Random Number Generation
Functions
| Name | |
|---|---|
| int | wc_InitNetRandom(const char * configFile, wnr_hmac_key hmac_cb, int timeout) Init global Whitewood netRandom context. |
| int | wc_FreeNetRandom(void ) Free global Whitewood netRandom context. |
| int | wc_InitRng(WC_RNG * rng) Gets the seed (from OS) and key cipher for rng. rng_>drbg (deterministic random bit generator) allocated (should be deallocated with wc_FreeRng). This is a blocking operation. |
| int | wc_RNG_GenerateBlock(WC_RNG * rng, byte * b, word32 sz) Copies a sz bytes of pseudorandom data to output. Will reseed rng if needed (blocking). |
| int | wc_RNG_GenerateByte(WC_RNG * rng, byte * b) Calls wc_RNG_GenerateBlock to copy a byte of pseudorandom data to b. Will reseed rng if needed. |
| int | wc_FreeRng(WC_RNG * rng) Should be called when RNG no longer needed in order to securely free drgb. Zeros and XFREEs rng-drbg. |
| int | wc_RNG_HealthTest(int reseed, const byte * seedA, word32 seedASz, const byte * seedB, word32 seedBSz, byte * output, word32 outputSz) Creates and tests functionality of drbg. |
| int | wc_GenerateSeed(OS_Seed * os, byte * output, word32 sz) Generates seed from OS entropy source. Lower-level function used internally by wc_InitRng. |
| WC_RNG * | wc_rng_new(byte * nonce, word32 nonceSz, void * heap) Allocates and initializes new WC_RNG with optional nonce. |
| int | wc_rng_new_ex(WC_RNG ** rng, byte * nonce, word32 nonceSz, void * heap, int devId) Allocates and initializes WC_RNG with extended parameters. |
| void | wc_rng_free(WC_RNG * rng) Frees WC_RNG allocated with wc_rng_new. |
| int | wc_InitRng_ex(WC_RNG * rng, void * heap, int devId) Initializes WC_RNG with extended parameters. |
| int | wc_InitRngNonce(WC_RNG * rng, byte * nonce, word32 nonceSz) Initializes WC_RNG with nonce. |
| int | wc_InitRngNonce_ex(WC_RNG * rng, byte * nonce, word32 nonceSz, void * heap, int devId) Initializes WC_RNG with nonce and extended parameters. |
| int | wc_SetSeed_Cb(wc_RngSeed_Cb cb) Sets callback for custom seed generation. |
| int | wc_RNG_DRBG_Reseed(WC_RNG * rng, const byte * seed, word32 seedSz) Reseeds DRBG with new entropy. |
| int | wc_RNG_TestSeed(const byte * seed, word32 seedSz) Tests seed validity for DRBG. |
| int | wc_RNG_HealthTest_ex(int reseed, const byte * nonce, word32 nonceSz, const byte * seedA, word32 seedASz, const byte * seedB, word32 seedBSz, byte * output, word32 outputSz, void * heap, int devId) RNG health test with extended parameters. |
| int | wc_Entropy_GetRawEntropy(unsigned char * raw, int cnt) Gets raw entropy without DRBG processing. |
| int | wc_Entropy_Get(int bits, unsigned char * entropy, word32 len) Gets processed entropy with specified bits. |
| int | wc_Entropy_OnDemandTest(void ) Tests entropy source on demand. |
| int | wc_RNG_HealthTest_SHA512(int reseed, const byte * seedA, word32 seedASz, const byte * seedB, word32 seedBSz, byte * output, word32 outputSz) Runs the SHA_512 Hash_DRBG Known Answer Test (KAT) per SP 800-90A. Instantiates a SHA-512 DRBG with seedA, optionally reseeds with seedB, generates output, and compares against known test vectors. Available when WOLFSSL_DRBG_SHA512 is defined. |
| int | wc_RNG_HealthTest_SHA512_ex(int reseed, const byte * nonce, word32 nonceSz, const byte * persoString, word32 persoStringSz, const byte * seedA, word32 seedASz, const byte * seedB, word32 seedBSz, const byte * additionalA, word32 additionalASz, const byte * additionalB, word32 additionalBSz, byte * output, word32 outputSz, void * heap, int devId) Extended SHA-512 Hash_DRBG health test with nonce, personalization string, and additional input support. Suitable for full ACVP / CAVP test vector validation. Available when WOLFSSL_DRBG_SHA512 is defined. |
| int | wc_Sha256Drbg_Disable(void ) Disables the SHA_256 Hash_DRBG at runtime. When disabled, newly initialized WC_RNG instances will not use the SHA_256 DRBG. If the SHA_512 DRBG is enabled (WOLFSSL_DRBG_SHA512), new RNG instances will use SHA-512 instead. Requires HAVE_HASHDRBG. |
| int | wc_Sha256Drbg_Enable(void ) Re_enables the SHA_256 Hash_DRBG at runtime after a prior call to wc_Sha256Drbg_Disable(). Requires HAVE_HASHDRBG. |
| int | wc_Sha256Drbg_IsDisabled(void ) Returns whether the SHA-256 Hash_DRBG is currently disabled. Requires HAVE_HASHDRBG. |
| int | wc_Sha512Drbg_Disable(void ) Disables the SHA-512 Hash_DRBG at runtime. When disabled, newly initialized WC_RNG instances will not use the SHA-512 DRBG. If the SHA-256 DRBG is still enabled, new RNG instances will fall back to SHA-256. Available when WOLFSSL_DRBG_SHA512 is defined. Requires HAVE_HASHDRBG. |
| int | wc_Sha512Drbg_Enable(void ) Re_enables the SHA_512 Hash_DRBG at runtime after a prior call to wc_Sha512Drbg_Disable(). Available when WOLFSSL_DRBG_SHA512 is defined. Requires HAVE_HASHDRBG. |
| int | wc_Sha512Drbg_IsDisabled(void ) Returns whether the SHA-512 Hash_DRBG is currently disabled. Available when WOLFSSL_DRBG_SHA512 is defined. Requires HAVE_HASHDRBG. |
Functions Documentation
function wc_InitNetRandom
int wc_InitNetRandom(
const char * configFile,
wnr_hmac_key hmac_cb,
int timeout
)
Init global Whitewood netRandom context.
Parameters:
- configFile Path to configuration file
- hmac_cb Optional to create HMAC callback.
- timeout A timeout duration.
See: wc_FreeNetRandom
Return:
- 0 Success
- BAD_FUNC_ARG Either configFile is null or timeout is negative.
- RNG_FAILURE_E There was a failure initializing the rng.
Example
char* config = "path/to/config/example.conf";
int time = // Some sufficient timeout value;
if (wc_InitNetRandom(config, NULL, time) != 0)
{
// Some error occurred
}
function wc_FreeNetRandom
int wc_FreeNetRandom(
void
)
Free global Whitewood netRandom context.
Parameters:
- none No returns.
See: wc_InitNetRandom
Return:
- 0 Success
- BAD_MUTEX_E Error locking mutex on wnr_mutex
Example
int ret = wc_FreeNetRandom();
if(ret != 0)
{
// Handle the error
}
function wc_InitRng
int wc_InitRng(
WC_RNG * rng
)
Gets the seed (from OS) and key cipher for rng. rng->drbg (deterministic random bit generator) allocated (should be deallocated with wc_FreeRng). This is a blocking operation.
Parameters:
- rng random number generator to be initialized for use with a seed and key cipher
See:
- wc_InitRngCavium
- wc_RNG_GenerateBlock
- wc_RNG_GenerateByte
- wc_FreeRng
- wc_RNG_HealthTest
Return:
- 0 on success.
