diff --git a/tests/api.c b/tests/api.c index ab110ed65..93e53f84e 100644 --- a/tests/api.c +++ b/tests/api.c @@ -10742,7 +10742,6 @@ void ApiTest(void) AssertIntEQ(test_wc_DsaKeyToDer(), 0); #ifdef HAVE_HASHDRBG - AssertIntEQ(WC_RESEED_INTERVAL, 1000000); AssertIntEQ(test_wc_RNG_GenerateBlock(), 0); #endif printf(" End API Tests\n"); diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 6d20d96ab..3a000e132 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -408,13 +408,17 @@ static INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen) /* Returns: DRBG_SUCCESS, DRBG_NEED_RESEED, or DRBG_FAILURE */ static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz) { - int ret = DRBG_NEED_RESEED; + int ret; Sha256 sha; - DECLARE_VAR(digest, byte, SHA256_DIGEST_SIZE, drbg->heap); + byte type; + word32 reseedCtr; - if (drbg->reseedCtr != RESEED_INTERVAL) { - byte type = drbgGenerateH; - word32 reseedCtr = drbg->reseedCtr; + if (drbg->reseedCtr == RESEED_INTERVAL) { + return DRBG_NEED_RESEED; + } else { + DECLARE_VAR(digest, byte, SHA256_DIGEST_SIZE, drbg->heap); + type = drbgGenerateH; + reseedCtr = drbg->reseedCtr; ret = Hash_gen(drbg, out, outSz, drbg->V); if (ret == DRBG_SUCCESS) { @@ -444,13 +448,9 @@ static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz) } drbg->reseedCtr++; } + ForceZero(digest, SHA256_DIGEST_SIZE); + FREE_VAR(digest, drbg->heap); } - ForceZero(digest, SHA256_DIGEST_SIZE); - - FREE_VAR(digest, drbg->heap); - - if (ret == DRBG_NEED_RESEED) - return ret; return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE; } diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h index b012c6bf8..13afbafb5 100644 --- a/wolfssl/wolfcrypt/random.h +++ b/wolfssl/wolfcrypt/random.h @@ -60,7 +60,9 @@ #if !defined(WC_NO_HASHDRBG) || !defined(CUSTOM_RAND_GENERATE_BLOCK) #undef HAVE_HASHDRBG #define HAVE_HASHDRBG - #define WC_RESEED_INTERVAL (1000000) + #ifndef WC_RESEED_INTERVAL + #define WC_RESEED_INTERVAL (1000000) + #endif #endif