From 5ba35b1f649b96dbd61418600a6ecde655659390 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 24 Jun 2015 11:16:18 -0600
Subject: [PATCH] force HAVE_HASHDRBG enabled in settings.h unless
 WOLFSSL_FORCE_RC4_DRBG flag set

---
 wolfssl/wolfcrypt/random.h   | 3 +++
 wolfssl/wolfcrypt/settings.h | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h
index 192144324..989e53230 100644
--- a/wolfssl/wolfcrypt/random.h
+++ b/wolfssl/wolfcrypt/random.h
@@ -35,6 +35,9 @@
 #endif
 
 #ifndef HAVE_FIPS /* avoid redefining structs and macros */
+#if defined(WOLFSSL_FORCE_RC4_DRBG) && defined(NO_RC4)
+    #error Cannot have WOLFSSL_FORCE_RC4_DRBG and NO_RC4 defined.
+#endif /* WOLFSSL_FORCE_RC4_DRBG && NO_RC4 */
 #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
     #ifdef NO_SHA256
         #error "Hash DRBG requires SHA-256."
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 57c404a54..af8e690ff 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -790,6 +790,12 @@
     #define NO_OLD_TLS
 #endif
 
+/* If not forcing to use ARC4 as the DRBG, always enable Hash_DRBG */
+#undef HAVE_HASHDRBG
+#ifndef WOLFSSL_FORCE_RC4_DRBG
+    #define HAVE_HASHDRBG
+#endif
+
 /* Place any other flags or defines here */