Fix double check in entropy_gather_internal The double check was wrong way, glitching either check could have compromised the flow there.

commit: f5b6af01d33996d0b381a8f64f346451697f5bec [log] [tgz]
author: Jarno Lamsa <jarno.lamsa@arm.com> Thu Dec 19 14:46:40 2019 +0200
committer: Jarno Lamsa <jarno.lamsa@arm.com> Thu Dec 19 17:07:29 2019 +0200
tree: 12028c83c3b494a6962c2778ed986730b9d8e3be
parent: afff4d0679bbf2ffaad3bc35e0e7a0798ccc1908 [diff] [blame]
diff --git a/library/entropy.c b/library/entropy.c
index 78ea6d4..d1bde6a 100644
--- a/library/entropy.c
+++ b/library/entropy.c

@@ -43,9 +43,7 @@
 #include <stdio.h>
 #endif
 
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
 #include "mbedtls/platform.h"
-#endif
 
 #if defined(MBEDTLS_SELF_TEST)
 #if defined(MBEDTLS_PLATFORM_C)
@@ -274,12 +272,14 @@
     {
         volatile int strong_fi = ctx->source[i].strong;
         if( strong_fi == MBEDTLS_ENTROPY_SOURCE_STRONG )
-            have_one_strong_fi = 1;
+        {
+            mbedtls_platform_enforce_volatile_reads();
 
-        mbedtls_platform_enforce_volatile_reads();
-
-        if( strong_fi == MBEDTLS_ENTROPY_SOURCE_STRONG )
-            have_one_strong_fi = 1;
+            if( strong_fi == MBEDTLS_ENTROPY_SOURCE_STRONG )
+                have_one_strong_fi = 1;
+            else
+                return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+        }
 
         olen = 0;
         if( ( ret = ctx->source[i].f_source( ctx->source[i].p_source,
@@ -310,6 +310,10 @@
         {
             return( ret );
         }
+        else
+        {
+            return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+        }
     }
 
     return( MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE );
commit	f5b6af01d33996d0b381a8f64f346451697f5bec	[log] [tgz]
author	Jarno Lamsa <jarno.lamsa@arm.com>	Thu Dec 19 14:46:40 2019 +0200
committer	Jarno Lamsa <jarno.lamsa@arm.com>	Thu Dec 19 17:07:29 2019 +0200
tree	12028c83c3b494a6962c2778ed986730b9d8e3be
parent	afff4d0679bbf2ffaad3bc35e0e7a0798ccc1908 [diff] [blame]