From bb6eadf2d5a93f8a375d9e249ae68084172f8aa8 Mon Sep 17 00:00:00 2001
From: Anthony Hu <anthony@wolfssl.com>
Date: Wed, 17 Sep 2025 16:23:38 -0400
Subject: [PATCH] Allow building with hashdrbg disabled under fips

Fixes ZD20493
---
 examples/server/server.c        | 2 +-
 src/ssl.c                       | 2 +-
 tests/api/test_random.c         | 2 ++
 tests/unit.c                    | 2 +-
 wolfcrypt/benchmark/benchmark.c | 2 +-
 wolfcrypt/test/test.c           | 2 +-
 6 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/examples/server/server.c b/examples/server/server.c
index 9340742746..a9d5469419 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -4081,7 +4081,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
         wolfSSL_Debugging_ON();
 #endif
         wolfSSL_Init();
-#ifdef WC_RNG_SEED_CB
+#if defined(WC_RNG_SEED_CB) && !defined(WC_NO_HASHDRBG)
         wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT);
 #endif
         ChangeToWolfRoot();
diff --git a/src/ssl.c b/src/ssl.c
index 794e5991e6..2194e3309f 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -6321,7 +6321,7 @@ int wolfSSL_Init(void)
         }
 #endif
 
-    #ifdef WC_RNG_SEED_CB
+    #if defined(WC_RNG_SEED_CB) && !defined(WC_NO_HASHDRBG)
         wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT);
     #endif
 
diff --git a/tests/api/test_random.c b/tests/api/test_random.c
index 26de363627..175e6732bb 100644
--- a/tests/api/test_random.c
+++ b/tests/api/test_random.c
@@ -324,6 +324,7 @@ int test_wc_RNG_DRBG_Reseed(void)
 int test_wc_RNG_TestSeed(void)
 {
     EXPECT_DECLS;
+#ifndef WC_NO_HASHDRBG
 #if defined(HAVE_HASHDRBG) && \
     !(defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) || \
     (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
@@ -351,6 +352,7 @@ int test_wc_RNG_TestSeed(void)
     for (i = 0; i < (byte)sizeof(seed); i++)
         seed[i] = i;
     ExpectIntEQ(wc_RNG_TestSeed(seed, sizeof(seed)), 0);
+#endif
 #endif
     return EXPECT_RESULT();
 }
diff --git a/tests/unit.c b/tests/unit.c
index 17a5b5c3fc..760e252d6b 100644
--- a/tests/unit.c
+++ b/tests/unit.c
@@ -88,7 +88,7 @@ int unit_test(int argc, char** argv)
     wolfSSL_Debugging_ON();
 #endif
 
-#ifdef WC_RNG_SEED_CB
+#if defined(WC_RNG_SEED_CB) && !defined(WC_NO_HASHDRBG)
     wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT);
 #endif
 #ifdef HAVE_WNR
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index 40ca470bc9..9ce07d01e3 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -4073,7 +4073,7 @@ int benchmark_init(void)
     }
 #endif
 
-#ifdef WC_RNG_SEED_CB
+#if defined(WC_RNG_SEED_CB) && !defined(WC_NO_HASHDRBG)
     wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT);
 #endif
 
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 3f10a7109c..e32b694746 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -1530,7 +1530,7 @@ wc_test_ret_t wolfcrypt_test(void* args)
     heap_baselineBytes = wolfCrypt_heap_peakBytes_checkpoint();
 #endif
 
-#ifdef WC_RNG_SEED_CB
+#if defined(WC_RNG_SEED_CB) && !defined(WC_NO_HASHDRBG)
         wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT);
 #endif