FIPSv2: RNG Update

1. Updated the IDE/WIN10 user settings to enable RDSEED by default.
2. Updated the Windows GenerateSeed() function to take into account the
RDSEED enabled setting.
3. Exclude the TestSeed() function check for the "selftest" build as
well as old FIPS.

IDE/WIN10/user_settings.h

@@ -42,6 +42,9 @@
         #define WOLFSSL_VALIDATE_ECC_IMPORT
         #define WOLFSSL_VALIDATE_FFC_IMPORT
         #define HAVE_FFDHE_Q
+        #define WOLFSSL_AESNI
+        #define HAVE_INTEL_RDSEED
+        #define FORCE_FAILURE_RDSEED
     #endif /* FIPS v2 */
 #else
     /* Enables blinding mode, to prevent timing attacks */

wolfcrypt/src/random.c

@@ -1442,6 +1442,19 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 
 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 {
+    #ifdef HAVE_INTEL_RDSEED
+        if (IS_INTEL_RDSEED(intel_flags)) {
+             if (!wc_GenerateSeed_IntelRD(NULL, output, sz)) {
+                 /* success, we're done */
+                 return 0;
+             }
+        #ifdef FORCE_FAILURE_RDSEED
+             /* don't fall back to CryptoAPI */
+             return READ_RAN_E;
+        #endif
+        }
+    #endif /* HAVE_INTEL_RDSEED */
+
     if(!CryptAcquireContext(&os->handle, 0, 0, PROV_RSA_FULL,
                             CRYPT_VERIFYCONTEXT))
         return WINCRYPT_E;

wolfcrypt/test/test.c

@@ -8277,7 +8277,7 @@ int random_test(void)
         return ret;
 
     /* Test the seed check function. */
-#if !defined(HAVE_FIPS) || \
+#if !(defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) || \
     (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
     {
         word32 i, outputSz;