espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-07-31 03:07:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

secure boot: Fix incorrect handling of mbedtls_ctr_drbg_seed() failure in signature verification

Browse Source 
Increase the test app optimization level to one that would find this issue.
This commit is contained in:
Angus Gratton
2021-07-08 19:07:42 +10:00
committed by Mahavir Jain
parent 8807d8a5d8
commit 07465563c5
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_app.c
View File

@ -195,7 +195,7 @@ esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signa
ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0); ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0);
if (ret != 0) { if (ret != 0) {
ESP_LOGE(TAG, "mbedtls_ctr_drbg_seed returned -0x%04x\n", ret); ESP_LOGE(TAG, "mbedtls_ctr_drbg_seed returned -0x%04x\n", ret);
goto exit; goto exit_outer;
} }
#ifdef CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT #ifdef CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
@ -247,19 +247,19 @@ esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signa
ret = mbedtls_rsa_import(&pk, &N, NULL, NULL, NULL, &e); ret = mbedtls_rsa_import(&pk, &N, NULL, NULL, NULL, &e);
if (ret != 0) { if (ret != 0) {
ESP_LOGE(TAG, "Failed mbedtls_rsa_import, err: %d", ret); ESP_LOGE(TAG, "Failed mbedtls_rsa_import, err: %d", ret);
goto exit; goto exit_inner;
} }
ret = mbedtls_rsa_complete(&pk); ret = mbedtls_rsa_complete(&pk);
if (ret != 0) { if (ret != 0) {
ESP_LOGE(TAG, "Failed mbedtls_rsa_complete, err: %d", ret); ESP_LOGE(TAG, "Failed mbedtls_rsa_complete, err: %d", ret);
goto exit; goto exit_inner;
} }
ret = mbedtls_rsa_check_pubkey(&pk); ret = mbedtls_rsa_check_pubkey(&pk);
if (ret != 0) { if (ret != 0) {
ESP_LOGI(TAG, "Key is not an RSA key -%0x", -ret); ESP_LOGI(TAG, "Key is not an RSA key -%0x", -ret);
goto exit; goto exit_inner;
} }
/* Signature needs to be byte swapped into BE representation */ /* Signature needs to be byte swapped into BE representation */
@ -270,7 +270,7 @@ esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signa
ret = mbedtls_rsa_public( &pk, sig_be, buf); ret = mbedtls_rsa_public( &pk, sig_be, buf);
if (ret != 0) { if (ret != 0) {
ESP_LOGE(TAG, "mbedtls_rsa_public failed, err: %d", ret); ESP_LOGE(TAG, "mbedtls_rsa_public failed, err: %d", ret);
goto exit; goto exit_inner;
} }
ret = mbedtls_rsa_rsassa_pss_verify( &pk, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, ESP_SECURE_BOOT_DIGEST_LEN, ret = mbedtls_rsa_rsassa_pss_verify( &pk, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, ESP_SECURE_BOOT_DIGEST_LEN,
@ -280,13 +280,14 @@ esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signa
} else { } else {
ESP_LOGI(TAG, "Signature verified successfully!"); ESP_LOGI(TAG, "Signature verified successfully!");
} }
exit: exit_inner:
mbedtls_rsa_free(&pk); mbedtls_rsa_free(&pk);
if (ret == 0) { if (ret == 0) {
break; break;
} }
} }
exit_outer:
free(sig_be); free(sig_be);
free(buf); free(buf);
return (ret != 0 || any_trusted_key == false) ? ESP_ERR_IMAGE_INVALID: ESP_OK; return (ret != 0 || any_trusted_key == false) ? ESP_ERR_IMAGE_INVALID: ESP_OK;