Improved solution

tests/api.c

@@ -10742,7 +10742,6 @@ void ApiTest(void)
     AssertIntEQ(test_wc_DsaKeyToDer(), 0);
 
 #ifdef HAVE_HASHDRBG
-    AssertIntEQ(WC_RESEED_INTERVAL, 1000000);
     AssertIntEQ(test_wc_RNG_GenerateBlock(), 0);
 #endif
     printf(" End API Tests\n");

wolfcrypt/src/random.c

@@ -408,13 +408,17 @@ static INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen)
 /* Returns: DRBG_SUCCESS, DRBG_NEED_RESEED, or DRBG_FAILURE */
 static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz)
 {
-    int ret = DRBG_NEED_RESEED;
+    int ret;
     Sha256 sha;
-    DECLARE_VAR(digest, byte, SHA256_DIGEST_SIZE, drbg->heap);
+    byte type;
+    word32 reseedCtr;
 
-    if (drbg->reseedCtr != RESEED_INTERVAL) {
+    if (drbg->reseedCtr == RESEED_INTERVAL) {
-        byte type = drbgGenerateH;
+        return DRBG_NEED_RESEED;
-        word32 reseedCtr = drbg->reseedCtr;
+    } else {
+        DECLARE_VAR(digest, byte, SHA256_DIGEST_SIZE, drbg->heap);
+        type = drbgGenerateH;
+        reseedCtr = drbg->reseedCtr;
 
         ret = Hash_gen(drbg, out, outSz, drbg->V);
         if (ret == DRBG_SUCCESS) {
@@ -444,13 +448,9 @@ static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz)
             }
             drbg->reseedCtr++;
         }
+        ForceZero(digest, SHA256_DIGEST_SIZE);
+        FREE_VAR(digest, drbg->heap);
     }
-    ForceZero(digest, SHA256_DIGEST_SIZE);
-
-    FREE_VAR(digest, drbg->heap);
-
-    if (ret == DRBG_NEED_RESEED)
-        return ret;
 
     return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
 }

wolfssl/wolfcrypt/random.h

@@ -60,7 +60,9 @@
 #if !defined(WC_NO_HASHDRBG) || !defined(CUSTOM_RAND_GENERATE_BLOCK)
     #undef  HAVE_HASHDRBG
     #define HAVE_HASHDRBG
-    #define WC_RESEED_INTERVAL (1000000)
+    #ifndef WC_RESEED_INTERVAL
+        #define WC_RESEED_INTERVAL (1000000)
+    #endif
 #endif