- MEMORY_E XMALLOC failed
- WINCRYPT_E wc_GenerateSeed: failed to acquire context
- CRYPTGEN_E wc_GenerateSeed: failed to get random
- BAD_FUNC_ARG wc_RNG_GenerateBlock input is null or sz exceeds MAX_REQUEST_LEN
- DRBG_CONT_FIPS_E wc_RNG_GenerateBlock: Hash_gen returned DRBG_CONT_FAILURE
- RNG_FAILURE_E wc_RNG_GenerateBlock: Default error. rng’s status originally not ok, or set to DRBG_FAILED
Example
RNG rng;
int ret;
#ifdef HAVE_CAVIUM
ret = wc_InitRngCavium(&rng, CAVIUM_DEV_ID);
if (ret != 0){
printf(“RNG Nitrox init for device: %d failed”, CAVIUM_DEV_ID);
return -1;
}
#endif
ret = wc_InitRng(&rng);
if (ret != 0){
printf(“RNG init failed”);
return -1;
}
function wc_RNG_GenerateBlock
int wc_RNG_GenerateBlock(
WC_RNG * rng,
byte * b,
word32 sz
)
Copies a sz bytes of pseudorandom data to output. Will reseed rng if needed (blocking).
Parameters:
- rng random number generator initialized with wc_InitRng
- output buffer to which the block is copied
- sz size of output in bytes
See:
- wc_InitRngCavium, wc_InitRng
- wc_RNG_GenerateByte
- wc_FreeRng
- wc_RNG_HealthTest
Return:
- 0 on success
- BAD_FUNC_ARG an input is null or sz exceeds MAX_REQUEST_LEN
- DRBG_CONT_FIPS_E Hash_gen returned DRBG_CONT_FAILURE
- RNG_FAILURE_E Default error. rng’s status originally not ok, or set to DRBG_FAILED
Example
RNG rng;
int sz = 32;
byte block[sz];
int ret = wc_InitRng(&rng);
if (ret != 0) {
return -1; //init of rng failed!
}
ret = wc_RNG_GenerateBlock(&rng, block, sz);
if (ret != 0) {
return -1; //generating block failed!
}
function wc_RNG_GenerateByte
int wc_RNG_GenerateByte(
WC_RNG * rng,
byte * b
)
Calls wc_RNG_GenerateBlock to copy a byte of pseudorandom data to b. Will reseed rng if needed.
Parameters:
- rng random number generator initialized with wc_InitRng
- b one byte buffer to which the block is copied
See:
- wc_InitRngCavium
- wc_InitRng
- wc_RNG_GenerateBlock
- wc_FreeRng
- wc_RNG_HealthTest
Return:
- 0 on success
- BAD_FUNC_ARG an input is null or sz exceeds MAX_REQUEST_LEN
- DRBG_CONT_FIPS_E Hash_gen returned DRBG_CONT_FAILURE
- RNG_FAILURE_E Default error. rng’s status originally not ok, or set to DRBG_FAILED
Example
RNG rng;
int sz = 32;
byte b[1];
int ret = wc_InitRng(&rng);
if (ret != 0) {
return -1; //init of rng failed!
}
ret = wc_RNG_GenerateByte(&rng, b);
if (ret != 0) {
return -1; //generating block failed!
}
function wc_FreeRng
int wc_FreeRng(
WC_RNG * rng
)
Should be called when RNG no longer needed in order to securely free drgb. Zeros and XFREEs rng-drbg.
Parameters:
- rng random number generator initialized with wc_InitRng
See:
- wc_InitRngCavium
- wc_InitRng
- wc_RNG_GenerateBlock
- wc_RNG_GenerateByte,
- wc_RNG_HealthTest
Return:
- 0 on success
- BAD_FUNC_ARG rng or rng->drgb null
- RNG_FAILURE_E Failed to deallocated drbg
Example
RNG rng;
int ret = wc_InitRng(&rng);
if (ret != 0) {
return -1; //init of rng failed!
}
int ret = wc_FreeRng(&rng);
if (ret != 0) {
return -1; //free of rng failed!
}
function wc_RNG_HealthTest
int wc_RNG_HealthTest(
int reseed,
const byte * seedA,
word32 seedASz,
const byte * seedB,
word32 seedBSz,
byte * output,
word32 outputSz
)
Creates and tests functionality of drbg.
