ECCSI/SAKKE: add loop count to generation functions

wolfcrypt/src/eccsi.c

@@ -867,13 +867,21 @@ static int eccsi_make_pair(EccsiKey* key, WC_RNG* rng,
         enum wc_HashType hashType, const byte* id, word32 idSz, mp_int* ssk,
         ecc_point* pvt)
 {
-    int err;
+    int err = 0;
     byte hashSz = 0;
+    int genTryCnt = 0;
 
     do {
-        /* Step 1 and 2: Generate ephemeral key - v, PVT = [v]G */
-        err = wc_ecc_make_key_ex(rng, key->ecc.dp->size, &key->pubkey,
-                key->ecc.dp->id);
+        /* Don't infinitely make pairs when random number generator fails. */
+        if ((++genTryCnt) > ECCSI_MAX_GEN_COUNT) {
+            err = RNG_FAILURE_E;
+        }
+
+        if (err == 0) {
+            /* Step 1 and 2: Generate ephemeral key - v, PVT = [v]G */
+            err = wc_ecc_make_key_ex(rng, key->ecc.dp->size, &key->pubkey,
+                    key->ecc.dp->id);
+        }
         if (err == 0) {
             err = wc_ecc_copy_point(&key->pubkey.pubkey, pvt);
         }
@@ -1830,15 +1838,23 @@ static int eccsi_encode_sig(const EccsiKey* key, mp_int* r, mp_int* s,
 static int eccsi_gen_sig(EccsiKey* key, WC_RNG* rng, enum wc_HashType hashType,
         const byte* msg, word32 msgSz, mp_int* r, mp_int* s)
 {
-    int err;
+    int err = 0;
     word32 sz = key->ecc.dp->size;
     word32 heSz = 0;
     const mp_int* jx = NULL;
     mp_int* he = &key->tmp;
+    int genTryCnt = 0;
 
     do {
-        /* Step 1 and 2: Generate ephemeral key - j, J = [j]G, r = Jx */
-        err = wc_ecc_make_key_ex(rng, sz, &key->pubkey, key->ecc.dp->id);
+        /* Don't infinitely gen sigs when random number generator fails. */
+        if ((++genTryCnt) > ECCSI_MAX_GEN_COUNT) {
+            err = RNG_FAILURE_E;
+        }
+
+        if (err == 0) {
+            /* Step 1 and 2: Generate ephemeral key - j, J = [j]G, r = Jx */
+            err = wc_ecc_make_key_ex(rng, sz, &key->pubkey, key->ecc.dp->id);
+        }
         if (err == 0) {
             jx = key->pubkey.pubkey.x;
             err = eccsi_fit_to_octets(jx, &key->params.order, sz, r);

wolfcrypt/src/sakke.c

@@ -506,9 +506,17 @@ int wc_MakeSakkeKey(SakkeKey* key, WC_RNG* rng)
         err = sakke_load_base_point(key);
     }
     if (err == 0) {
+        int genTryCnt = 0;
+
         /* Generate a random number that is not 0 - master secret. */
         do {
-            err = mp_rand(&key->ecc.k, digits, rng);
+            /* Don't infinitely loop on random number generation failure. */
+            if ((++genTryCnt) > SAKKE_MAX_GEN_COUNT) {
+                err = RNG_FAILURE_E;
+            }
+            if (err == 0) {
+                err = mp_rand(&key->ecc.k, digits, rng);
+            }
             if (err == 0) {
                 err = mp_mod(&key->ecc.k, &key->params.q, &key->ecc.k);
             }

wolfssl/wolfcrypt/eccsi.h

@@ -41,6 +41,12 @@
 
 #define MAX_ECCSI_BYTES  (256 / 8)
 
+/* Maximum number of loops of attempting to generate key pairs and signatures.
+ */
+#ifndef ECCSI_MAX_GEN_COUNT
+    #define ECCSI_MAX_GEN_COUNT     10
+#endif
+
 typedef struct EccsiKeyParams {
     /** Order (q) of elliptic curve as an MP integer. */
     mp_int order;

wolfssl/wolfcrypt/sakke.h

@@ -41,6 +41,12 @@
 
 #define SAKKE_ID_MAX_SIZE       128
 
+/* Maximum number of loops of attempting to generate a key. */
+#ifndef SAKKE_MAX_GEN_COUNT
+    #define SAKKE_MAX_GEN_COUNT     10
+#endif
+
+
 /** MP integer in projective form. */
 typedef ecc_point mp_proj;