diff --git a/wolfcrypt/src/eccsi.c b/wolfcrypt/src/eccsi.c index e83edee1c..555020c35 100644 --- a/wolfcrypt/src/eccsi.c +++ b/wolfcrypt/src/eccsi.c @@ -867,13 +867,21 @@ static int eccsi_make_pair(EccsiKey* key, WC_RNG* rng, enum wc_HashType hashType, const byte* id, word32 idSz, mp_int* ssk, ecc_point* pvt) { - int err; + int err = 0; byte hashSz = 0; + int genTryCnt = 0; do { - /* Step 1 and 2: Generate ephemeral key - v, PVT = [v]G */ - err = wc_ecc_make_key_ex(rng, key->ecc.dp->size, &key->pubkey, - key->ecc.dp->id); + /* Don't infinitely make pairs when random number generator fails. */ + if ((++genTryCnt) > ECCSI_MAX_GEN_COUNT) { + err = RNG_FAILURE_E; + } + + if (err == 0) { + /* Step 1 and 2: Generate ephemeral key - v, PVT = [v]G */ + err = wc_ecc_make_key_ex(rng, key->ecc.dp->size, &key->pubkey, + key->ecc.dp->id); + } if (err == 0) { err = wc_ecc_copy_point(&key->pubkey.pubkey, pvt); } @@ -1830,15 +1838,23 @@ static int eccsi_encode_sig(const EccsiKey* key, mp_int* r, mp_int* s, static int eccsi_gen_sig(EccsiKey* key, WC_RNG* rng, enum wc_HashType hashType, const byte* msg, word32 msgSz, mp_int* r, mp_int* s) { - int err; + int err = 0; word32 sz = key->ecc.dp->size; word32 heSz = 0; const mp_int* jx = NULL; mp_int* he = &key->tmp; + int genTryCnt = 0; do { - /* Step 1 and 2: Generate ephemeral key - j, J = [j]G, r = Jx */ - err = wc_ecc_make_key_ex(rng, sz, &key->pubkey, key->ecc.dp->id); + /* Don't infinitely gen sigs when random number generator fails. */ + if ((++genTryCnt) > ECCSI_MAX_GEN_COUNT) { + err = RNG_FAILURE_E; + } + + if (err == 0) { + /* Step 1 and 2: Generate ephemeral key - j, J = [j]G, r = Jx */ + err = wc_ecc_make_key_ex(rng, sz, &key->pubkey, key->ecc.dp->id); + } if (err == 0) { jx = key->pubkey.pubkey.x; err = eccsi_fit_to_octets(jx, &key->params.order, sz, r); diff --git a/wolfcrypt/src/sakke.c b/wolfcrypt/src/sakke.c index a155e7122..789347528 100644 --- a/wolfcrypt/src/sakke.c +++ b/wolfcrypt/src/sakke.c @@ -506,9 +506,17 @@ int wc_MakeSakkeKey(SakkeKey* key, WC_RNG* rng) err = sakke_load_base_point(key); } if (err == 0) { + int genTryCnt = 0; + /* Generate a random number that is not 0 - master secret. */ do { - err = mp_rand(&key->ecc.k, digits, rng); + /* Don't infinitely loop on random number generation failure. */ + if ((++genTryCnt) > SAKKE_MAX_GEN_COUNT) { + err = RNG_FAILURE_E; + } + if (err == 0) { + err = mp_rand(&key->ecc.k, digits, rng); + } if (err == 0) { err = mp_mod(&key->ecc.k, &key->params.q, &key->ecc.k); } diff --git a/wolfssl/wolfcrypt/eccsi.h b/wolfssl/wolfcrypt/eccsi.h index 5a40103ac..b563514eb 100644 --- a/wolfssl/wolfcrypt/eccsi.h +++ b/wolfssl/wolfcrypt/eccsi.h @@ -41,6 +41,12 @@ #define MAX_ECCSI_BYTES (256 / 8) +/* Maximum number of loops of attempting to generate key pairs and signatures. + */ +#ifndef ECCSI_MAX_GEN_COUNT + #define ECCSI_MAX_GEN_COUNT 10 +#endif + typedef struct EccsiKeyParams { /** Order (q) of elliptic curve as an MP integer. */ mp_int order; diff --git a/wolfssl/wolfcrypt/sakke.h b/wolfssl/wolfcrypt/sakke.h index a0aa204f9..79fc314e4 100644 --- a/wolfssl/wolfcrypt/sakke.h +++ b/wolfssl/wolfcrypt/sakke.h @@ -41,6 +41,12 @@ #define SAKKE_ID_MAX_SIZE 128 +/* Maximum number of loops of attempting to generate a key. */ +#ifndef SAKKE_MAX_GEN_COUNT + #define SAKKE_MAX_GEN_COUNT 10 +#endif + + /** MP integer in projective form. */ typedef ecc_point mp_proj;