From 4a6a55cae364e955cd324bfc91685f0628e1a63a Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Fri, 28 Jun 2019 14:14:02 +0200 Subject: [PATCH] Fix handling of md failure The failure of mbedtls_md was not checked in one place. This could have led to an incorrect computation if a hardware accelerator failed. In most cases this would have led to the key exchange failing, so the impact would have been a hard-to-diagnose error reported in the wrong place. If the two sides of the key exchange failed in the same way with an output from mbedtls_md that was independent of the input, this could have led to an apparently successful key exchange with a predictable key, thus a glitching md accelerator could have caused a security vulnerability. --- library/ecjpake.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ecjpake.c b/library/ecjpake.c index b276514e8..1845c936a 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -226,7 +226,7 @@ static int ecjpake_hash( const mbedtls_md_info_t *md_info, p += id_len; /* Compute hash */ - mbedtls_md( md_info, buf, p - buf, hash ); + MBEDTLS_MPI_CHK( mbedtls_md( md_info, buf, p - buf, hash ) ); /* Turn it into an integer mod n */ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( h, hash,