From fe7d458d29f70778557924d7f9b4f86c27e5aa9d Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Tue, 24 Jun 2025 16:08:25 -0600 Subject: [PATCH 1/2] random.c is also locked in FIPS v6 --- src/ssl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index a188b87f1..a1a6c4419 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -25515,7 +25515,7 @@ static int wolfSSL_RAND_InitMutex(void) #ifdef OPENSSL_EXTRA #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \ - ((defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)) || defined(HAVE_SELFTEST)) + ((defined(HAVE_FIPS) && FIPS_VERSION3_LE(6,0,0)) || defined(HAVE_SELFTEST)) /* In older FIPS bundles add check for reseed here since it does not exist in * the older random.c certified files. */ static pid_t currentRandPid = 0; @@ -25534,7 +25534,7 @@ int wolfSSL_RAND_Init(void) ret = wc_InitRng(&globalRNG); if (ret == 0) { #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \ - ((defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)) || \ + ((defined(HAVE_FIPS) && FIPS_VERSION3_LE(6,0,0)) || \ defined(HAVE_SELFTEST)) currentRandPid = getpid(); @@ -26017,7 +26017,7 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) */ if (initGlobalRNG) { #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \ - ((defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)) || \ + ((defined(HAVE_FIPS) && FIPS_VERSION3_LE(6,0,0)) || \ defined(HAVE_SELFTEST)) pid_t p; From 6cf3b513338c92647f49e21c76d927723be9b5ad Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Tue, 24 Jun 2025 17:21:24 -0600 Subject: [PATCH 2/2] guard test that uses pipe from running with mingw --- tests/api.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/tests/api.c b/tests/api.c index 14295bbd6..6b67b6ed6 100644 --- a/tests/api.c +++ b/tests/api.c @@ -33199,7 +33199,8 @@ static int test_wolfSSL_RAND_bytes(void) const int size4 = RNG_MAX_BLOCK_LEN * 4; /* in bytes */ int max_bufsize; byte *my_buf = NULL; -#if defined(HAVE_GETPID) +#if defined(OPENSSL_EXTRA) && defined(HAVE_GETPID) && !defined(__MINGW64__) && \ + !defined(__MINGW32__) byte seed[16] = {0}; byte randbuf[8] = {0}; int pipefds[2] = {0}; @@ -33225,7 +33226,8 @@ static int test_wolfSSL_RAND_bytes(void) ExpectIntEQ(RAND_bytes(my_buf, size4), 1); XFREE(my_buf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#if defined(OPENSSL_EXTRA) && defined(HAVE_GETPID) +#if defined(OPENSSL_EXTRA) && defined(HAVE_GETPID) && !defined(__MINGW64__) && \ + !defined(__MINGW32__) XMEMSET(seed, 0, sizeof(seed)); RAND_cleanup(); @@ -33247,17 +33249,17 @@ static int test_wolfSSL_RAND_bytes(void) } else { /* Parent process. */ - word64 childrand64 = 0; + byte childrand[8] = {0}; int waitstatus = 0; close(pipefds[1]); ExpectIntEQ(RAND_bytes(randbuf, sizeof(randbuf)), 1); - ExpectIntEQ(read(pipefds[0], &childrand64, sizeof(childrand64)), - sizeof(childrand64)); + ExpectIntEQ(read(pipefds[0], childrand, sizeof(childrand)), + sizeof(childrand)); #ifdef WOLFSSL_NO_GETPID - ExpectBufEQ(randbuf, &childrand64, sizeof(randbuf)); + ExpectBufEQ(randbuf, childrand, sizeof(randbuf)); #else - ExpectBufNE(randbuf, &childrand64, sizeof(randbuf)); + ExpectBufNE(randbuf, childrand, sizeof(randbuf)); #endif close(pipefds[0]); waitpid(pid, &waitstatus, 0);