Add check for reseed in ssl.c for HAVE_SELFTEST, similar to old FIPS bundles that do not have older random.c files

cconlon · cconlon · commit cdd02f9665ef · 2025-06-18T17:21:55.000-06:00
diff --git a/src/ssl.c b/src/ssl.c
@@ -25514,7 +25514,7 @@ static int wolfSSL_RAND_InitMutex(void)
 #ifdef OPENSSL_EXTRA
 
 #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \
-    defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
+    ((defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)) || defined(HAVE_SELFTEST))
 /* In older FIPS bundles add check for reseed here since it does not exist in
  * the older random.c certified files. */
 static pid_t currentRandPid = 0;
@@ -25533,7 +25533,9 @@ int wolfSSL_RAND_Init(void)
             ret = wc_InitRng(&globalRNG);
             if (ret == 0) {
             #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \
-                defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
+                ((defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)) || \
+                 defined(HAVE_SELFTEST))
+
                 currentRandPid = getpid();
             #endif
                 initGlobalRNG = 1;
@@ -26014,7 +26016,8 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
          */
         if (initGlobalRNG) {
         #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \
-                defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
+                ((defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)) || \
+                 defined(HAVE_SELFTEST))
             pid_t p;
 
             p = getpid();
