mirror of
				https://github.com/yuzu-emu/mbedtls.git
				synced 2025-10-26 06:27:32 +00:00 
			
		
		
		
	Catch AES failure in mbedtls_ctr_drbg_random
The functions mbedtls_ctr_drbg_random() and mbedtls_ctr_drbg_random_with_add() could return 0 if an AES function failed. This could only happen with alternative AES implementations (the built-in implementation of the AES functions involved never fail), typically due to a failure in a hardware accelerator. Bug reported and fix proposed by Johan Uppman Bruce and Christoffer Lauri, Sectra.
This commit is contained in:
		
							parent
							
								
									bcdd8bcfcf
								
							
						
					
					
						commit
						8b7f03f172
					
				|  | @ -79,6 +79,14 @@ Security | |||
|      Issue reported by Tuba Yavuz, Farhaan Fowze, Ken (Yihang) Bai, | ||||
|      Grant Hernandez, and Kevin Butler (University of Florida) and | ||||
|      Dave Tian (Purdue University). | ||||
|    * Fix side channel vulnerability in ECDSA key generation. Obtaining precise | ||||
|      timings on the comparison in the key generation enabled the attacker to | ||||
|      learn leading bits of the ephemeral key used during ECDSA signatures and to | ||||
|      recover the private key. Reported by Jeremy Dubeuf. | ||||
|    * Catch failure of AES functions in mbedtls_ctr_drbg_random(). Uncaught | ||||
|      failures could happen with alternative implementations of AES. Bug | ||||
|      reported and fix proposed by Johan Uppman Bruce and Christoffer Lauri, | ||||
|      Sectra. | ||||
| 
 | ||||
| Bugfix | ||||
|    * Remove redundant line for getting the bitlen of a bignum, since the variable | ||||
|  |  | |||
|  | @ -512,7 +512,7 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng, | |||
| exit: | ||||
|     mbedtls_platform_zeroize( add_input, sizeof( add_input ) ); | ||||
|     mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); | ||||
|     return( 0 ); | ||||
|     return( ret ); | ||||
| } | ||||
| 
 | ||||
| int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output, size_t output_len ) | ||||
|  |  | |||
		Loading…
	
		Reference in a new issue