Parameters:
- int reseed: if set, will test reseed functionality
- seedA seed to instantiate drgb with
- seedASz size of seedA in bytes
- seedB If reseed set, drbg will be reseeded with seedB
- seedBSz size of seedB in bytes
- output initialized to random data seeded with seedB if seedrandom is set, and seedA otherwise
- outputSz length of output in bytes
See:
- wc_InitRngCavium
- wc_InitRng
- wc_RNG_GenerateBlock
- wc_RNG_GenerateByte
- wc_FreeRng
Return:
- 0 on success
- BAD_FUNC_ARG seedA and output must not be null. If reseed set seedB must not be null
- -1 test failed
Example
byte output[SHA256_DIGEST_SIZE * 4];
const byte test1EntropyB[] = ....; // test input for reseed false
const byte test1Output[] = ....; // testvector: expected output of
// reseed false
ret = wc_RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0,
output, sizeof(output));
if (ret != 0)
return -1;//healthtest without reseed failed
if (XMEMCMP(test1Output, output, sizeof(output)) != 0)
return -1; //compare to testvector failed: unexpected output
const byte test2EntropyB[] = ....; // test input for reseed
const byte test2Output[] = ....; // testvector expected output of reseed
ret = wc_RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA),
test2EntropyB, sizeof(test2EntropyB),
output, sizeof(output));
if (XMEMCMP(test2Output, output, sizeof(output)) != 0)
return -1; //compare to testvector failed
function wc_GenerateSeed
int wc_GenerateSeed(
OS_Seed * os,
byte * output,
word32 sz
)
Generates seed from OS entropy source. Lower-level function used internally by wc_InitRng.
Parameters:
- os Pointer to OS_Seed structure
- output Buffer to store seed
- sz Size of seed in bytes
See: wc_InitRng
Return:
- 0 On success
- WINCRYPT_E Failed to acquire context (Windows)
- CRYPTGEN_E Failed to generate random (Windows)
- RNG_FAILURE_E Failed to read entropy
Example
OS_Seed os;
byte seed[32];
int ret = wc_GenerateSeed(&os, seed, sizeof(seed));
function wc_rng_new
WC_RNG * wc_rng_new(
byte * nonce,
word32 nonceSz,
void * heap
)
Allocates and initializes new WC_RNG with optional nonce.
Parameters:
- nonce Nonce buffer (can be NULL)
- nonceSz Nonce size
- heap Heap hint (can be NULL)
See: wc_rng_free
Return:
- Pointer to WC_RNG on success
- NULL on failure
Example
WC_RNG* rng = wc_rng_new(NULL, 0, NULL);
wc_rng_free(rng);
function wc_rng_new_ex
int wc_rng_new_ex(
WC_RNG ** rng,
byte * nonce,
word32 nonceSz,
void * heap,
int devId
)
Allocates and initializes WC_RNG with extended parameters.
Parameters:
- rng Pointer to store WC_RNG pointer
- nonce Nonce buffer (can be NULL)
- nonceSz Nonce size
- heap Heap hint (can be NULL)
- devId Device ID (INVALID_DEVID for software)
See: wc_rng_new
Return:
- 0 On success
- BAD_FUNC_ARG If rng is NULL
- MEMORY_E Memory allocation failed
Example
WC_RNG* rng;
int ret = wc_rng_new_ex(&rng, NULL, 0, NULL, INVALID_DEVID);
wc_rng_free(rng);
function wc_rng_free
void wc_rng_free(
WC_RNG * rng
)
Frees WC_RNG allocated with wc_rng_new.
Parameters:
- rng WC_RNG to free
See: wc_rng_new
Example
WC_RNG* rng = wc_rng_new(NULL, 0, NULL);
wc_rng_free(rng);
function wc_InitRng_ex
int wc_InitRng_ex(
WC_RNG * rng,
void * heap,
int devId
)
Initializes WC_RNG with extended parameters.
Parameters:
- rng WC_RNG to initialize
- heap Heap hint (can be NULL)
- devId Device ID (INVALID_DEVID for software)
See: wc_InitRng
Return:
- 0 On success
- BAD_FUNC_ARG If rng is NULL
- RNG_FAILURE_E Initialization failed
Example
WC_RNG rng;
int ret = wc_InitRng_ex(&rng, NULL, INVALID_DEVID);
wc_FreeRng(&rng);
function wc_InitRngNonce
int wc_InitRngNonce(
WC_RNG * rng,
byte * nonce,
word32 nonceSz
)
Initializes WC_RNG with nonce.
Parameters:
- rng WC_RNG to initialize
- nonce Nonce buffer
- nonceSz Nonce size
See: wc_InitRng
Return:
- 0 On success
- BAD_FUNC_ARG If rng is NULL
- RNG_FAILURE_E Initialization failed
Example
WC_RNG rng;
byte nonce[16];
int ret = wc_InitRngNonce(&rng, nonce, sizeof(nonce));
wc_FreeRng(&rng);
function wc_InitRngNonce_ex
int wc_InitRngNonce_ex(
WC_RNG * rng,
byte * nonce,
word32 nonceSz,
void * heap,
int devId
)
Initializes WC_RNG with nonce and extended parameters.
Parameters:
- rng WC_RNG to initialize
- nonce Nonce buffer
- nonceSz Nonce size
- heap Heap hint (can be NULL)
- devId Device ID (INVALID_DEVID for software)
See: wc_InitRngNonce
Return:
- 0 On success
- BAD_FUNC_ARG If rng is NULL
- RNG_FAILURE_E Initialization failed
Example
WC_RNG rng;
byte nonce[16];
int ret = wc_InitRngNonce_ex(&rng, nonce, sizeof(nonce), NULL,
INVALID_DEVID);
wc_FreeRng(&rng);
function wc_SetSeed_Cb
int wc_SetSeed_Cb(
wc_RngSeed_Cb cb
)
Sets callback for custom seed generation.
Parameters:
- cb Seed callback function
See: wc_GenerateSeed
Return:
- 0 On success
- BAD_FUNC_ARG If cb is NULL
Example
int my_cb(OS_Seed* os, byte* out, word32 sz) { return 0; }
wc_SetSeed_Cb(my_cb);
function wc_RNG_DRBG_Reseed
int wc_RNG_DRBG_Reseed(
WC_RNG * rng,
const byte * seed,
word32 seedSz
)
Reseeds DRBG with new entropy.
Parameters:
- rng WC_RNG to reseed
- seed Seed buffer
- seedSz Seed size
See: wc_InitRng
Return:
- 0 On success
- BAD_FUNC_ARG If rng or seed is NULL
- RNG_FAILURE_E Reseed failed
Example
WC_RNG rng;
byte seed[32];
wc_InitRng(&rng);
int ret = wc_RNG_DRBG_Reseed(&rng, seed, sizeof(seed));
function wc_RNG_TestSeed
int wc_RNG_TestSeed(
const byte * seed,
word32 seedSz
)
Tests seed validity for DRBG.
Parameters:
- seed Seed to test
- seedSz Seed size
See: wc_InitRng
Return:
- 0 If valid
- BAD_FUNC_ARG If seed is NULL
- ENTROPY_RT_E || ENTROPY_APT_E Validation failed
Example
byte seed[32];
int ret = wc_RNG_TestSeed(seed, sizeof(seed));
function wc_RNG_HealthTest_ex
int wc_RNG_HealthTest_ex(
int reseed,
const byte * nonce,
word32 nonceSz,
const byte * seedA,
word32 seedASz,
const byte * seedB,
word32 seedBSz,
byte * output,
word32 outputSz,
void * heap,
int devId
)
RNG health test with extended parameters.
Parameters:
- reseed Non-zero to test reseeding
- nonce Nonce buffer (can be NULL)
- nonceSz Nonce size
- seedA Initial seed
- seedASz Initial seed size
- seedB Reseed buffer (required if reseed set)
- seedBSz Reseed size
- output Output buffer
- outputSz Output size
- heap Heap hint (can be NULL)
- devId Device ID (INVALID_DEVID for software)
See: wc_RNG_HealthTest
Return:
- 0 On success
- BAD_FUNC_ARG If required params NULL
- -1 Test failed
Example
byte seedA[32], seedB[32], out[64];
int ret = wc_RNG_HealthTest_ex(1, NULL, 0, seedA, 32, seedB, 32,
out, 64, NULL, INVALID_DEVID);
function wc_Entropy_GetRawEntropy
int wc_Entropy_GetRawEntropy(
unsigned char * raw,
int cnt
)
Gets raw entropy without DRBG processing.
Parameters:
- raw Buffer for entropy
- cnt Bytes to retrieve
See: wc_Entropy_Get
Return:
- 0 On success
- BAD_FUNC_ARG If raw is NULL
- RNG_FAILURE_E Failed
Example
byte raw[32];
int ret = wc_Entropy_GetRawEntropy(raw, sizeof(raw));
function wc_Entropy_Get
int wc_Entropy_Get(
int bits,
unsigned char * entropy,
word32 len
)
Gets processed entropy with specified bits.
Parameters:
- bits Entropy bits required
- entropy Buffer for entropy
- len Buffer size
Return:
- 0 On success
- BAD_FUNC_ARG If entropy is NULL
- RNG_FAILURE_E Failed
Example
byte entropy[32];
int ret = wc_Entropy_Get(256, entropy, sizeof(entropy));
function wc_Entropy_OnDemandTest
int wc_Entropy_OnDemandTest(
void
)
Tests entropy source on demand.
See: wc_Entropy_Get
Return:
- 0 On success
- RNG_FAILURE_E Test failed
Example
int ret = wc_Entropy_OnDemandTest();
function wc_RNG_HealthTest_SHA512
int wc_RNG_HealthTest_SHA512(
int reseed,
const byte * seedA,
word32 seedASz,
const byte * seedB,
word32 seedBSz,
byte * output,
word32 outputSz
)
Runs the SHA-512 Hash_DRBG Known Answer Test (KAT) per SP 800-90A. Instantiates a SHA-512 DRBG with seedA, optionally reseeds with seedB, generates output, and compares against known test vectors. Available when WOLFSSL_DRBG_SHA512 is defined.
Parameters:
- reseed Non-zero to test reseeding
- seedA Initial entropy seed
- seedASz Size of seedA in bytes
- seedB Reseed entropy (required if reseed is set)
- seedBSz Size of seedB in bytes
- output Buffer to receive generated output
- outputSz Size of output in bytes
See:
Return:
- 0 On success
- BAD_FUNC_ARG If seedA or output is NULL, or if reseed is set and seedB is NULL
- -1 Test failed
Example
byte output[WC_SHA512_DIGEST_SIZE * 4];
const byte seedA[] = { ... };
const byte seedB[] = { ... };
ret = wc_RNG_HealthTest_SHA512(0, seedA, sizeof(seedA), NULL, 0,
output, sizeof(output));
if (ret != 0)
return -1;
ret = wc_RNG_HealthTest_SHA512(1, seedA, sizeof(seedA),
seedB, sizeof(seedB),
output, sizeof(output));
if (ret != 0)
return -1;
function wc_RNG_HealthTest_SHA512_ex
int wc_RNG_HealthTest_SHA512_ex(
int reseed,
const byte * nonce,
word32 nonceSz,
const byte * persoString,
word32 persoStringSz,
const byte * seedA,
word32 seedASz,
const byte * seedB,
word32 seedBSz,
const byte * additionalA,
word32 additionalASz,
const byte * additionalB,
word32 additionalBSz,
byte * output,
word32 outputSz,
void * heap,
int devId
)
Extended SHA-512 Hash_DRBG health test with nonce, personalization string, and additional input support. Suitable for full ACVP / CAVP test vector validation. Available when WOLFSSL_DRBG_SHA512 is defined.
