Files
wolfssl/wolfssl/wolfcrypt/random.h
T

604 lines
22 KiB
C

/* random.h
*
* Copyright (C) 2006-2026 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*!
\file wolfssl/wolfcrypt/random.h
*/
#ifndef WOLF_CRYPT_RANDOM_H
#define WOLF_CRYPT_RANDOM_H
#include <wolfssl/wolfcrypt/types.h>
#if FIPS_VERSION3_GE(2,0,0)
#include <wolfssl/wolfcrypt/fips.h>
#endif /* HAVE_FIPS_VERSION >= 2 */
#ifdef __cplusplus
extern "C" {
#endif
#if FIPS_VERSION3_GE(6,0,0)
extern const unsigned int wolfCrypt_FIPS_drbg_ro_sanity[2];
WOLFSSL_LOCAL int wolfCrypt_FIPS_DRBG_sanity(void);
#endif
/* Maximum generate block length */
#ifndef RNG_MAX_BLOCK_LEN
#ifdef HAVE_INTEL_QA
#define RNG_MAX_BLOCK_LEN (0xFFFFl)
#else
#define RNG_MAX_BLOCK_LEN (0x10000l)
#endif
#endif
/* Size of the DRBG seed (SHA-256) */
#ifndef DRBG_SEED_LEN
#define DRBG_SEED_LEN (440/8)
#endif
#ifdef WOLFSSL_DRBG_SHA512
#define DRBG_SHA512_SEED_LEN (888/8) /* 111 bytes per SP 800-90A Table 2 */
#endif
#if !defined(CUSTOM_RAND_TYPE)
/* To maintain compatibility the default is byte */
#define CUSTOM_RAND_TYPE byte
#endif
/* make sure Hash DRBG is enabled, unless WC_NO_HASHDRBG is defined
or CUSTOM_RAND_GENERATE_BLOCK is defined */
#if !defined(WC_NO_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
#undef HAVE_HASHDRBG
#define HAVE_HASHDRBG
#ifndef WC_RESEED_INTERVAL
#define WC_RESEED_INTERVAL (1000000)
#endif
#endif
/* avoid redefinition of structs */
#if !defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
/* RNG supports the following sources (in order):
* 1. CUSTOM_RAND_GENERATE_BLOCK: Defines name of function as RNG source and
* bypasses the options below.
* 2. HAVE_INTEL_RDRAND: Uses the Intel RDRAND if supported by CPU.
* 3. HAVE_HASHDRBG (requires SHA256 enabled): Uses SHA256 based P-RNG
* seeded via wc_GenerateSeed. This is the default source.
*/
/* Seed source can be overridden by defining one of these:
CUSTOM_RAND_GENERATE_SEED
CUSTOM_RAND_GENERATE_SEED_OS
CUSTOM_RAND_GENERATE */
#if defined(CUSTOM_RAND_GENERATE_BLOCK)
/* To use define the following:
* #define CUSTOM_RAND_GENERATE_BLOCK myRngFunc
* extern int myRngFunc(byte* output, word32 sz);
*/
#if defined(CUSTOM_RAND_GENERATE_BLOCK) && defined(WOLFSSL_KCAPI)
#undef CUSTOM_RAND_GENERATE_BLOCK
#define CUSTOM_RAND_GENERATE_BLOCK wc_hwrng_generate_block
WOLFSSL_LOCAL int wc_hwrng_generate_block(byte *output, word32 sz);
#endif
#elif defined(HAVE_HASHDRBG)
#ifdef NO_SHA256
#ifndef WOLFSSL_DRBG_SHA512
#error "Hash DRBG requires SHA-256 or SHA-512."
#endif
#endif /* NO_SHA256 */
#ifndef NO_SHA256
#include <wolfssl/wolfcrypt/sha256.h>
#endif
#ifdef WOLFSSL_DRBG_SHA512
#include <wolfssl/wolfcrypt/sha512.h>
#endif
#elif defined(HAVE_WNR)
/* allow whitewood as direct RNG source using wc_GenerateSeed directly */
#elif defined(HAVE_INTEL_RDRAND)
/* Intel RDRAND or RDSEED */
#elif defined(WOLF_CRYPTO_CB)
/* Requires registered Crypto Callback to service RNG, with devId set */
#elif !defined(WC_NO_RNG)
#error No RNG source defined!
#endif
#ifdef HAVE_WNR
#include <wnr.h>
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
#if defined(USE_WINDOWS_API)
#if defined(_WIN64)
typedef unsigned __int64 ProviderHandle;
/* type HCRYPTPROV, avoid #include <windows.h> */
#else
typedef unsigned long ProviderHandle;
#endif
#ifdef WIN_REUSE_CRYPT_HANDLE
/* called from wolfCrypt_Init() and wolfCrypt_Cleanup() */
WOLFSSL_LOCAL int wc_WinCryptHandleInit(void);
WOLFSSL_LOCAL void wc_WinCryptHandleCleanup(void);
#endif
#endif
#ifndef WC_OS_SEED_TYPE_DEFINED
typedef struct OS_Seed OS_Seed;
#define WC_OS_SEED_TYPE_DEFINED
#endif
#ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */
typedef struct WC_RNG WC_RNG;
#ifdef WC_RNG_SEED_CB
typedef int (*wc_RngSeed_Cb)(OS_Seed* os, byte* seed, word32 sz);
#endif
#define WC_RNG_TYPE_DEFINED
#endif
/* OS specific seeder */
struct OS_Seed {
#if defined(USE_WINDOWS_API)
ProviderHandle handle;
#else
int fd;
#if defined(WOLFSSL_KEEP_RNG_SEED_FD_OPEN)
WC_BITFIELD seedFdOpen:1;
WC_BITFIELD keepSeedFdOpen:1;
#endif
#endif
#if defined(WOLF_CRYPTO_CB)
int devId;
#endif
};
#ifdef HAVE_HASHDRBG
/* The security strength for the RNG is the target number of bits of
* entropy you are looking for in a seed. */
/* RNG_SECURITY_STRENGTH is unprefixed for backward compat. */
#ifndef RNG_SECURITY_STRENGTH
/* SHA-256 requires a minimum of 256-bits of entropy. */
#define RNG_SECURITY_STRENGTH (256)
#endif
/* wolfentropy.h will define for HAVE_ENTROPY_MEMUSE */
#ifdef HAVE_ENTROPY_MEMUSE
#include <wolfssl/wolfcrypt/wolfentropy.h>
#else
/* Maximum entropy bits that can be produced. */
#define MAX_ENTROPY_BITS 256
#endif
/* ENTROPY_SCALE_FACTOR is unprefixed for backward compat. */
#ifndef ENTROPY_SCALE_FACTOR
/* The entropy scale factor should be the whole number inverse of the
* minimum bits of entropy per bit of NDRNG output. */
#if defined(HAVE_AMD_RDSEED)
/* This will yield a SEED_SZ of 16kb. Since nonceSz will be 0,
* we'll add an additional 8kb on top.
*
* See "AMD RNG ESV Public Use Document". Version 0.7 of October 24,
* 2024 specifies 0.656 to 1.312 bits of entropy per 128 bit block of
* RDSEED output, depending on CPU family.
*/
#define ENTROPY_SCALE_FACTOR (512)
#elif defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND)
/* The value of 2 applies to Intel's RDSEED which provides about
* 0.5 bits minimum of entropy per bit. The value of 4 gives a
* conservative margin for FIPS. */
#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION >= 2)
#define ENTROPY_SCALE_FACTOR (2*4)
#else
/* Not FIPS, but Intel RDSEED, only double. */
#define ENTROPY_SCALE_FACTOR (2)
#endif
#elif defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION >= 2)
/* If doing a FIPS build without a specific scale factor, default
* to 4. This will give 1024 bits of entropy. More is better, but
* more is also slower. */
#define ENTROPY_SCALE_FACTOR (4)
#else
/* Setting the default to 1. */
#define ENTROPY_SCALE_FACTOR (1)
#endif
#endif /* !ENTROPY_SCALE_FACTOR */
/* SEED_BLOCK_SZ is unprefixed for backward compat. */
#ifndef SEED_BLOCK_SZ
/* The seed block size, is the size of the output of the underlying NDRNG.
* This value is used for testing the output of the NDRNG. */
#if defined(HAVE_AMD_RDSEED)
/* AMD's RDSEED instruction works in 128-bit blocks read 64-bits
* at a time. */
#define SEED_BLOCK_SZ (sizeof(word64)*2)
#elif defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND)
/* RDSEED outputs in blocks of 64-bits. */
#define SEED_BLOCK_SZ sizeof(word64)
#else
/* Setting the default to 4. */
#define SEED_BLOCK_SZ 4
#endif
#endif
#define WC_DRBG_SEED_BLOCK_SZ SEED_BLOCK_SZ
/* WC_DRBG_SEED_SZ is the number of bytes of raw entropy gathered from the
* NDRNG at instantiation and reseed. We deliberately "overseed" beyond the
* NIST minimum (security_strength bits) to account for entropy sources that
* may deliver fewer than 1 bit of real entropy per bit of output. With the
* default FIPS ENTROPY_SCALE_FACTOR of 4 this yields 256*4/8 = 128 bytes =
* 1024 bits of raw seed material, guaranteeing at least 256 bits of real
* entropy even if the source provides only 1 good bit per 4.
