Catch AES failure in mbedtls_ctr_drbg_random

The functions mbedtls_ctr_drbg_random() and
mbedtls_ctr_drbg_random_with_add() could return 0 if an AES function
failed. This could only happen with alternative AES
implementations (the built-in implementation of the AES functions
involved never fail), typically due to a failure in a hardware
accelerator.

Bug reported and fix proposed by Johan Uppman Bruce and Christoffer
Lauri, Sectra.
This commit is contained in:
Gilles Peskine 2019-11-28 09:45:32 +01:00
parent a428ced165
commit afaee1cacf

View file

@ -584,7 +584,7 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
exit: exit:
mbedtls_platform_zeroize( add_input, sizeof( add_input ) ); mbedtls_platform_zeroize( add_input, sizeof( add_input ) );
mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
return( 0 ); return( ret );
} }
int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output, int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output,