diff --git a/wolfcrypt/src/cryptodev.c b/wolfcrypt/src/cryptodev.c
index 6471e2089..af3e3b38c 100644
--- a/wolfcrypt/src/cryptodev.c
+++ b/wolfcrypt/src/cryptodev.c
@@ -444,4 +444,29 @@ int wc_CryptoDev_Sha256Hash(wc_Sha256* sha256, const byte* in,
 }
 #endif /* !NO_SHA256 */
 
+#ifndef WC_NO_RNG
+int wc_CryptoDev_RandomBlock(WC_RNG* rng, byte* out, word32 sz)
+{
+    int ret = NOT_COMPILED_IN;
+    CryptoDev* dev;
+
+    /* locate registered callback */
+    dev = wc_CryptoDev_FindDevice(rng->devId);
+    if (dev) {
+        if (dev->cb) {
+            wc_CryptoInfo cryptoInfo;
+            XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+            cryptoInfo.algo_type = WC_ALGO_TYPE_RNG;
+            cryptoInfo.rng.rng = rng;
+            cryptoInfo.rng.out = out;
+            cryptoInfo.rng.sz = sz;
+
+            ret = dev->cb(rng->devId, &cryptoInfo, dev->ctx);
+        }
+    }
+
+    return ret;
+}
+#endif /* !WC_NO_RNG */
+
 #endif /* WOLF_CRYPTO_DEV */
diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index 55fea97d1..a7b872a82 100755
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -104,6 +104,10 @@ int wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
 
 #include <wolfssl/wolfcrypt/sha256.h>
 
+#ifdef WOLF_CRYPTO_DEV
+    #include <wolfssl/wolfcrypt/cryptodev.h>
+#endif
+
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -272,7 +276,7 @@ typedef struct DRBG {
     word32 lastBlock;
     byte V[DRBG_SEED_LEN];
     byte C[DRBG_SEED_LEN];
-#ifdef WOLFSSL_ASYNC_CRYPT
+#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_DEV)
     void* heap;
     int devId;
 #endif
@@ -321,7 +325,7 @@ static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type,
 
     for (i = 0, ctr = 1; i < len; i++, ctr++) {
 #ifndef WOLFSSL_SMALL_STACK_CACHE
-    #ifdef WOLFSSL_ASYNC_CRYPT
+    #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_DEV)
         ret = wc_InitSha256_ex(sha, drbg->heap, drbg->devId);
     #else
         ret = wc_InitSha256(sha);
@@ -449,7 +453,7 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
     XMEMCPY(data, V, sizeof(data));
     for (i = 0; i < len; i++) {
 #ifndef WOLFSSL_SMALL_STACK_CACHE
-    #ifdef WOLFSSL_ASYNC_CRYPT
+    #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_DEV)
         ret = wc_InitSha256_ex(sha, drbg->heap, drbg->devId);
     #else
         ret = wc_InitSha256(sha);
@@ -552,7 +556,7 @@ static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz)
         ret = Hash_gen(drbg, out, outSz, drbg->V);
         if (ret == DRBG_SUCCESS) {
 #ifndef WOLFSSL_SMALL_STACK_CACHE
-        #ifdef WOLFSSL_ASYNC_CRYPT
+        #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_DEV)
             ret = wc_InitSha256_ex(sha, drbg->heap, drbg->devId);
         #else
             ret = wc_InitSha256(sha);
@@ -598,7 +602,7 @@ static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz,
     int ret = DRBG_FAILURE;
 
     XMEMSET(drbg, 0, sizeof(DRBG));
-#ifdef WOLFSSL_ASYNC_CRYPT
+#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_DEV)
     drbg->heap = heap;
     drbg->devId = devId;
 #else
@@ -607,7 +611,7 @@ static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz,
 #endif
 
 #ifdef WOLFSSL_SMALL_STACK_CACHE
-    #ifdef WOLFSSL_ASYNC_CRYPT
+    #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_DEV)
         ret = wc_InitSha256_ex(&drbg->sha256, drbg->heap, drbg->devId);
     #else
         ret = wc_InitSha256(&drbg->sha256);
@@ -697,7 +701,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
 #else
     rng->heap = heap;
 #endif
-#ifdef WOLFSSL_ASYNC_CRYPT
+#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_DEV)
     rng->devId = devId;
 #else
     (void)devId;
@@ -827,6 +831,14 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
     if (rng == NULL || output == NULL)
         return BAD_FUNC_ARG;
 
+#ifdef WOLF_CRYPTO_DEV
+    if (rng->devId != INVALID_DEVID) {
+        ret = wc_CryptoDev_RandomBlock(rng, output, sz);
+        if (ret != NOT_COMPILED_IN)
+            return ret;
+    }
+#endif
+
 #ifdef HAVE_INTEL_RDRAND
     if (IS_INTEL_RDRAND(intel_flags))
         return wc_GenerateRand_IntelRD(NULL, output, sz);
@@ -2063,19 +2075,19 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 #elif defined(WOLFSSL_ESPIDF)
     #if defined(WOLFSSL_ESPWROOM32)
         #include <esp_system.h>
-        
+
         int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         {
             int i;
-            
+
             for (i = 0; i< sz; i++) {
                output[i] =  esp_random( );
             }
-        
+
             return 0;
         }
     #endif /* end WOLFSSL_ESPWROOM32 */
- 
+
 #elif defined(CUSTOM_RAND_GENERATE_BLOCK)
     /* #define CUSTOM_RAND_GENERATE_BLOCK myRngFunc
      * extern int myRngFunc(byte* output, word32 sz);
diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
index 95153a499..548b2f0b7 100644
--- a/wolfcrypt/src/sha256.c
+++ b/wolfcrypt/src/sha256.c
@@ -527,6 +527,9 @@ static int InitSha256(wc_Sha256* sha256)
             return BAD_FUNC_ARG;
 
         sha256->heap = heap;
+    #ifdef WOLF_CRYPTO_DEV
+        sha256->devId = devId;
+    #endif
 
         ret = InitSha256(sha256);
         if (ret != 0)
@@ -682,22 +685,6 @@ static int InitSha256(wc_Sha256* sha256)
             return 0;
         }
 
-    #ifdef WOLF_CRYPTO_DEV
-        if (sha256->devId != INVALID_DEVID) {
-            ret = wc_CryptoDev_Sha256Hash(sha256, data, len, NULL);
-            if (ret != NOT_COMPILED_IN)
-                return ret;
-            ret = 0; /* reset error code and try using software */
-        }
-    #endif
-    #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256)
-        if (sha256->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA256) {
-        #if defined(HAVE_INTEL_QA)
-            return IntelQaSymSha256(&sha256->asyncDev, NULL, data, len);
-        #endif
-        }
-    #endif /* WOLFSSL_ASYNC_CRYPT */
-
         /* do block size increments */
         local = (byte*)sha256->buffer;
 
@@ -822,6 +809,30 @@ static int InitSha256(wc_Sha256* sha256)
 
     int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
     {
+        if (sha256 == NULL || (data == NULL && len > 0)) {
+            return BAD_FUNC_ARG;
+        }
+
+        if (data == NULL && len == 0) {
+            /* valid, but do nothing */
+            return 0;
+        }
+
+    #ifdef WOLF_CRYPTO_DEV
+        if (sha256->devId != INVALID_DEVID) {
+            int ret = wc_CryptoDev_Sha256Hash(sha256, data, len, NULL);
+            if (ret != NOT_COMPILED_IN)
+                return ret;
+        }
+    #endif
+    #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256)
+        if (sha256->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA256) {
+        #if defined(HAVE_INTEL_QA)
+            return IntelQaSymSha256(&sha256->asyncDev, NULL, data, len);
+        #endif
+        }
+    #endif /* WOLFSSL_ASYNC_CRYPT */
+
         return Sha256Update(sha256, data, len);
     }
 
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 4b33511c6..91d75f5b3 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -22825,7 +22825,19 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
     if (info == NULL)
         return BAD_FUNC_ARG;
 
-    if (info->algo_type == WC_ALGO_TYPE_PK) {
+    if (info->algo_type == WC_ALGO_TYPE_RNG) {
+    #ifndef WC_NO_RNG
+        /* set devId to invalid, so software is used */
+        info->rng.rng->devId = INVALID_DEVID;
+
+        ret = wc_RNG_GenerateBlock(info->rng.rng,
+            info->rng.out, info->rng.sz);
+
+        /* reset devId */
+        info->rng.rng->devId = devIdArg;
+    #endif
+    }
+    else if (info->algo_type == WC_ALGO_TYPE_PK) {
     #ifdef DEBUG_WOLFSSL
         printf("CryptoDevCb: Pk Type %d\n", info->pk.type);
     #endif
@@ -23059,6 +23071,10 @@ int cryptodev_test(void)
     devId = 1;
     ret = wc_CryptoDev_RegisterDevice(devId, myCryptoDevCb, &myCtx);
 
+#ifndef WC_NO_RNG
+    if (ret == 0)
+        ret = random_test();
+#endif /* WC_NO_RNG */
 #ifndef NO_RSA
     if (ret == 0)
         ret = rsa_test();
diff --git a/wolfssl/wolfcrypt/cryptodev.h b/wolfssl/wolfcrypt/cryptodev.h
index e6e01803b..993b1cf8a 100644
--- a/wolfssl/wolfcrypt/cryptodev.h
+++ b/wolfssl/wolfcrypt/cryptodev.h
@@ -44,6 +44,9 @@
 #ifndef NO_SHA256
     #include <wolfssl/wolfcrypt/sha256.h>
 #endif
+#ifndef WC_NO_RNG
+    #include <wolfssl/wolfcrypt/random.h>
+#endif
 
 /* Crypto Information Structure for callbacks */
 typedef struct wc_CryptoInfo {
@@ -166,16 +169,24 @@ typedef struct wc_CryptoInfo {
         };
     } hash;
 #endif /* !NO_SHA || !NO_SHA256 */
+#ifndef WC_NO_RNG
+    struct {
+        WC_RNG* rng;
+        byte* out;
+        word32 sz;
+    } rng;
+#endif
 } wc_CryptoInfo;
 
 typedef int (*CryptoDevCallbackFunc)(int devId, wc_CryptoInfo* info, void* ctx);
 
+
+
 WOLFSSL_LOCAL void wc_CryptoDev_Init(void);
 
 WOLFSSL_API int  wc_CryptoDev_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx);
 WOLFSSL_API void wc_CryptoDev_UnRegisterDevice(int devId);
 
-
 #ifndef NO_RSA
 WOLFSSL_LOCAL int wc_CryptoDev_Rsa(const byte* in, word32 inLen, byte* out,
     word32* outLen, int type, RsaKey* key, WC_RNG* rng);
@@ -229,6 +240,10 @@ WOLFSSL_LOCAL int wc_CryptoDev_Sha256Hash(wc_Sha256* sha256, const byte* in,
     word32 inSz, byte* digest);
 #endif /* !NO_SHA256 */
 
+#ifndef WC_NO_RNG
+WOLFSSL_LOCAL int wc_CryptoDev_RandomBlock(WC_RNG* rng, byte* out, word32 sz);
+#endif
+
 #endif /* WOLF_CRYPTO_DEV */
 
 #ifdef __cplusplus
diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h
index 03c638e4c..f661dffa2 100644
--- a/wolfssl/wolfcrypt/random.h
+++ b/wolfssl/wolfcrypt/random.h
@@ -157,6 +157,8 @@ struct WC_RNG {
 #endif
 #ifdef WOLFSSL_ASYNC_CRYPT
     WC_ASYNC_DEV asyncDev;
+#endif
+#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_DEV)
     int devId;
 #endif
 };
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index 0d8a6a628..1d1ad9596 100644
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -522,8 +522,9 @@
         WC_ALGO_TYPE_HASH = 1,
         WC_ALGO_TYPE_CIPHER = 2,
         WC_ALGO_TYPE_PK = 3,
+        WC_ALGO_TYPE_RNG = 4,
 
-        WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_PK
+        WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_RNG
     };
 
     /* hash types */