*
* Hash_df then compresses this seed material into the internal V and C state
* vectors (seedlen = 440 bits for SHA-256, 888 bits for SHA-512 per
* SP 800-90A Table 2).
*
* In FIPS mode (ENTROPY_SCALE_FACTOR >= 4) the base is already >= 128 bytes
* which exceeds DRBG_SHA512_SEED_LEN (111), so both DRBGs use the same
* seed size. In non-FIPS mode we use the base for both DRBGs so that
* enabling SHA-512 DRBG does not inflate the per-init entropy cost.
* SP 800-90A requires only security_strength bits (256 = 32 bytes) of
* entropy regardless of hash size; hash_df compresses the seed material
* into the internal V/C state vectors. */
#define WC_DRBG_SEED_SZ_BASE (RNG_SECURITY_STRENGTH*ENTROPY_SCALE_FACTOR/8)
#if defined(HAVE_FIPS) && defined(WOLFSSL_DRBG_SHA512) && \
(WC_DRBG_SEED_SZ_BASE < DRBG_SHA512_SEED_LEN)
#define WC_DRBG_SEED_SZ DRBG_SHA512_SEED_LEN
#else
#define WC_DRBG_SEED_SZ WC_DRBG_SEED_SZ_BASE
#endif
/* The maximum seed size will be the seed size plus a seed block for the
* test, and an additional half of the seed size. This additional half
* is in case the user does not supply a nonce. A nonce will be obtained
* from the NDRNG. */
#define WC_DRBG_MAX_SEED_SZ (WC_DRBG_SEED_SZ + WC_DRBG_SEED_SZ/2 + \
SEED_BLOCK_SZ)
#ifndef NO_SHA256
#define RNG_HEALTH_TEST_CHECK_SIZE (WC_SHA256_DIGEST_SIZE * 4)
#endif
#ifdef WOLFSSL_DRBG_SHA512
#define RNG_HEALTH_TEST_CHECK_SIZE_SHA512 (WC_SHA512_DIGEST_SIZE * 4)
#endif
#ifndef NO_SHA256
struct DRBG_internal {
#ifdef WORD64_AVAILABLE
word64 reseedCtr;
#else
word32 reseedCtr;
#endif
byte V[DRBG_SEED_LEN];
byte C[DRBG_SEED_LEN];
void* heap;
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
int devId;
#endif
#ifdef WOLFSSL_SMALL_STACK_CACHE
wc_Sha256 sha256;
byte seed_scratch[DRBG_SEED_LEN];
byte digest_scratch[WC_SHA256_DIGEST_SIZE];
#endif
};
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_DRBG_SHA512
struct DRBG_SHA512_internal {
word64 reseedCtr;
byte V[DRBG_SHA512_SEED_LEN];
byte C[DRBG_SHA512_SEED_LEN];
void* heap;
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
int devId;
#endif
#ifdef WOLFSSL_SMALL_STACK_CACHE
wc_Sha512 sha512;
byte seed_scratch[DRBG_SHA512_SEED_LEN];
byte digest_scratch[WC_SHA512_DIGEST_SIZE];
#endif
};
#endif /* WOLFSSL_DRBG_SHA512 */
#endif /* HAVE_HASHDRBG */
/* DRBG type enum */
#ifdef HAVE_HASHDRBG
enum wc_DrbgType {
WC_DRBG_SHA256 = 0,
WC_DRBG_SHA512 = 1
};
#endif
/* RNG health states */
#define WC_DRBG_NOT_INIT 0
#define WC_DRBG_OK 1
#define WC_DRBG_FAILED 2
#define WC_DRBG_CONT_FAILED 3
#ifdef WC_RNG_BANK_SUPPORT
#define WC_DRBG_BANKREF 4 /* Marks the WC_RNG as a ref to a wc_rng_bank,
* with no usable DRBG of its own.
