diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 215141d39..79fa72416 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -207,7 +207,7 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) #endif key->data = NULL; key->dataLen = 0; -#ifdef WC_RSA_BLINDING +#ifndef WC_NO_RNG key->rng = NULL; #endif @@ -705,10 +705,9 @@ static int _ifc_pairwise_consistency_test(RsaKey* key, WC_RNG* rng) int wc_CheckRsaKey(RsaKey* key) { -#ifdef WOLFSSL_SMALL_STACK WC_RNG *rng = NULL; -#else - WC_RNG rng[1]; +#ifndef WOLFSSL_SMALL_STACK + WC_RNG rng_buf; #endif int ret = 0; DECL_MP_INT_SIZE_DYN(tmp, (key)? mp_bitsused(&key->n) : 0, RSA_MAX_SIZE); @@ -724,21 +723,34 @@ int wc_CheckRsaKey(RsaKey* key) } #endif -#ifdef WOLFSSL_SMALL_STACK - rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); - if (rng == NULL) { - return MEMORY_E; - } -#endif NEW_MP_INT_SIZE(tmp, mp_bitsused(&key->n), NULL, DYNAMIC_TYPE_RSA); #ifdef MP_INT_SIZE_CHECK_NULL if (tmp == NULL) { - XFREE(rng, NULL, DYNAMIC_TYPE_RNG); return MEMORY_E; } #endif - ret = wc_InitRng(rng); + if (key->rng) + rng = key->rng; + else { +#ifndef WOLFSSL_SMALL_STACK + rng = &rng_buf; +#else + rng = (WC_RNG *)XMALLOC(sizeof(*rng), NULL, DYNAMIC_TYPE_RNG); + if (rng == NULL) { + FREE_MP_INT_SIZE(tmp, NULL, DYNAMIC_TYPE_RSA); + return MEMORY_E; + } +#endif + ret = wc_InitRng(rng); + if (ret != 0) { +#ifdef WOLFSSL_SMALL_STACK + XFREE(rng, NULL, DYNAMIC_TYPE_RNG); + FREE_MP_INT_SIZE(tmp, NULL, DYNAMIC_TYPE_RSA); +#endif + return ret; + } + } SAVE_VECTOR_REGISTERS(ret = _svr_ret;); @@ -856,11 +868,14 @@ int wc_CheckRsaKey(RsaKey* key) RESTORE_VECTOR_REGISTERS(); - wc_FreeRng(rng); - FREE_MP_INT_SIZE(tmp, NULL, DYNAMIC_TYPE_RSA); + if ((rng != NULL) && (rng != key->rng)) { + wc_FreeRng(rng); #ifdef WOLFSSL_SMALL_STACK - XFREE(rng, NULL, DYNAMIC_TYPE_RNG); -#elif defined(WOLFSSL_CHECK_MEM_ZERO) + XFREE(rng, NULL, DYNAMIC_TYPE_RNG); +#endif + } + FREE_MP_INT_SIZE(tmp, NULL, DYNAMIC_TYPE_RSA); +#ifdef WOLFSSL_CHECK_MEM_ZERO mp_memzero_check(tmp); #endif @@ -5197,7 +5212,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) #endif /* WOLFSSL_KEY_GEN */ -#ifdef WC_RSA_BLINDING +#ifndef WC_NO_RNG int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng) { if (key == NULL || rng == NULL) @@ -5207,7 +5222,7 @@ int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng) return 0; } -#endif /* WC_RSA_BLINDING */ +#endif /* !WC_NO_RNG */ #ifdef WC_RSA_NONBLOCK int wc_RsaSetNonBlock(RsaKey* key, RsaNb* nb) diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index dc23839b7..aa22e8209 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -214,8 +214,10 @@ struct RsaKey { int type; /* public or private */ int state; word32 dataLen; -#ifdef WC_RSA_BLINDING - WC_RNG* rng; /* for PrivateDecrypt blinding */ +#ifndef WC_NO_RNG + WC_RNG* rng; /* for PrivateDecrypt blinding and + * _ifc_pairwise_consistency_test() + */ #endif #ifdef WOLFSSL_SE050 word32 keyId; @@ -400,7 +402,7 @@ WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, WOLFSSL_API int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen); #endif -#ifdef WC_RSA_BLINDING +#ifndef WC_NO_RNG WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng); #endif #ifdef WC_RSA_NONBLOCK