Catch AES failure in mbedtls_ctr_drbg_random The functions mbedtls_ctr_drbg_random() and mbedtls_ctr_drbg_random_with_add() could return 0 if an AES function failed. This could only happen with alternative AES implementations (the built-in implementation of the AES functions involved never fail), typically due to a failure in a hardware accelerator. Bug reported and fix proposed by Johan Uppman Bruce and Christoffer Lauri, Sectra.

commit: afaee1cacfd21a9022b3d014de1120b16b8f0dad [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Thu Nov 28 09:45:32 2019 +0100
committer: Gilles Peskine <Gilles.Peskine@arm.com> Thu Nov 28 10:03:08 2019 +0100
tree: 736468b8def379533623aa6ac66a1c56e0e0a4b2
parent: a428ced16563741874f87f12bdf8913591c387a4 [diff]
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index 047bb2a..517b455 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c

@@ -584,7 +584,7 @@
 exit:
     mbedtls_platform_zeroize( add_input, sizeof( add_input ) );
     mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
-    return( 0 );
+    return( ret );
 }
 
 int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output,
commit	afaee1cacfd21a9022b3d014de1120b16b8f0dad	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Nov 28 09:45:32 2019 +0100
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Nov 28 10:03:08 2019 +0100
tree	736468b8def379533623aa6ac66a1c56e0e0a4b2
parent	a428ced16563741874f87f12bdf8913591c387a4 [diff]