mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-10 23:15:40 +00:00
Automatically update NV seed on initial entropy run
Update the NV entropy seed before generating any entropy for outside use. The reason this is triggered here and not in mbedtls_entropy_init(), is that not all entropy sources mights have been added at that time.
This commit is contained in:
parent
9988d6bbd9
commit
d5c9f6d226
|
@ -3,7 +3,7 @@
|
||||||
*
|
*
|
||||||
* \brief Entropy accumulator implementation
|
* \brief Entropy accumulator implementation
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
* Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
|
||||||
* SPDX-License-Identifier: Apache-2.0
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
@ -208,6 +208,18 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len );
|
||||||
int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
|
int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
|
||||||
const unsigned char *data, size_t len );
|
const unsigned char *data, size_t len );
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||||
|
/**
|
||||||
|
* \brief Trigger an update of the seed file in NV by using the
|
||||||
|
* current entropy pool.
|
||||||
|
*
|
||||||
|
* \param ctx Entropy context
|
||||||
|
*
|
||||||
|
* \return 0 if successful
|
||||||
|
*/
|
||||||
|
int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx );
|
||||||
|
#endif /* MBEDTLS_ENTROPY_NV_SEED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_FS_IO)
|
#if defined(MBEDTLS_FS_IO)
|
||||||
/**
|
/**
|
||||||
* \brief Write a seed file
|
* \brief Write a seed file
|
||||||
|
|
|
@ -54,6 +54,10 @@ static void mbedtls_zeroize( void *v, size_t n ) {
|
||||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||||
|
static int initial_entropy_run = 0;
|
||||||
|
#endif
|
||||||
|
|
||||||
#define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */
|
#define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */
|
||||||
|
|
||||||
void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
|
void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
|
||||||
|
@ -282,6 +286,18 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
|
||||||
if( len > MBEDTLS_ENTROPY_BLOCK_SIZE )
|
if( len > MBEDTLS_ENTROPY_BLOCK_SIZE )
|
||||||
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
|
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||||
|
/* Update the NV entropy seed before generating any entropy for outside
|
||||||
|
* use.
|
||||||
|
*/
|
||||||
|
if( initial_entropy_run == 0 )
|
||||||
|
{
|
||||||
|
initial_entropy_run = 1;
|
||||||
|
if( ( ret = mbedtls_entropy_update_nv_seed( ctx ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_THREADING_C)
|
#if defined(MBEDTLS_THREADING_C)
|
||||||
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
|
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
@ -356,6 +372,27 @@ exit:
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_ENTROPY_NV_SEED)
|
||||||
|
int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx )
|
||||||
|
{
|
||||||
|
int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
|
||||||
|
unsigned char buf[ MBEDTLS_ENTROPY_MAX_SEED_SIZE ];
|
||||||
|
|
||||||
|
/* Read new seed and write it to NV */
|
||||||
|
if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
if( mbedtls_nv_seed_write( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 )
|
||||||
|
return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
|
||||||
|
|
||||||
|
/* Manually update the remaining stream with a separator value to diverge */
|
||||||
|
memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
||||||
|
mbedtls_entropy_update_manual( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_ENTROPY_NV_SEED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_FS_IO)
|
#if defined(MBEDTLS_FS_IO)
|
||||||
int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path )
|
int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path )
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue