mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 08:04:24 +01:00
Handle random generator failure in mbedtls_mpi_fill_random()
Discuss the impact in a changelog entry. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
2f78062e75
commit
0525114752
8
ChangeLog.d/mpi_fill_random-rng_failure.txt
Normal file
8
ChangeLog.d/mpi_fill_random-rng_failure.txt
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
Security
|
||||||
|
* A failure of the random generator was ignored in mbedtls_mpi_fill_random(),
|
||||||
|
which is how most uses of randomization in asymmetric cryptography
|
||||||
|
(including key generation, intermediate value randomization and blinding)
|
||||||
|
are implemented. This could cause failures or the silent use of non-random
|
||||||
|
values. A random generator can fail if it needs reseeding and cannot not
|
||||||
|
obtain entropy, or due to an internal failure (which, for Mbed TLS's own
|
||||||
|
CTR_DRBG or HMAC_DRBG, can only happen due to a misconfiguration).
|
@ -2334,7 +2334,7 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
|
|||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
|
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
|
||||||
|
|
||||||
Xp = (unsigned char*) X->p;
|
Xp = (unsigned char*) X->p;
|
||||||
f_rng( p_rng, Xp + overhead, size );
|
MBEDTLS_MPI_CHK( f_rng( p_rng, Xp + overhead, size ) );
|
||||||
|
|
||||||
mpi_bigendian_to_host( X->p, limbs );
|
mpi_bigendian_to_host( X->p, limbs );
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user