Merge pull request #672 from gilles-peskine-arm/ctr_drbg-aes_fail-2.16

Backport 2.16: Uncaught AES failure in CTR_DRBG
This commit is contained in:
Jaeden Amero 2019-11-28 15:02:17 +00:00 committed by GitHub
commit 1dfc361a50
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 1 deletions

View File

@ -20,6 +20,10 @@ Security
timings on the comparison in the key generation enabled the attacker to timings on the comparison in the key generation enabled the attacker to
learn leading bits of the ephemeral key used during ECDSA signatures and to learn leading bits of the ephemeral key used during ECDSA signatures and to
recover the private key. Reported by Jeremy Dubeuf. recover the private key. Reported by Jeremy Dubeuf.
* Catch failure of AES functions in mbedtls_ctr_drbg_random(). Uncaught
failures could happen with alternative implementations of AES. Bug
reported and fix proposed by Johan Uppman Bruce and Christoffer Lauri,
Sectra.
Bugfix Bugfix
* Remove redundant line for getting the bitlen of a bignum, since the variable * Remove redundant line for getting the bitlen of a bignum, since the variable

View File

@ -517,7 +517,7 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
exit: exit:
mbedtls_platform_zeroize( add_input, sizeof( add_input ) ); mbedtls_platform_zeroize( add_input, sizeof( add_input ) );
mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
return( 0 ); return( ret );
} }
int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output, size_t output_len ) int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output, size_t output_len )