From b1aa11d42edec1dfe31ca65eef4169c4482156de Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Wed, 16 Apr 2025 10:30:37 +1000
Subject: [PATCH] Entropy MemUse: fix for when block size less than update bits

When the block size is less than the number of update bits, adding the
update value will make the index larger than ENTROPY_NUM_WORDS.
The update bits, ENTROPY_NUM_UPDATES_BITS, should be less than or equal
to ENTROPY_BLOCK_SZ but is not practical.
Add extra elements to the entropy state to accomadate this.
---
 wolfcrypt/src/random.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index 42c7964d3..d85c1caa9 100644
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -1038,8 +1038,14 @@ static void Entropy_StopThread(void)
     #error "ENTROPY_NUM_64BIT_WORDS must be <= SHA3-256 digest size in bytes"
 #endif
 
+#if ENTROPY_BLOCK_SZ < ENTROPY_NUM_UPDATES_BITS
+#define EXTRA_ENTROPY_WORDS             ENTROPY_NUM_UPDATES
+#else
+#define EXTRA_ENTROPY_WORDS             0
+#endif
+
 /* State to update that is multiple cache lines long. */
-static word64 entropy_state[ENTROPY_NUM_WORDS] = {0};
+static word64 entropy_state[ENTROPY_NUM_WORDS + EXTRA_ENTROPY_WORDS] = {0};
 
 /* Using memory will take different amount of times depending on the CPU's
  * caches and business.