Parameters:
- reseed Non-zero to test reseeding
- nonce Nonce buffer (can be NULL)
- nonceSz Nonce size
- persoString Personalization string (can be NULL)
- persoStringSz Personalization string size
- seedA Initial entropy seed
- seedASz Initial seed size
- seedB Reseed entropy (required if reseed is set)
- seedBSz Reseed size
- additionalA Additional input for first generate (can be NULL)
- additionalASz Additional input A size
- additionalB Additional input for second generate (can be NULL)
- additionalBSz Additional input B size
- output Output buffer
- outputSz Output size
- heap Heap hint (can be NULL)
- devId Device ID (INVALID_DEVID for software)
See:
Return:
- 0 On success
- BAD_FUNC_ARG If required params are NULL
- -1 Test failed
Example
byte output[WC_SHA512_DIGEST_SIZE * 4];
const byte seedA[] = { ... };
const byte nonce[] = { ... };
int ret = wc_RNG_HealthTest_SHA512_ex(0, nonce, sizeof(nonce),
NULL, 0,
seedA, sizeof(seedA),
NULL, 0,
NULL, 0, NULL, 0,
output, sizeof(output),
NULL, INVALID_DEVID);
function wc_Sha256Drbg_Disable
int wc_Sha256Drbg_Disable(
void
)
Disables the SHA-256 Hash_DRBG at runtime. When disabled, newly initialized WC_RNG instances will not use the SHA-256 DRBG. If the SHA-512 DRBG is enabled (WOLFSSL_DRBG_SHA512), new RNG instances will use SHA-512 instead. Requires HAVE_HASHDRBG.
See:
Return: 0 On success
Example
wc_Sha256Drbg_Disable();
// New WC_RNG instances will now use SHA-512 DRBG if available
WC_RNG rng;
wc_InitRng(&rng);
function wc_Sha256Drbg_Enable
int wc_Sha256Drbg_Enable(
void
)
Re-enables the SHA-256 Hash_DRBG at runtime after a prior call to wc_Sha256Drbg_Disable(). Requires HAVE_HASHDRBG.
See:
Return: 0 On success
Example
wc_Sha256Drbg_Disable();
// ... use SHA-512 DRBG only ...
wc_Sha256Drbg_Enable();
// New WC_RNG instances can use SHA-256 DRBG again
function wc_Sha256Drbg_IsDisabled
int wc_Sha256Drbg_IsDisabled(
void
)
Returns whether the SHA-256 Hash_DRBG is currently disabled. Requires HAVE_HASHDRBG.
See:
Return:
- 1 SHA-256 DRBG is disabled
- 0 SHA-256 DRBG is enabled (not disabled)
Example
if (wc_Sha256Drbg_IsDisabled()) {
printf("SHA-256 DRBG is off\n");
}
function wc_Sha512Drbg_Disable
int wc_Sha512Drbg_Disable(
void
)
Disables the SHA-512 Hash_DRBG at runtime. When disabled, newly initialized WC_RNG instances will not use the SHA-512 DRBG. If the SHA-256 DRBG is still enabled, new RNG instances will fall back to SHA-256. Available when WOLFSSL_DRBG_SHA512 is defined. Requires HAVE_HASHDRBG.
See:
Return: 0 On success
Example
wc_Sha512Drbg_Disable();
// New WC_RNG instances will now use SHA-256 DRBG
WC_RNG rng;
wc_InitRng(&rng);
function wc_Sha512Drbg_Enable
int wc_Sha512Drbg_Enable(
void
)
Re-enables the SHA-512 Hash_DRBG at runtime after a prior call to wc_Sha512Drbg_Disable(). Available when WOLFSSL_DRBG_SHA512 is defined. Requires HAVE_HASHDRBG.
See:
Return: 0 On success
Example
wc_Sha512Drbg_Disable();
// ... use SHA-256 DRBG only ...
wc_Sha512Drbg_Enable();
// New WC_RNG instances can use SHA-512 DRBG again
function wc_Sha512Drbg_IsDisabled
int wc_Sha512Drbg_IsDisabled(
void
)
Returns whether the SHA-512 Hash_DRBG is currently disabled. Available when WOLFSSL_DRBG_SHA512 is defined. Requires HAVE_HASHDRBG.
See:
Return:
- 1 SHA-512 DRBG is disabled
- 0 SHA-512 DRBG is enabled (not disabled)
Example
if (wc_Sha512Drbg_IsDisabled()) {
printf("SHA-512 DRBG is off\n");
}
Updated on 2026-04-30 at 01:12:40 +0000