diff options
| author | danh-arm <dan.handley@arm.com> | 2017-01-23 11:39:17 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-01-23 11:39:17 +0000 |
| commit | 23beccc9f75090309ff99544f963727d5fced2b1 (patch) | |
| tree | 06a0216fa222449eea25d23bfbf3d0746ca447d4 /drivers | |
| parent | f38d93fdbf82ebec321c70f7bc15fe12b7d57275 (diff) | |
| parent | 51c5e1a29fad07ad2758f44db868c1a4cdcd4e32 (diff) | |
Merge pull request #812 from antonio-nino-diaz-arm/an/clear-static-vars
Clear static variables in X509 parser on error
Diffstat (limited to 'drivers')
| -rw-r--r-- | drivers/auth/mbedtls/mbedtls_x509_parser.c | 39 |
1 files changed, 37 insertions, 2 deletions
diff --git a/drivers/auth/mbedtls/mbedtls_x509_parser.c b/drivers/auth/mbedtls/mbedtls_x509_parser.c index 1a6a9a75..73da9d1e 100644 --- a/drivers/auth/mbedtls/mbedtls_x509_parser.c +++ b/drivers/auth/mbedtls/mbedtls_x509_parser.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -36,6 +36,7 @@ * extensions field, such as an image hash or a public key. */ +#include <arch_helpers.h> #include <assert.h> #include <img_parser_mod.h> #include <mbedtls_common.h> @@ -64,6 +65,26 @@ static mbedtls_asn1_buf sig_alg; static mbedtls_asn1_buf signature; /* + * Clear all static temporary variables. + */ +static void clear_temp_vars(void) +{ +#define ZERO_AND_CLEAN(x) \ + do { \ + memset(&x, 0, sizeof(x)); \ + clean_dcache_range((uintptr_t)&x, sizeof(x)); \ + } while (0); + + ZERO_AND_CLEAN(tbs) + ZERO_AND_CLEAN(v3_ext); + ZERO_AND_CLEAN(pk); + ZERO_AND_CLEAN(sig_alg); + ZERO_AND_CLEAN(signature); + +#undef ZERO_AND_CLEAN +} + +/* * Get X509v3 extension * * Global variable 'v3_ext' must point to the extensions region @@ -134,7 +155,12 @@ static int get_ext(const char *oid, void **ext, unsigned int *ext_len) /* * Check the integrity of the certificate ASN.1 structure. + * * Extract the relevant data that will be used later during authentication. + * + * This function doesn't clear the static variables located on the top of this + * file in case of an error. It is only called from check_integrity(), which + * performs the cleanup if necessary. */ static int cert_parse(void *img, unsigned int img_len) { @@ -398,9 +424,18 @@ static void init(void) mbedtls_init(); } +/* + * Wrapper for cert_parse() that clears the static variables used by it in case + * of an error. + */ static int check_integrity(void *img, unsigned int img_len) { - return cert_parse(img, img_len); + int rc = cert_parse(img, img_len); + + if (rc != IMG_PARSER_OK) + clear_temp_vars(); + + return rc; } /* |