Fix an incorrect error code if RSA private operation glitched

mbedtls_rsa_private() could return the sum of two RSA error codes
instead of a valid error code in some rare circumstances:

* If rsa_prepare_blinding() returned  MBEDTLS_ERR_RSA_RNG_FAILED
  (indicating a misbehaving or misconfigured RNG).
* If the comparison with the public value failed (typically indicating
  a glitch attack).

Make sure not to add two high-level error codes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2020-11-25 00:10:31 +01:00 committed by Dave Rodgman
parent 9c1ae18c9c
commit fc2c79633b
2 changed files with 4 additions and 2 deletions

View file

@ -0,0 +1,2 @@
Bugfix
* Fix an incorrect error code if an RSA private operation glitched.

View file

@ -1045,10 +1045,10 @@ cleanup:
mbedtls_mpi_free( &C );
mbedtls_mpi_free( &I );
if( ret != 0 )
if( ret != 0 && ret >= -0x007f )
return( MBEDTLS_ERR_RSA_PRIVATE_FAILED + ret );
return( 0 );
return( ret );
}
#if defined(MBEDTLS_PKCS1_V21)