*/
#endif
/* RNG context */
struct WC_RNG {
struct OS_Seed seed;
void* heap;
byte status;
#if defined(WC_RNG_BANK_SUPPORT) || defined(HAVE_HASHDRBG)
#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
union {
#endif
#ifdef WC_RNG_BANK_SUPPORT
struct wc_rng_bank *bankref;
#endif
#ifdef HAVE_HASHDRBG
#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
struct {
#endif
#ifndef NO_SHA256
/* SHA-256 Hash-based Deterministic Random Bit Generator */
struct DRBG* drbg;
#if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY)
struct DRBG_internal drbg_data;
#endif
#ifdef WOLFSSL_SMALL_STACK_CACHE
/* SHA-256 scratch buffers -- preallocated by _InitRng(). */
struct DRBG_internal *drbg_scratch;
byte *health_check_scratch;
#endif
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SMALL_STACK_CACHE
/* Seed buffer for PollAndReSeed -- shared by both DRBG types */
byte *newSeed_buf;
#endif
#ifdef WOLFSSL_DRBG_SHA512
/* SHA-512 Hash-based Deterministic Random Bit Generator */
struct DRBG_SHA512* drbg512;
#if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY)
struct DRBG_SHA512_internal drbg512_data;
#endif
#ifdef WOLFSSL_SMALL_STACK_CACHE
/* SHA-512 scratch buffers -- preallocated by _InitRng(). */
struct DRBG_SHA512_internal *drbg512_scratch;
byte *health_check_scratch_512;
#endif
#endif /* WOLFSSL_DRBG_SHA512 */
byte drbgType; /* WC_DRBG_SHA256 or WC_DRBG_SHA512 */
#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
};
#endif
#endif /* HAVE_HASHDRBG */
#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
};
#endif
#endif /* WC_RNG_BANK_SUPPORT || HAVE_HASHDRBG */
#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID)
pid_t pid;
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
WC_ASYNC_DEV asyncDev;
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
int devId;
#endif
};
#endif /* NO FIPS or have FIPS v2*/
/* NO_OLD_RNGNAME removes RNG struct name to prevent possible type conflicts,
* can't be used with CTaoCrypt FIPS */
#if !defined(NO_OLD_RNGNAME) && !defined(HAVE_FIPS)
#define RNG WC_RNG
#endif
WOLFSSL_API int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz);
#ifdef HAVE_WNR
/* Whitewood netRandom client library */
WOLFSSL_API int wc_InitNetRandom(const char*, wnr_hmac_key, int);
WOLFSSL_API int wc_FreeNetRandom(void);
#endif /* HAVE_WNR */
WOLFSSL_ABI WOLFSSL_API WC_RNG* wc_rng_new(byte* nonce, word32 nonceSz,
void* heap);
WOLFSSL_API int wc_rng_new_ex(WC_RNG **rng, byte* nonce, word32 nonceSz,
void* heap, int devId);
WOLFSSL_ABI WOLFSSL_API void wc_rng_free(WC_RNG* rng);
#ifndef WC_NO_RNG
WOLFSSL_ABI WOLFSSL_API int wc_InitRng(WC_RNG* rng);
WOLFSSL_API int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId);
WOLFSSL_API int wc_InitRngNonce(WC_RNG* rng, byte* nonce, word32 nonceSz);
WOLFSSL_API int wc_InitRngNonce_ex(WC_RNG* rng, byte* nonce, word32 nonceSz,
void* heap, int devId);
WOLFSSL_ABI WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz);
WOLFSSL_API int wc_RNG_GenerateByte(WC_RNG* rng, byte* b);
WOLFSSL_API int wc_FreeRng(WC_RNG* rng);
#else
#include <wolfssl/wolfcrypt/error-crypt.h>
#define wc_InitRng(rng) NOT_COMPILED_IN
#define wc_InitRng_ex(rng, h, d) NOT_COMPILED_IN
#define wc_InitRngNonce(rng, n, s) NOT_COMPILED_IN
#define wc_InitRngNonce_ex(rng, n, s, h, d) NOT_COMPILED_IN
#if defined(__ghs__) || defined(WC_NO_RNG_SIMPLE)
/* some older compilers do not like macro function in expression */
#define wc_RNG_GenerateBlock(rng, b, s) NOT_COMPILED_IN
#else
#ifdef _MSC_VER
#define wc_RNG_GenerateBlock(rng, b, s) (int)(NOT_COMPILED_IN)
#else
#define wc_RNG_GenerateBlock(rng, b, s) \
({(void)rng; (void)b; (void)s; NOT_COMPILED_IN;})
#endif
#endif
#define wc_RNG_GenerateByte(rng, b) NOT_COMPILED_IN
#define wc_FreeRng(rng) (void)NOT_COMPILED_IN
#endif
#ifdef WC_RNG_SEED_CB
WOLFSSL_API int wc_SetSeed_Cb(wc_RngSeed_Cb cb);
#endif
#ifdef HAVE_HASHDRBG
WOLFSSL_API int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* seed,
word32 seedSz);
WOLFSSL_API int wc_RNG_TestSeed(const byte* seed, word32 seedSz);
#ifndef NO_SHA256
/* SHA-256 Hash_DRBG health test entry points. SHA-512-only builds
* (NO_SHA256 + WOLFSSL_DRBG_SHA512) use wc_RNG_HealthTest_SHA512_ex
* declared below. */
WOLFSSL_API int wc_RNG_HealthTest(int reseed,
const byte* seedA, word32 seedASz,
const byte* seedB, word32 seedBSz,
byte* output, word32 outputSz);
WOLFSSL_API int wc_RNG_HealthTest_ex(int reseed,
const byte* nonce, word32 nonceSz,
const byte* seedA, word32 seedASz,
const byte* seedB, word32 seedBSz,
byte* output, word32 outputSz,
void* heap, int devId);
#endif /* !NO_SHA256 */
#if !defined(NO_SHA256) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
/* Extended SHA-256 Hash_DRBG health test per SP 800-90A.
* Flexible output size, prediction resistance, personalization
* strings, and additional input support. */
WOLFSSL_API int wc_RNG_HealthTest_SHA256_ex(
int predResistance,
const byte* nonce, word32 nonceSz,
const byte* persoString,
word32 persoStringSz,
const byte* entropyA,
word32 entropyASz,
const byte* entropyB,
word32 entropyBSz,
const byte* entropyC,
word32 entropyCsz,
const byte* additionalA,
word32 additionalASz,
const byte* additionalB,
word32 additionalBSz,
const byte* additionalReseed,
word32 additionalReseedSz,
byte* output, word32 outputSz,
void* heap, int devId);
#endif /* !NO_SHA256 && !HAVE_SELFTEST && FIPS v7+ */
#if defined(WOLFSSL_DRBG_SHA512) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
WOLFSSL_API int wc_RNG_HealthTest_SHA512(int reseed,
const byte* seedA, word32 seedASz,
const byte* seedB, word32 seedBSz,
byte* output, word32 outputSz);
WOLFSSL_API int wc_RNG_HealthTest_SHA512_ex(int reseed,
const byte* nonce, word32 nonceSz,
const byte* persoString,
word32 persoStringSz,
const byte* seedA, word32 seedASz,
const byte* seedB, word32 seedBSz,
const byte* additionalA,
word32 additionalASz,
const byte* additionalB,
word32 additionalBSz,
byte* output, word32 outputSz,
void* heap, int devId);
/* Extended SHA-512 Hash_DRBG health test per SP 800-90A.
* Flexible output size, prediction resistance support.
* predResistance=1: additionalA/B go to Reseed per SP 800-90A 9.3.1,
* Generate gets NULL additional input.
* predResistance=0: additionalReseed goes to Reseed, additionalA/B go
* to Generate calls 1 and 2 respectively. */
WOLFSSL_API int wc_RNG_HealthTest_SHA512_ex2(
int predResistance,
const byte* nonce, word32 nonceSz,
const byte* persoString,
word32 persoStringSz,
const byte* entropyA,
word32 entropyASz,
const byte* entropyB,
word32 entropyBSz,
const byte* entropyC,
word32 entropyCsz,
const byte* additionalA,
word32 additionalASz,
const byte* additionalB,
word32 additionalBSz,
const byte* additionalReseed,
word32 additionalReseedSz,
byte* output, word32 outputSz,
void* heap, int devId);
#endif /* WOLFSSL_DRBG_SHA512 && !HAVE_SELFTEST && FIPS v7+ */
/* Runtime DRBG disable/enable API */
#if !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
WOLFSSL_API int wc_Sha256Drbg_Disable(void);
WOLFSSL_API int wc_Sha256Drbg_Enable(void);
WOLFSSL_API int wc_Sha256Drbg_IsDisabled(void);
#ifdef WOLFSSL_DRBG_SHA512
WOLFSSL_API int wc_Sha512Drbg_Disable(void);
WOLFSSL_API int wc_Sha512Drbg_Enable(void);
WOLFSSL_API int wc_Sha512Drbg_IsDisabled(void);
#endif
#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS v7+) */
/* DRBG state mutex init/free, called from wolfCrypt_Init/Cleanup.
* Only in v7+ or non-FIPS/non-selftest; older modules lack these. */
#if !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
WOLFSSL_LOCAL int wc_DrbgState_MutexInit(void);
WOLFSSL_LOCAL int wc_DrbgState_MutexFree(void);
#endif
#endif /* HAVE_HASHDRBG */
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLF_CRYPT_RANDOM_H */