Skip to content

random.c: fix fips v7 define guards.#10885

Open
philljj wants to merge 1 commit into
wolfSSL:masterfrom
philljj:fips_v7_guards
Open

random.c: fix fips v7 define guards.#10885
philljj wants to merge 1 commit into
wolfSSL:masterfrom
philljj:fips_v7_guards

Conversation

@philljj

@philljj philljj commented Jul 11, 2026

Copy link
Copy Markdown
Contributor

Description

Add some fips v7 define guards to random.c. They were present in random.h, but missing for the corresponding functions in random.c.

Fixes fips=v6 build errors on freebsd userspace:

wolfcrypt/src/random.c:389:5: error: no previous prototype for function 'wc_DrbgState_MutexInit' [-Werror,-Wmissing-prototypes]
  389 | int wc_DrbgState_MutexInit(void)
      |     ^

Requires:

Testing

fips_hash=30CF65D11002855703E8184481BB871FAA511410A03A008CAD6DD066D36F4860
BSDKM_CFLAGS="-DWOLFCRYPT_FIPS_CORE_HASH_VALUE=$fips_hash -DWOLFSSL_BSDKM_VERBOSE_DEBUG"
./configure --enable-cryptonly --enable-crypttests \
  --enable-all-crypto --enable-aesni \
  --enable-aesni-with-avx --enable-fips=v7 \
  CFLAGS="$BSDKM_CFLAGS" && make -j1 \
  || exit 1
fips_hash=54FA63BED6A82155BD5F76FE031FB285DDD7825FC5D9D95D157FF4805DC2A1A5
BSDKM_CFLAGS="-DWOLFCRYPT_FIPS_CORE_HASH_VALUE=$fips_hash -DWOLFSSL_BSDKM_VERBOSE_DEBUG"
./configure --enable-cryptonly --enable-crypttests \
  --enable-fips=v6 \
  CFLAGS="$BSDKM_CFLAGS" && make -j1 \
  || exit 1

Copilot AI review requested due to automatic review settings July 11, 2026 04:05

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request aligns wolfcrypt/src/random.c with the existing FIPS v7+ / non-FIPS define guards already present in wolfssl/wolfcrypt/random.h, preventing FIPS=v6 builds from compiling non-prototyped (and apparently unsupported) DRBG state/disable APIs.

Changes:

  • Wrapped the runtime DRBG disable-state globals and mutex helpers in random.c with the same !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) guard used by the header.
  • Moved/adjusted preprocessor #endif boundaries so the guarded functions in random.c match the header’s visibility and avoid -Wmissing-prototypes failures.
  • Tightened the compile guards for the extended SHA-256 DRBG health-test entrypoint to exclude selftest / older FIPS builds.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread wolfcrypt/src/random.c
return ret;
}
#endif /* !NO_SHA256 */
#endif /* !NO_SHA256 && !HAVE_SELFTEST && FIPS v7+ */
@philljj philljj self-assigned this Jul 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants