wolfcrypt/src/random.c: in Hash_DRBG_Generate(), gate the verbose reseed message on DEBUG_WOLFSSL or DEBUG_DRBG_RESEEDS, use WOLFSSL_MSG_EX(), and refactor the condition from drbg->reseedCtr == RESEED_INTERVAL to drbg->reseedCtr >= WC_RESEED_INTERVAL.

also some unrelated cleanup in .wolfssl_known_macro_extras.

.wolfssl_known_macro_extras

@@ -305,8 +305,8 @@ MAXQ10XX_PRODUCTION_KEY
 MAXQ_EXPORT_TLS_KEYS
 MAXQ_SHA1
 MAXSEG_64K
-MAX_WOLFSSL_FILE_SIZE
 MAX_OID_SZ
+MAX_WOLFSSL_FILE_SIZE
 MDK_CONF_BARE_METAL
 MDK_CONF_FS
 MDK_CONF_RTX_TCP_FS
@@ -612,7 +612,6 @@ WOLFSSL_ALGO_HW_MUTEX
 WOLFSSL_ALLOW_CRIT_AIA
 WOLFSSL_ALLOW_CRIT_AKID
 WOLFSSL_ALLOW_CRIT_SKID
-WOLFSSL_ALLOW_ENCODING_CA_FALSE
 WOLFSSL_ALLOW_MAX_FRAGMENT_ADJUST
 WOLFSSL_ALLOW_NO_CN_IN_SAN
 WOLFSSL_ALLOW_NO_SUITES
@@ -872,7 +871,6 @@ WOLFSSL_USE_OPTIONS_H
 WOLFSSL_USE_POPEN_HOST
 WOLFSSL_VALIDATE_DH_KEYGEN
 WOLFSSL_WC_LMS_SERIALIZE_STATE
-WOLFSSL_WC_MLKEM
 WOLFSSL_WC_XMSS_NO_SHA256
 WOLFSSL_WC_XMSS_NO_SHAKE256
 WOLFSSL_WICED_PSEUDO_UNIX_EPOCH_TIME

wolfcrypt/src/random.c

@@ -232,7 +232,6 @@ This library contains implementation for the random number generator.
 
 #define OUTPUT_BLOCK_LEN  (WC_SHA256_DIGEST_SIZE)
 #define MAX_REQUEST_LEN   (0x10000)
-#define RESEED_INTERVAL   WC_RESEED_INTERVAL
 
 
 /* The security strength for the RNG is the target number of bits of
@@ -645,10 +644,11 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz)
         return DRBG_FAILURE;
     }
 
-    if (drbg->reseedCtr == RESEED_INTERVAL) {
+    if (drbg->reseedCtr >= WC_RESEED_INTERVAL) {
-#if FIPS_VERSION3_GE(6,0,0)
+    #if defined(DEBUG_WOLFSSL) || defined(DEBUG_DRBG_RESEEDS)
-        printf("Reseed triggered\n");
+        printf("DRBG reseed triggered, reseedCtr == %lu",
-#endif
+               (unsigned long)drbg->reseedCtr);
+    #endif
         return DRBG_NEED_RESEED;
     }
     else {