wolfSSL: Fix crypto_ecdh_* with ECC_TIMING_RESISTANT
It looks like crypto_ecdh_set_peerkey() had started failing at some point with a wolfSSL update due to ECC_TIMING_RESISTANT from --enable-harden requiring RNG to be set. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
ae1fb64550
commit
d7b8c6eef2
1 changed files with 13 additions and 8 deletions
|
@ -1706,33 +1706,37 @@ int crypto_ec_point_cmp(const struct crypto_ec *e,
|
||||||
|
|
||||||
struct crypto_ecdh {
|
struct crypto_ecdh {
|
||||||
struct crypto_ec *ec;
|
struct crypto_ec *ec;
|
||||||
|
WC_RNG rng;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct crypto_ecdh * crypto_ecdh_init(int group)
|
struct crypto_ecdh * crypto_ecdh_init(int group)
|
||||||
{
|
{
|
||||||
struct crypto_ecdh *ecdh = NULL;
|
struct crypto_ecdh *ecdh = NULL;
|
||||||
WC_RNG rng;
|
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
if (wc_InitRng(&rng) != 0)
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
ecdh = os_zalloc(sizeof(*ecdh));
|
ecdh = os_zalloc(sizeof(*ecdh));
|
||||||
if (!ecdh)
|
if (!ecdh)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
|
if (wc_InitRng(&ecdh->rng) != 0)
|
||||||
|
goto fail;
|
||||||
|
|
||||||
ecdh->ec = crypto_ec_init(group);
|
ecdh->ec = crypto_ec_init(group);
|
||||||
if (!ecdh->ec)
|
if (!ecdh->ec)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
ret = wc_ecc_make_key_ex(&rng, ecdh->ec->key.dp->size, &ecdh->ec->key,
|
ret = wc_ecc_make_key_ex(&ecdh->rng, ecdh->ec->key.dp->size,
|
||||||
ecdh->ec->key.dp->id);
|
&ecdh->ec->key, ecdh->ec->key.dp->id);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
done:
|
#ifdef ECC_TIMING_RESISTANT
|
||||||
wc_FreeRng(&rng);
|
ret = wc_ecc_set_rng(&ecdh->ec->key, &ecdh->rng);
|
||||||
|
if (ret < 0)
|
||||||
|
goto fail;
|
||||||
|
#endif /* ECC_TIMING_RESISTANT */
|
||||||
|
|
||||||
|
done:
|
||||||
return ecdh;
|
return ecdh;
|
||||||
fail:
|
fail:
|
||||||
crypto_ecdh_deinit(ecdh);
|
crypto_ecdh_deinit(ecdh);
|
||||||
|
@ -1745,6 +1749,7 @@ void crypto_ecdh_deinit(struct crypto_ecdh *ecdh)
|
||||||
{
|
{
|
||||||
if (ecdh) {
|
if (ecdh) {
|
||||||
crypto_ec_deinit(ecdh->ec);
|
crypto_ec_deinit(ecdh->ec);
|
||||||
|
wc_FreeRng(&ecdh->rng);
|
||||||
os_free(ecdh);
|
os_free(ecdh);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue