diff --git a/ChangeLog b/ChangeLog
index b296b814..8b8602f2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,10 @@ Security
      timings on the comparison in the key generation enabled the attacker to
      learn leading bits of the ephemeral key used during ECDSA signatures and to
      recover the private key. Reported by Jeremy Dubeuf.
+   * Catch failure of AES functions in mbedtls_ctr_drbg_random(). Uncaught
+     failures could happen with alternative implementations of AES. Bug
+     reported and fix proposed by Johan Uppman Bruce and Christoffer Lauri,
+     Sectra.
 
 Bugfix
    * Remove redundant line for getting the bitlen of a bignum, since the variable
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index fb121575..820bf46a 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -517,7 +517,7 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
 exit:
     mbedtls_platform_zeroize( add_input, sizeof( add_input ) );
     mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
-    return( 0 );
+    return( ret );
 }
 
 int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output, size_t output_len )