From 31f13a7f41f2119f94bd31b77601f4e25a944a2a Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 12 Oct 2021 17:18:26 -0500 Subject: [PATCH] wolfcrypt/test/test.c: when HAVE_FIPS, wrap wc_MakeRsaKey() calls in infinite iteration while ret == PRIME_GEN_E, to inhibit nondeterministic failure mode from FIPS-limited _CheckProbablePrime() iteration. --- wolfcrypt/test/test.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index a5426e137..b5dc9784b 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -14856,10 +14856,20 @@ static int rsa_keygen_test(WC_RNG* rng) ERROR_OUT(-7870, exit_rsa); } - ret = wc_MakeRsaKey(genKey, keySz, WC_RSA_EXPONENT, rng); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &genKey->asyncDev, WC_ASYNC_FLAG_NONE); +#ifdef HAVE_FIPS + for (;;) { #endif + ret = wc_MakeRsaKey(genKey, keySz, WC_RSA_EXPONENT, rng); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &genKey->asyncDev, WC_ASYNC_FLAG_NONE); +#endif +#ifdef HAVE_FIPS + if (ret == PRIME_GEN_E) + continue; + break; + } +#endif + if (ret != 0) { ERROR_OUT(-7871, exit_rsa); } @@ -37788,8 +37798,17 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) else if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) { info->pk.rsakg.key->devId = INVALID_DEVID; - ret = wc_MakeRsaKey(info->pk.rsakg.key, info->pk.rsakg.size, - info->pk.rsakg.e, info->pk.rsakg.rng); +#ifdef HAVE_FIPS + for (;;) { +#endif + ret = wc_MakeRsaKey(info->pk.rsakg.key, info->pk.rsakg.size, + info->pk.rsakg.e, info->pk.rsakg.rng); +#ifdef HAVE_FIPS + if (ret == PRIME_GEN_E) + continue; + break; + } +#endif /* reset devId */ info->pk.rsakg.key->devId = devIdArg;