From 688bc168de120fbc350931b892f395d1c9021cfc Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Thu, 3 Jul 2025 18:30:46 -0500
Subject: [PATCH] wolfcrypt/src/random.c: small stack refactor of noise[] in
 wc_Entropy_Get().

---
 wolfcrypt/src/random.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index 6e44ff6e8..dc85e4b7b 100644
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -1494,13 +1494,23 @@ static wolfSSL_Mutex entropy_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(entropy_mute
 int wc_Entropy_Get(int bits, unsigned char* entropy, word32 len)
 {
     int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    byte *noise = NULL;
+#else
     byte noise[MAX_NOISE_CNT];
+#endif
     /* Noise length is the number of 8 byte samples required to get the bits of
      * entropy requested. */
     int noise_len = (bits + ENTROPY_EXTRA) / ENTROPY_MIN;
 
+#ifdef WOLFSSL_SMALL_STACK
+    noise = (byte *)XMALLOC(MAX_NOISE_CNT, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (noise == NULL)
+        return MEMORY_E;
+#endif
+
     /* Lock the mutex as collection uses globals. */
-    if (wc_LockMutex(&entropy_mutex) != 0) {
+    if ((ret == 0) && (wc_LockMutex(&entropy_mutex) != 0)) {
         ret = BAD_MUTEX_E;
     }
 
@@ -1558,6 +1568,10 @@ int wc_Entropy_Get(int bits, unsigned char* entropy, word32 len)
         wc_UnLockMutex(&entropy_mutex);
     }
 
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(noise, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
     return ret;
 }