add a way to restore previous pid behavior

.github/workflows/os-check.yml

@@ -49,6 +49,8 @@ jobs:
           '--enable-dtls --enable-dtls13 --enable-dtls-frag-ch
             --enable-dtls-mtu CPPFLAGS=-DWOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS',
           '--enable-opensslall --enable-opensslextra CPPFLAGS=-DWC_RNG_SEED_CB',
+          '--enable-opensslall --enable-opensslextra
+            CPPFLAGS='-DWC_RNG_SEED_CB -DWOLFSSL_NO_GETPID'',
         ]
     name: make check
     if: github.repository_owner == 'wolfssl'

src/ssl.c

@@ -25500,7 +25500,8 @@ static int wolfSSL_RAND_InitMutex(void)
 
 #ifdef OPENSSL_EXTRA
 
-#if defined(HAVE_GETPID) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
+#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \
+    defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
 /* In older FIPS bundles add check for reseed here since it does not exist in
  * the older random.c certified files. */
 static pid_t currentRandPid = 0;
@@ -25518,8 +25519,8 @@ int wolfSSL_RAND_Init(void)
         if (initGlobalRNG == 0) {
             ret = wc_InitRng(&globalRNG);
             if (ret == 0) {
-            #if defined(HAVE_GETPID) && defined(HAVE_FIPS) && \
-                FIPS_VERSION3_LT(6,0,0)
+            #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \
+                defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
                 currentRandPid = getpid();
             #endif
                 initGlobalRNG = 1;
@@ -25999,8 +26000,8 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
          * have the lock.
          */
         if (initGlobalRNG) {
-        #if defined(HAVE_GETPID) && defined(HAVE_FIPS) && \
-                FIPS_VERSION3_LT(6,0,0)
+        #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \
+                defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
             pid_t p;
 
             p = getpid();

tests/api.c

@@ -33159,7 +33159,11 @@ static int test_wolfSSL_RAND_bytes(void)
         ExpectIntEQ(RAND_bytes(randbuf, sizeof(randbuf)), 1);
         ExpectIntEQ(read(pipefds[0], &childrand64, sizeof(childrand64)),
             sizeof(childrand64));
+    #ifdef WOLFSSL_NO_GETPID
+        ExpectBufEQ(randbuf, &childrand64, sizeof(randbuf));
+    #else
         ExpectBufNE(randbuf, &childrand64, sizeof(randbuf));
+    #endif
         close(pipefds[0]);
         waitpid(pid, &waitstatus, 0);
     }

wolfcrypt/src/random.c

@@ -1640,7 +1640,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
 #else
     rng->heap = heap;
 #endif
-#ifdef HAVE_GETPID
+#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID)
     rng->pid = getpid();
 #endif
 #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
@@ -2014,7 +2014,7 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
     if (rng->status != DRBG_OK)
         return RNG_FAILURE_E;
 
-#ifdef HAVE_GETPID
+#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID)
     if (rng->pid != getpid()) {
         rng->pid = getpid();
         ret = PollAndReSeed(rng);

wolfssl/wolfcrypt/random.h

@@ -189,7 +189,7 @@ struct WC_RNG {
 #endif
     byte status;
 #endif
-#ifdef HAVE_GETPID
+#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID)
     pid_t pid;
 #endif
 #ifdef WOLFSSL_ASYNC_CRYPT