From 6bc37fa4e29e7bc491b57c68d11d0e9bd9ad337e Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Sat, 18 Jul 2020 06:05:03 -0400 Subject: [PATCH] hmac_drbg: set_entropy_len can now return an error Make mbedtls_hmac_drbg_set_entropy_len return an error in case of a too long entropy length setting. Signed-off-by: Andrzej Kurek --- include/mbedtls/hmac_drbg.h | 6 ++++-- library/hmac_drbg.c | 6 +++++- tests/suites/test_suite_hmac_drbg.function | 4 ++-- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h index eec05e471..6b2c7887e 100644 --- a/include/mbedtls/hmac_drbg.h +++ b/include/mbedtls/hmac_drbg.h @@ -228,9 +228,11 @@ void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx * * \param ctx The HMAC_DRBG context. * \param len The amount of entropy to grab, in bytes. + * + * \return \c 0 if \p len is valid, MBEDTLS_HMAC_DRBG_MAX_INPUT otherwise. */ -void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx, - size_t len ); +int mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx, + size_t len ); /** * \brief Set the reseed interval. diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index 1336c7e4c..92d7ba4dd 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -390,9 +390,13 @@ void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx /* * Set entropy length grabbed for seeding */ -void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx, size_t len ) +int mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx, size_t len ) { + if( len > MBEDTLS_HMAC_DRBG_MAX_INPUT ) + return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG ); + ctx->entropy_len = len; + return 0; } /* diff --git a/tests/suites/test_suite_hmac_drbg.function b/tests/suites/test_suite_hmac_drbg.function index da280dbd9..0463a89a4 100644 --- a/tests/suites/test_suite_hmac_drbg.function +++ b/tests/suites/test_suite_hmac_drbg.function @@ -94,12 +94,12 @@ void hmac_drbg_entropy_usage( int md_alg ) TEST_ASSERT( entropy.len < last_len ); /* Finally, check setting entropy_len */ - mbedtls_hmac_drbg_set_entropy_len( &ctx, 42 ); + TEST_ASSERT( mbedtls_hmac_drbg_set_entropy_len( &ctx, 42 ) == 0 ); last_len = entropy.len; TEST_ASSERT( mbedtls_hmac_drbg_random( &ctx, out, sizeof( out ) ) == 0 ); TEST_ASSERT( (int) last_len - entropy.len == 42 ); - mbedtls_hmac_drbg_set_entropy_len( &ctx, 13 ); + TEST_ASSERT( mbedtls_hmac_drbg_set_entropy_len( &ctx, 13 ) == 0 ); last_len = entropy.len; TEST_ASSERT( mbedtls_hmac_drbg_random( &ctx, out, sizeof( out ) ) == 0 ); TEST_ASSERT( (int) last_len - entropy.len == 13 );