Catch AES failure in mbedtls_ctr_drbg_random

gilles-peskine-arm · gilles-peskine-arm · commit afaee1cacfd2 · 2019-11-28T10:03:08.000+01:00
The functions mbedtls_ctr_drbg_random() and
mbedtls_ctr_drbg_random_with_add() could return 0 if an AES function
failed. This could only happen with alternative AES
implementations (the built-in implementation of the AES functions
involved never fail), typically due to a failure in a hardware
accelerator.

Bug reported and fix proposed by Johan Uppman Bruce and Christoffer
Lauri, Sectra.
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
@@ -584,7 +584,7 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
 exit:
     mbedtls_platform_zeroize( add_input, sizeof( add_input ) );
     mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
-    return( 0 );
+    return( ret );
 }
 
 int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output,

Original file line number	Diff line number	Diff line change
`@@ -584,7 +584,7 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,`
`584`	`584`	`exit:`
`585`	`585`	`mbedtls_platform_zeroize( add_input, sizeof( add_input ) );`
`586`	`586`	`mbedtls_platform_zeroize( tmp, sizeof( tmp ) );`
`587`		`- return( 0 );`
	`587`	`+ return( ret );`
`588`	`588`	`}`
`589`	`589`
`590`	`590`	`int mbedtls_ctr_drbg_random( void p_rng, unsigned char output,`