Merge pull request #673 from gilles-peskine-arm/ctr_drbg-aes_fail-2.7

Backport 2.7: Uncaught AES failure in CTR_DRBG
2025-03-23 05:25:09 +00:00 · 2019-11-28 15:02:23 +00:00 · 2019-11-28 15:02:23 +00:00 · 373a7097eb
parent c5a016dde1 b2be1fca2c
commit 373a7097eb
2 changed files with 5 additions and 1 deletions
--- a/4
+++ b/4
@ -20,6 +20,10 @@ Security
     timings on the comparison in the key generation enabled the attacker to
     learn leading bits of the ephemeral key used during ECDSA signatures and to
     recover the private key.
+   * Catch failure of AES functions in mbedtls_ctr_drbg_random(). Uncaught
+     failures could happen with alternative implementations of AES. Bug
+     reported and fix proposed by Johan Uppman Bruce and Christoffer Lauri,
+     Sectra.

 Changes
   * Add unit tests for AES-GCM when called through mbedtls_cipher_auth_xxx()
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@ -457,7 +457,7 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
 exit:
    mbedtls_zeroize( add_input, sizeof( add_input ) );
    mbedtls_zeroize( tmp, sizeof( tmp ) );
-    return( 0 );
+    return( ret );
 }

 int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output, size_t output_len )