wolfSSL: Fix crypto_ecdh_* with ECC_TIMING_RESISTANT

It looks like crypto_ecdh_set_peerkey() had started failing at some
point with a wolfSSL update due to ECC_TIMING_RESISTANT from
--enable-harden requiring RNG to be set.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
index f94abc7032345555e131b9a90319610e5247491e..22e8c044c8de538dfacdebfa916e64e4f7e12b18 100644 (file)
--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
@@ -1706,33 +1706,37 @@ int crypto_ec_point_cmp(const struct crypto_ec *e,
 
 struct crypto_ecdh {
        struct crypto_ec *ec;
+       WC_RNG rng;
 };
 
 struct crypto_ecdh * crypto_ecdh_init(int group)
 {
        struct crypto_ecdh *ecdh = NULL;
-       WC_RNG rng;
        int ret;
 
-       if (wc_InitRng(&rng) != 0)
-               goto fail;
-
        ecdh = os_zalloc(sizeof(*ecdh));
        if (!ecdh)
                goto fail;
 
+       if (wc_InitRng(&ecdh->rng) != 0)
+               goto fail;
+
        ecdh->ec = crypto_ec_init(group);
        if (!ecdh->ec)
                goto fail;
 
-       ret = wc_ecc_make_key_ex(&rng, ecdh->ec->key.dp->size, &ecdh->ec->key,
-                                ecdh->ec->key.dp->id);
+       ret = wc_ecc_make_key_ex(&ecdh->rng, ecdh->ec->key.dp->size,
+                                &ecdh->ec->key, ecdh->ec->key.dp->id);
        if (ret < 0)
                goto fail;
 
-done:
-       wc_FreeRng(&rng);
+#ifdef ECC_TIMING_RESISTANT
+       ret = wc_ecc_set_rng(&ecdh->ec->key, &ecdh->rng);
+       if (ret < 0)
+               goto fail;
+#endif /* ECC_TIMING_RESISTANT */
 
+done:
        return ecdh;
 fail:
        crypto_ecdh_deinit(ecdh);
@@ -1745,6 +1749,7 @@ void crypto_ecdh_deinit(struct crypto_ecdh *ecdh)
 {
        if (ecdh) {
                crypto_ec_deinit(ecdh->ec);
+               wc_FreeRng(&ecdh->rng);
                os_free(ecdh);
        }
 }