Fix handling of md failure The failure of mbedtls_md was not checked in one place. This could have led to an incorrect computation if a hardware accelerator failed. In most cases this would have led to the key exchange failing, so the impact would have been a hard-to-diagnose error reported in the wrong place. If the two sides of the key exchange failed in the same way with an output from mbedtls_md that was independent of the input, this could have led to an apparently successful key exchange with a predictable key, thus a glitching md accelerator could have caused a security vulnerability.

commit: 202b1df5bab7925a7ae741c7b53d08868d338563 [log] [tgz]
author: k-stachowiak <krzysiek.stachowiak@gmail.com> Fri Jun 28 14:14:02 2019 +0200
committer: k-stachowiak <krzysiek.stachowiak@gmail.com> Mon Jul 08 15:26:09 2019 +0200
tree: 6d684b3fb6bb385cc7b01147c1849df4d4133f2a
parent: 1e61b0fb3f30da2135ab53187064806e844be591 [diff] [blame]
diff --git a/library/ecjpake.c b/library/ecjpake.c
index 0cd79d0..65ba0d0 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c

@@ -213,7 +213,7 @@
     p += id_len;
 
     /* Compute hash */
-    mbedtls_md( md_info, buf, p - buf, hash );
+    MBEDTLS_MPI_CHK( mbedtls_md( md_info, buf, p - buf, hash ) );
 
     /* Turn it into an integer mod n */
     MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( h, hash,
commit	202b1df5bab7925a7ae741c7b53d08868d338563	[log] [tgz]
author	k-stachowiak <krzysiek.stachowiak@gmail.com>	Fri Jun 28 14:14:02 2019 +0200
committer	k-stachowiak <krzysiek.stachowiak@gmail.com>	Mon Jul 08 15:26:09 2019 +0200
tree	6d684b3fb6bb385cc7b01147c1849df4d4133f2a
parent	1e61b0fb3f30da2135ab53187064806e844be591 [diff] [blame]