Update section 2.7 Random Seed with comprehensive documentation

[devin-ai-integration]

Update section 2.7 Random Seed with comprehensive documentation

Summary

Significantly expanded section 2.7 "Random Seed" in the wolfSSL-Porting guide from 9 lines to 220+ lines of comprehensive documentation. The update provides detailed guidance for developers porting wolfSSL to new platforms who need to customize random number generation and entropy sources.

Key additions:

• Overview of the FIPS-certified Hash_DRBG (SHA-256 based, NIST SP 800-90A compliant)
• Detailed explanation of default entropy sources (hardware RNG, /dev/urandom, /dev/random, getrandom())
• Documentation for NO_DEV_RANDOM and NO_DEV_URANDOM configuration
• Complete guide to disabling DRBG with WC_NO_HASHDRBG and CUSTOM_RAND_GENERATE_BLOCK
• Four custom seed generation methods with code examples:
  1. CUSTOM_RAND_GENERATE_SEED - Direct seed function
  2. CUSTOM_RAND_GENERATE - Iterative random value function
  3. wc_SetSeed_Cb() - Runtime callback mechanism
  4. Crypto callbacks with WC_ALGO_TYPE_SEED - HSM/TPM integration
• Testing guidance with WOLFSSL_GENSEED_FORTEST (with clear production warnings)
• Summary table of all configuration options
• Best practice recommendations
• References to wolfSSL and wolfssl-examples code locations

PR feedback addressed:

• Removed all line number references to improve maintainability as codebase evolves
• Changed all code example comments from // to /* */ style to match wolfSSL coding conventions
• Fixed min() usage in crypto callback example (replaced with ternary operator for portability)
• Fixed typo: "directoriesc." → "directories"

Review & Testing Checklist for Human

• Verify technical accuracy of DRBG description - Confirm the Hash_DRBG implementation details, NIST SP 800-90A compliance claims, and SHA-256 usage are accurate. The "FIPS-certified" claim should be verified as this is a sensitive statement.
• Check code examples compile and work - Test the code examples for CUSTOM_RAND_GENERATE, wc_SetSeed_Cb(), and crypto callbacks to ensure they're syntactically correct and functionally accurate. I sourced these from the wolfssl codebase but couldn't test them.
• Validate configuration option interactions - Ensure the documented relationships between options (e.g., WC_NO_HASHDRBG requiring CUSTOM_RAND_GENERATE_BLOCK) are correct and complete.
• Verify file/function references - Confirm that references to ./wolfcrypt/src/random.c, wolfssl-examples/tls/cryptocb-common.c, and other files are accurate and helpful without line numbers.

Notes

• This is documentation-only; no code changes to wolfSSL itself
• All information was researched from the wolfSSL and wolfssl-examples repositories
• Line numbers were intentionally removed per reviewer feedback to improve maintainability
• The crypto callback example was updated to use a ternary operator instead of min() for portability

Requested by: David Garske (david@wolfssl.com)
Session: https://app.devin.ai/sessions/67b4aa827513458d874e0c957cdd223a

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring