mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 11:35:44 +01:00
Catch AES failure in mbedtls_ctr_drbg_random
The functions mbedtls_ctr_drbg_random() and mbedtls_ctr_drbg_random_with_add() could return 0 if an AES function failed. This could only happen with alternative AES implementations (the built-in implementation of the AES functions involved never fail), typically due to a failure in a hardware accelerator. Bug reported and fix proposed by Johan Uppman Bruce and Christoffer Lauri, Sectra.
This commit is contained in:
parent
bcdd8bcfcf
commit
8b7f03f172
@ -79,6 +79,14 @@ Security
|
||||
Issue reported by Tuba Yavuz, Farhaan Fowze, Ken (Yihang) Bai,
|
||||
Grant Hernandez, and Kevin Butler (University of Florida) and
|
||||
Dave Tian (Purdue University).
|
||||
* Fix side channel vulnerability in ECDSA key generation. Obtaining precise
|
||||
timings on the comparison in the key generation enabled the attacker to
|
||||
learn leading bits of the ephemeral key used during ECDSA signatures and to
|
||||
recover the private key. Reported by Jeremy Dubeuf.
|
||||
* Catch failure of AES functions in mbedtls_ctr_drbg_random(). Uncaught
|
||||
failures could happen with alternative implementations of AES. Bug
|
||||
reported and fix proposed by Johan Uppman Bruce and Christoffer Lauri,
|
||||
Sectra.
|
||||
|
||||
Bugfix
|
||||
* Remove redundant line for getting the bitlen of a bignum, since the variable
|
||||
|
@ -512,7 +512,7 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
|
||||
exit:
|
||||
mbedtls_platform_zeroize( add_input, sizeof( add_input ) );
|
||||
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
|
||||
return( 0 );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output, size_t output_len )
|
||||
|
Loading…
Reference in New Issue
Block a user