Fix handling of md failure

The failure of mbedtls_md was not checked in one place. This could have led
to an incorrect computation if a hardware accelerator failed. In most cases
this would have led to the key exchange failing, so the impact would have been
a hard-to-diagnose error reported in the wrong place. If the two sides of the
key exchange failed in the same way with an output from mbedtls_md that was
independent of the input, this could have led to an apparently successful key
exchange with a predictable key, thus a glitching md accelerator could have
caused a security vulnerability.
This commit is contained in:
k-stachowiak 2019-06-28 14:14:02 +02:00
parent 54b8eabd76
commit 4150335a27

View File

@ -226,7 +226,7 @@ static int ecjpake_hash( const mbedtls_md_info_t *md_info,
p += id_len; p += id_len;
/* Compute hash */ /* Compute hash */
mbedtls_md( md_info, buf, p - buf, hash ); MBEDTLS_MPI_CHK( mbedtls_md( md_info, buf, p - buf, hash ) );
/* Turn it into an integer mod n */ /* Turn it into an integer mod n */
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( h, hash, MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( h, hash,