-
 #
 # Extra code needed to maintain API compatibility with older ICC's
 # we used to patch OpenSSL to do this, but now everything resides