Fix an incorrect error code if RSA private operation glitched mbedtls_rsa_private() could return the sum of two RSA error codes instead of a valid error code in some rare circumstances: * If rsa_prepare_blinding() returned MBEDTLS_ERR_RSA_RNG_FAILED (indicating a misbehaving or misconfigured RNG). * If the comparison with the public value failed (typically indicating a glitch attack). Make sure not to add two high-level error codes. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: ae3741e8a440cbfa974a98cb443b26e6ba15f21d [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Wed Nov 25 00:10:31 2020 +0100
committer: Gilles Peskine <Gilles.Peskine@arm.com> Wed Jan 06 18:22:40 2021 +0100
tree: d6000038e324d02c5cc95de387160f34bae01c1f
parent: 40d8160c8edf1c0042be5944149a4144cb38eed9 [diff] [blame]
diff --git a/library/rsa.c b/library/rsa.c
index d6abd65..9fe551d 100644
--- a/library/rsa.c
+++ b/library/rsa.c

@@ -1076,10 +1076,10 @@
     mbedtls_mpi_free( &C );
     mbedtls_mpi_free( &I );
 
-    if( ret != 0 )
+    if( ret != 0 && ret >= -0x007f )
         return( MBEDTLS_ERR_RSA_PRIVATE_FAILED + ret );
 
-    return( 0 );
+    return( ret );
 }
 
 #if defined(MBEDTLS_PKCS1_V21)
commit	ae3741e8a440cbfa974a98cb443b26e6ba15f21d	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Wed Nov 25 00:10:31 2020 +0100
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Wed Jan 06 18:22:40 2021 +0100
tree	d6000038e324d02c5cc95de387160f34bae01c1f
parent	40d8160c8edf1c0042be5944149a4144cb38eed9 [diff] [blame]