Fix entropy module to work with hw accelerator

This patch modifies the entropy.c module to ensure that the sha256 and
sha512 contexts are correctly initialised and freed instead of skipping
these calls or simply zeroizing with memset() or mbedtls_zeroize().
This is important as the sha contexts might otherwise leak memory or
other resources, and even more so in the context of hardware
accelerators where the configuration of the device might be done in the
init and free calls.
This commit is contained in:
Andres Amaya Garcia 2017-06-29 16:12:31 +01:00
parent 207cea57f9
commit a7559cb7ba

View file

@ -68,15 +68,18 @@ static void mbedtls_zeroize( void *v, size_t n ) {
void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
{ {
memset( ctx, 0, sizeof(mbedtls_entropy_context) ); ctx->source_count = 0;
memset( ctx->source, 0, sizeof( ctx->source ) );
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_init( &ctx->mutex ); mbedtls_mutex_init( &ctx->mutex );
#endif #endif
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
mbedtls_sha512_init( &ctx->accumulator );
mbedtls_sha512_starts_ext( &ctx->accumulator, 0 ); mbedtls_sha512_starts_ext( &ctx->accumulator, 0 );
#else #else
mbedtls_sha256_init( &ctx->accumulator );
mbedtls_sha256_starts_ext( &ctx->accumulator, 0 ); mbedtls_sha256_starts_ext( &ctx->accumulator, 0 );
#endif #endif
#if defined(MBEDTLS_HAVEGE_C) #if defined(MBEDTLS_HAVEGE_C)
@ -113,6 +116,7 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
mbedtls_entropy_add_source( ctx, mbedtls_nv_seed_poll, NULL, mbedtls_entropy_add_source( ctx, mbedtls_nv_seed_poll, NULL,
MBEDTLS_ENTROPY_BLOCK_SIZE, MBEDTLS_ENTROPY_BLOCK_SIZE,
MBEDTLS_ENTROPY_SOURCE_STRONG ); MBEDTLS_ENTROPY_SOURCE_STRONG );
ctx->initial_entropy_run = 0;
#endif #endif
#endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */ #endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */
} }
@ -125,7 +129,16 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx )
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_free( &ctx->mutex ); mbedtls_mutex_free( &ctx->mutex );
#endif #endif
mbedtls_zeroize( ctx, sizeof( mbedtls_entropy_context ) ); #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
mbedtls_sha512_free( &ctx->accumulator );
#else
mbedtls_sha256_free( &ctx->accumulator );
#endif
#if defined(MBEDTLS_ENTROPY_NV_SEED)
ctx->initial_entropy_run = 0;
#endif
ctx->source_count = 0;
mbedtls_zeroize( ctx->source, sizeof( ctx->source ) );
} }
int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx, int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
@ -342,7 +355,8 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
/* /*
* Reset accumulator and counters and recycle existing entropy * Reset accumulator and counters and recycle existing entropy
*/ */
memset( &ctx->accumulator, 0, sizeof( mbedtls_sha512_context ) ); mbedtls_sha512_free( &ctx->accumulator );
mbedtls_sha512_init( &ctx->accumulator );
if( ( ret = mbedtls_sha512_starts_ext( &ctx->accumulator, 0 ) ) != 0 ) if( ( ret = mbedtls_sha512_starts_ext( &ctx->accumulator, 0 ) ) != 0 )
goto exit; goto exit;
if( ( ret = mbedtls_sha512_update_ext( &ctx->accumulator, buf, if( ( ret = mbedtls_sha512_update_ext( &ctx->accumulator, buf,
@ -362,7 +376,8 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
/* /*
* Reset accumulator and counters and recycle existing entropy * Reset accumulator and counters and recycle existing entropy
*/ */
memset( &ctx->accumulator, 0, sizeof( mbedtls_sha256_context ) ); mbedtls_sha256_free( &ctx->accumulator );
mbedtls_sha256_init( &ctx->accumulator );
if( ( ret = mbedtls_sha256_starts_ext( &ctx->accumulator, 0 ) ) != 0 ) if( ( ret = mbedtls_sha256_starts_ext( &ctx->accumulator, 0 ) ) != 0 )
goto exit; goto exit;
if( ( ret = mbedtls_sha256_update_ext( &ctx->accumulator, buf, if( ( ret = mbedtls_sha256_update_ext( &ctx->accumulator, buf,