From 9c35c0de65e135e621400958f22829c0d2555ed4 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Wed, 18 Jun 2025 16:08:34 -0600 Subject: [PATCH 1/3] Add HAVE_GETPID to options.h if getpid detected, needed for apps to correctly detect size of WC_RNG struct --- configure.ac | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/configure.ac b/configure.ac index 6fa30f140..86e0d543a 100644 --- a/configure.ac +++ b/configure.ac @@ -160,6 +160,9 @@ fi #ifdef HAVE_STDLIB_H #include #endif +#ifdef HAVE_UNISTD_H + #include +#endif #ifdef HAVE_CTYPE_H #include #endif @@ -10469,6 +10472,12 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE___UINT128_T=1" fi +# Add HAVE_GETPID to AM_CFLAGS for inclusion in options.h +if test "$ac_cv_func_getpid" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DHAVE_GETPID=1" +fi + LIB_SOCKET_NSL AX_HARDEN_CC_COMPILER_FLAGS From cdd02f9665ef43126503307972e4389070a00a73 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Wed, 18 Jun 2025 16:57:02 -0600 Subject: [PATCH 2/3] Add check for reseed in ssl.c for HAVE_SELFTEST, similar to old FIPS bundles that do not have older random.c files --- src/ssl.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 16acfda1c..d69d2c32c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -25514,7 +25514,7 @@ static int wolfSSL_RAND_InitMutex(void) #ifdef OPENSSL_EXTRA #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \ - defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + ((defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)) || defined(HAVE_SELFTEST)) /* In older FIPS bundles add check for reseed here since it does not exist in * the older random.c certified files. */ static pid_t currentRandPid = 0; @@ -25533,7 +25533,9 @@ int wolfSSL_RAND_Init(void) ret = wc_InitRng(&globalRNG); if (ret == 0) { #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \ - defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + ((defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)) || \ + defined(HAVE_SELFTEST)) + currentRandPid = getpid(); #endif initGlobalRNG = 1; @@ -26014,7 +26016,8 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) */ if (initGlobalRNG) { #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \ - defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + ((defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)) || \ + defined(HAVE_SELFTEST)) pid_t p; p = getpid(); From 9ee212cacc521fecd4fe955b1670df2cbaec2061 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Mon, 23 Jun 2025 17:33:52 -0600 Subject: [PATCH 3/3] fix for free'ing memory with test case --- tests/api.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/api.c b/tests/api.c index 8cadb6af8..a311eb2b3 100644 --- a/tests/api.c +++ b/tests/api.c @@ -33211,7 +33211,7 @@ static int test_wolfSSL_RAND_bytes(void) max_bufsize = size4; - ExpectNotNull(my_buf = (byte*)XMALLOC(max_bufsize * sizeof(byte), NULL, + ExpectNotNull(my_buf = (byte*)XMALLOC(max_bufsize * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); ExpectIntEQ(RAND_bytes(my_buf, 0), 1); @@ -33222,6 +33222,7 @@ static int test_wolfSSL_RAND_bytes(void) ExpectIntEQ(RAND_bytes(my_buf, size2), 1); ExpectIntEQ(RAND_bytes(my_buf, size3), 1); ExpectIntEQ(RAND_bytes(my_buf, size4), 1); + XFREE(my_buf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #if defined(OPENSSL_EXTRA) && defined(HAVE_GETPID) XMEMSET(seed, 0, sizeof(seed)); @@ -33262,8 +33263,6 @@ static int test_wolfSSL_RAND_bytes(void) } RAND_cleanup(); #endif - - XFREE(my_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return EXPECT_RESULT(); }