ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Remove usage of Mbed TLS internal function from DeviceKey. 

DeviceKey was using mbedtls_ssl_safer_memcmp() to compare result against
buffer of equal length, but zero content. This comparison makes no sense
as the entropy function is already returning proper error, if it fails.
pull/11797/head
Seppo Takalo 2019-11-01 16:51:41 +02:00
parent 4ab3c8bb48
commit f0790cd7b2
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
features/device_key/source/DeviceKey.cpp
View File

@ -270,14 +270,12 @@ int DeviceKey::generate_key_by_random(uint32_t *output, size_t size)
}
#if defined(DEVICE_TRNG) || defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
uint32_t test_buff[DEVICE_KEY_32BYTE / sizeof(int)];
mbedtls_entropy_context *entropy = new mbedtls_entropy_context;
mbedtls_entropy_init(entropy);
memset(output, 0, size);
memset(test_buff, 0, size);
ret = mbedtls_entropy_func(entropy, (unsigned char *)output, size);
if (ret != MBED_SUCCESS || mbedtls_ssl_safer_memcmp(test_buff, (unsigned char *)output, size) == 0) {
if (ret != MBED_SUCCESS) {
ret = DEVICEKEY_GENERATE_RANDOM_ERROR;
} else {
ret = DEVICEKEY_SUCCESS;