From 0ad5fd7e61837020b17f3e46d052a27fcff0603d Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Mon, 25 Jun 2018 12:30:55 +0200
Subject: wrap_nettle_pk_generate_keys: retry on provable key generation

This resolves issue with occasional failures under RSA key generation
in FIPS140-2 mode.

Resolves #283

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
---
 lib/nettle/pk.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index a54044dc4d..bfcafa926c 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -1944,12 +1944,21 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
 						params->seed_size, params->seed,
 						NULL, NULL, level);
 				} else {
-					params->seed_size = sizeof(params->seed);
-					ret =
-					    rsa_generate_fips186_4_keypair(&pub, &priv, NULL,
+					unsigned retries = 0;
+					/* The provable RSA key generation process is deterministic
+					 * but has an internal maximum iteration counter and when
+					 * exceed will fail for certain random seeds. This is a very
+					 * rare condition, but it nevertheless happens and even CI builds fail
+					 * occasionally. When we generate the random seed internally, remediate
+					 * by retrying a different seed on failure. */
+					do {
+						params->seed_size = sizeof(params->seed);
+						ret =
+						    rsa_generate_fips186_4_keypair(&pub, &priv, NULL,
 							 rnd_func, NULL, NULL,
 							 &params->seed_size, params->seed,
 							 level);
+					} while (ret != 1 && ++retries < 3);
 				}
 			} else {
 				ret =
-- 
cgit v1.2.1