TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / f181eca3503e85a84171b60fa747f1f2b3cbf0c8^! / . / library / psa_crypto.c
commitf181eca3503e85a84171b60fa747f1f2b3cbf0c8[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Wed Aug 07 13:49:00 2019 +0200
committerGilles Peskine <Gilles.Peskine@arm.com>Wed Aug 07 13:49:00 2019 +0200
tree479f8c2370527ab169567ee0741df004968ca8d8
parentbdc96fd636c71d4adf2034f09fe7097ee4573caa [diff] [blame]
Fix psa_generate_random for >1024 bytes

mbedtls_ctr_drbg_random can only return up to
MBEDTLS_CTR_DRBG_MAX_REQUEST (normally 1024) bytes at a time. So if
more than that is requested, call mbedtls_ctr_drbg_random in a loop.

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index c6bc7a2..b602f19 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -5650,6 +5650,17 @@
     int ret;
     GUARD_MODULE_INITIALIZED;
 
+    while( output_size > MBEDTLS_CTR_DRBG_MAX_REQUEST )
+    {
+        ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg,
+                                       output,
+                                       MBEDTLS_CTR_DRBG_MAX_REQUEST );
+        if( ret != 0 )
+            return( mbedtls_to_psa_error( ret ) );
+        output += MBEDTLS_CTR_DRBG_MAX_REQUEST;
+        output_size -= MBEDTLS_CTR_DRBG_MAX_REQUEST;
+    }
+
     ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg, output, output_size );
     return( mbedtls_to_psa_error( ret ) );
 }