commit bee96c8db9fe118578b5677abdcebe90cdda7a89
author Gilles Peskine <Gilles.Peskine@arm.com> Mon Nov 23 21:00:09 2020 +0100
committer Gilles Peskine <Gilles.Peskine@arm.com> Mon Nov 23 21:00:09 2020 +0100
tree fe8a99a3a4a47a4e14d71c9693856f54ecd13635
parent c109b37b07146261e2eaae6a483743ac257721e9

Explain the conditions for checking DRBG error codes

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 66c4f7d..b3d7eb4 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -215,6 +215,8 @@
 
 #if !( defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) ||      \
        defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE) )
+        /* Only check CTR_DRBG error codes if underlying mbedtls_xxx
+         * functions are passed a CTR_DRBG instance. */
         case MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED:
             return( PSA_ERROR_INSUFFICIENT_ENTROPY );
         case MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG:
@@ -243,6 +245,8 @@
 
 #if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) &&        \
     defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE)
+        /* Only check HMAC_DRBG error codes if underlying mbedtls_xxx
+         * functions are passed a HMAC_DRBG instance. */
         case MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED:
             return( PSA_ERROR_INSUFFICIENT_ENTROPY );
         case MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG: