Skip to content

Commit

Permalink
Fix psa_generate_random for >1024 bytes
Browse files Browse the repository at this point in the history 
mbedtls_ctr_drbg_random can only return up to
MBEDTLS_CTR_DRBG_MAX_REQUEST (normally 1024) bytes at a time. So if
more than that is requested, call mbedtls_ctr_drbg_random in a loop.
  • Loading branch information
@gilles-peskine-arm
gilles-peskine-arm committed Aug 7, 2019
1 parent bdc96fd commit f181eca
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions library/psa_crypto.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5650,6 +5650,17 @@ psa_status_t psa_generate_random( uint8_t *output,
int ret;
GUARD_MODULE_INITIALIZED;

while( output_size > MBEDTLS_CTR_DRBG_MAX_REQUEST )
{
ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg,
output,
MBEDTLS_CTR_DRBG_MAX_REQUEST );
if( ret != 0 )
return( mbedtls_to_psa_error( ret ) );
output += MBEDTLS_CTR_DRBG_MAX_REQUEST;
output_size -= MBEDTLS_CTR_DRBG_MAX_REQUEST;
}

ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg, output, output_size );
return( mbedtls_to_psa_error( ret ) );
}
Expand Down

0 comments on commit f181eca

Please sign in to comment.