commit 6bc37fa4e29e7bc491b57c68d11d0e9bd9ad337e
author Andrzej Kurek <andrzej.kurek@arm.com> Sat Jul 18 06:05:03 2020 -0400
committer Andrzej Kurek <andrzej.kurek@arm.com> Sat Jul 18 06:05:03 2020 -0400
tree 4600a418e5403c149b159d3d8e897b436152f5c3
parent 9167aa96f87a511aa31bbc94d542739fcfa2e44a

hmac_drbg: set_entropy_len can now return an error

Make mbedtls_hmac_drbg_set_entropy_len return an error
in case of a too long entropy length setting.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

include/mbedtls/hmac_drbg.h

diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index eec05e4..6b2c788 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -228,9 +228,11 @@
  *
  * \param ctx           The HMAC_DRBG context.
  * \param len           The amount of entropy to grab, in bytes.
+ *
+ * \return              \c 0 if \p len is valid, MBEDTLS_HMAC_DRBG_MAX_INPUT otherwise.
  */
-void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx,
-                                size_t len );
+int mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx,
+                                       size_t len );
 
 /**
  * \brief               Set the reseed interval.

library/hmac_drbg.c

diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c
index 1336c7e..92d7ba4 100644
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@@ -390,9 +390,13 @@
 /*
  * Set entropy length grabbed for seeding
  */
-void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx, size_t len )
+int mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx, size_t len )
 {
+    if( len > MBEDTLS_HMAC_DRBG_MAX_INPUT )
+        return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG );
+
     ctx->entropy_len = len;
+    return 0;
 }
 
 /*

tests/suites/test_suite_hmac_drbg.function

diff --git a/tests/suites/test_suite_hmac_drbg.function b/tests/suites/test_suite_hmac_drbg.function
index da280db..0463a89 100644
--- a/tests/suites/test_suite_hmac_drbg.function
+++ b/tests/suites/test_suite_hmac_drbg.function
@@ -94,12 +94,12 @@
     TEST_ASSERT( entropy.len < last_len );
 
     /* Finally, check setting entropy_len */
-    mbedtls_hmac_drbg_set_entropy_len( &ctx, 42 );
+    TEST_ASSERT( mbedtls_hmac_drbg_set_entropy_len( &ctx, 42 ) == 0 );
     last_len = entropy.len;
     TEST_ASSERT( mbedtls_hmac_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
     TEST_ASSERT( (int) last_len - entropy.len == 42 );
 
-    mbedtls_hmac_drbg_set_entropy_len( &ctx, 13 );
+    TEST_ASSERT( mbedtls_hmac_drbg_set_entropy_len( &ctx, 13 ) == 0 );
     last_len = entropy.len;
     TEST_ASSERT( mbedtls_hmac_drbg_random( &ctx, out, sizeof( out ) ) == 0 );
     TEST_ASSERT( (int) last_len - entropy.len == 13 );