peer/Devin review:

* in get_crypto_default_rng() (linuxkm/lkcapi_sha_glue.c), sanity check that crypto_default_rng isn't null;
* in wc_InitRsaKey_ex(), remove frivolous NULL/zero assignments (XMEMSET clears them implicitly);
* in wc_CheckRsaKey(), check ret from wc_InitRng() and short circuit return if failed.

linuxkm/lkcapi_sha_glue.c

@@ -1134,6 +1134,11 @@ static inline void put_drbg(struct wc_rng_inst *drbg) {
 static inline struct crypto_rng *get_crypto_default_rng(void) {
     struct crypto_rng *current_crypto_default_rng = crypto_default_rng;
 
+    if (unlikely(! current_crypto_default_rng)) {
+        pr_warn("BUG: get_default_drbg_ctx() called with NULL crypto_default_rng.");
+        return NULL;
+    }
+
     if (unlikely(! wc_linuxkm_drbg_default_instance_registered)) {
         pr_warn("BUG: get_default_drbg_ctx() called without wc_linuxkm_drbg_default_instance_registered.");
         return NULL;

wolfcrypt/src/rsa.c

@@ -201,11 +201,6 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
     (!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE)))
     key->dataIsAlloc = 0;
 #endif
-    key->data = NULL;
-    key->dataLen = 0;
-#ifdef WC_RSA_BLINDING
-    key->rng = NULL;
-#endif
 
 #ifdef WOLF_CRYPTO_CB
     key->devId = devId;
@@ -741,6 +736,13 @@ int wc_CheckRsaKey(RsaKey* key)
         }
 #endif
         ret = wc_InitRng(rng);
+        if (ret != 0) {
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
+            XFREE(rng, NULL, DYNAMIC_TYPE_RNG);
+            FREE_MP_INT_SIZE(tmp, NULL, DYNAMIC_TYPE_RSA);
+#endif
+            return ret;
+        }
     }
 
     SAVE_VECTOR_REGISTERS(ret = _svr_ret;);