ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Adding a test if device key buffer has changed after calling to entropy func. this should enable as to eliminate some rare cases when the trng fail but still return success.

pull/9302/head
Yossi Levy 2019-01-09 11:33:39 +02:00
parent 7addb8032f
commit 2adf5db881
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
features/device_key/source/DeviceKey.cpp
View File

@ -30,6 +30,7 @@
#include "entropy.h"
#include "platform_mbed.h"
#include "mbed_trace.h"
#include "ssl_internal.h"
#define TRACE_GROUP "DEVKEY"
@ -260,12 +261,14 @@ int DeviceKey::generate_key_by_random(uint32_t *output, size_t size)
}
#if DEVICE_TRNG
uint32_t test_buff[DEVICE_KEY_32BYTE / sizeof(int)];
mbedtls_entropy_context *entropy = new mbedtls_entropy_context;
mbedtls_entropy_init(entropy);
memset(output, 0, size);
memset(test_buff, 0, size);
ret = mbedtls_entropy_func(entropy, (unsigned char *)output, size);
if (ret != MBED_SUCCESS) {
if (ret != MBED_SUCCESS || mbedtls_ssl_safer_memcmp(test_buff, (unsigned char *)output, size) == 0) {
ret = DEVICEKEY_GENERATE_RANDOM_ERROR;
} else {
ret = DEVICEKEY_SUCCESS;