TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / a7559cb7bab36b1da981f13073f1bcdc311f3407^! / . / library / entropy.c
commita7559cb7bab36b1da981f13073f1bcdc311f3407[log] [tgz]
authorAndres Amaya Garcia <andres.amayagarcia@arm.com>Thu Jun 29 16:12:31 2017 +0100
committerAndres Amaya Garcia <andres.amayagarcia@arm.com>Thu Jun 29 16:27:15 2017 +0100
treee85b12df8591974071c1d854d6b624c538642713
parent207cea57f984fa90e3ad2f6982cd18278b9db320 [diff] [blame]
Fix entropy module to work with hw accelerator

This patch modifies the entropy.c module to ensure that the sha256 and
sha512 contexts are correctly initialised and freed instead of skipping
these calls or simply zeroizing with memset() or mbedtls_zeroize().
This is important as the sha contexts might otherwise leak memory or
other resources, and even more so in the context of hardware
accelerators where the configuration of the device might be done in the
init and free calls.

diff --git a/library/entropy.c b/library/entropy.c
index 72e0773..06dec99 100644
--- a/library/entropy.c
+++ b/library/entropy.c

@@ -68,15 +68,18 @@
 
 void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
 {
-    memset( ctx, 0, sizeof(mbedtls_entropy_context) );
+    ctx->source_count = 0;
+    memset( ctx->source, 0, sizeof( ctx->source ) );
 
 #if defined(MBEDTLS_THREADING_C)
     mbedtls_mutex_init( &ctx->mutex );
 #endif
 
 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
+    mbedtls_sha512_init( &ctx->accumulator );
     mbedtls_sha512_starts_ext( &ctx->accumulator, 0 );
 #else
+    mbedtls_sha256_init( &ctx->accumulator );
     mbedtls_sha256_starts_ext( &ctx->accumulator, 0 );
 #endif
 #if defined(MBEDTLS_HAVEGE_C)
@@ -113,6 +116,7 @@
     mbedtls_entropy_add_source( ctx, mbedtls_nv_seed_poll, NULL,
                                 MBEDTLS_ENTROPY_BLOCK_SIZE,
                                 MBEDTLS_ENTROPY_SOURCE_STRONG );
+    ctx->initial_entropy_run = 0;
 #endif
 #endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */
 }
@@ -125,7 +129,16 @@
 #if defined(MBEDTLS_THREADING_C)
     mbedtls_mutex_free( &ctx->mutex );
 #endif
-    mbedtls_zeroize( ctx, sizeof( mbedtls_entropy_context ) );
+#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
+    mbedtls_sha512_free( &ctx->accumulator );
+#else
+    mbedtls_sha256_free( &ctx->accumulator );
+#endif
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+    ctx->initial_entropy_run = 0;
+#endif
+    ctx->source_count = 0;
+    mbedtls_zeroize( ctx->source, sizeof( ctx->source ) );
 }
 
 int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
@@ -342,7 +355,8 @@
     /*
      * Reset accumulator and counters and recycle existing entropy
      */
-    memset( &ctx->accumulator, 0, sizeof( mbedtls_sha512_context ) );
+    mbedtls_sha512_free( &ctx->accumulator );
+    mbedtls_sha512_init( &ctx->accumulator );
     if( ( ret = mbedtls_sha512_starts_ext( &ctx->accumulator, 0 ) ) != 0 )
         goto exit;
     if( ( ret = mbedtls_sha512_update_ext( &ctx->accumulator, buf,
@@ -362,7 +376,8 @@
     /*
      * Reset accumulator and counters and recycle existing entropy
      */
-    memset( &ctx->accumulator, 0, sizeof( mbedtls_sha256_context ) );
+    mbedtls_sha256_free( &ctx->accumulator );
+    mbedtls_sha256_init( &ctx->accumulator );
     if( ( ret = mbedtls_sha256_starts_ext( &ctx->accumulator, 0 ) ) != 0 )
         goto exit;
     if( ( ret = mbedtls_sha256_update_ext( &ctx->accumulator, buf,