From 0c59ba88cbad9fa54e15a35b914c5d6ad3632f6f Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 5 Jan 2021 14:10:59 +0100
Subject: [PATCH] Fix the error detection in psa_generate_random

If a call to mbedtls_psa_get_random other than the last one failed,
this went undetected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/psa_crypto.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 4d32da7da..c82fecb08 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -6394,19 +6394,20 @@ psa_status_t psa_generate_random( uint8_t *output,
 
 #else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 
-    int ret = 0;
     while( output_size > 0 )
     {
         size_t request_size =
             ( output_size > MBEDTLS_PSA_RANDOM_MAX_REQUEST ?
               MBEDTLS_PSA_RANDOM_MAX_REQUEST :
               output_size );
-        ret = mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE,
-                                      output, request_size );
+        int ret = mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE,
+                                          output, request_size );
+        if( ret != 0 )
+            return( mbedtls_to_psa_error( ret ) );
         output_size -= request_size;
         output += request_size;
     }
-    return( mbedtls_to_psa_error( ret ) );
+    return( PSA_SUCCESS );
 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 }