From f181eca3503e85a84171b60fa747f1f2b3cbf0c8 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 7 Aug 2019 13:49:00 +0200
Subject: [PATCH] Fix psa_generate_random for >1024 bytes

mbedtls_ctr_drbg_random can only return up to
MBEDTLS_CTR_DRBG_MAX_REQUEST (normally 1024) bytes at a time. So if
more than that is requested, call mbedtls_ctr_drbg_random in a loop.
---
 library/psa_crypto.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index c6bc7a267..b602f1961 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -5650,6 +5650,17 @@ psa_status_t psa_generate_random( uint8_t *output,
     int ret;
     GUARD_MODULE_INITIALIZED;
 
+    while( output_size > MBEDTLS_CTR_DRBG_MAX_REQUEST )
+    {
+        ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg,
+                                       output,
+                                       MBEDTLS_CTR_DRBG_MAX_REQUEST );
+        if( ret != 0 )
+            return( mbedtls_to_psa_error( ret ) );
+        output += MBEDTLS_CTR_DRBG_MAX_REQUEST;
+        output_size -= MBEDTLS_CTR_DRBG_MAX_REQUEST;
+    }
+
     ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg, output, output_size );
     return( mbedtls_to_psa_error( ret ) );
 }