diff options
author | nagendra modadugu <ngm@google.com> | 2017-01-18 11:55:28 -0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2017-01-18 19:18:59 -0800 |
commit | eeb0ea9a6ec3b9fa8a1f8eefaf551a5b0f6ed231 (patch) | |
tree | 5ab340a1f42a172fdd22b4655152889af04f9083 | |
parent | 383fea37f6b0240c876cc9a09ff93e405f4632a6 (diff) | |
download | chrome-ec-eeb0ea9a6ec3b9fa8a1f8eefaf551a5b0f6ed231.tar.gz |
g: remove superfluous DCRYPTO_SHA256_init in HMAC implementation
DCRYPTO_HMAC_SHA256_init makes two calls to DCRYPTO_SHA256_init()
without an intervening HASH_final() call. This is incorrect usage
of the the hashing API, and results in the hardware SHA engine
getting locked for the life-time of the process (and resulting
in all future hash calls falling back to the software implementation).
This bug manifested itself when introducing NVRAM encryption, which
requires the hardware SHA engine to be available for key generation.
BRANCH=none
BUG=chrome-os-partner:55331
TEST=TCG tests pass
Change-Id: Ia4ccb6a6d64636c4618ef775291442975f3f1f92
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/430154
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
-rw-r--r-- | chip/g/dcrypto/hmac.c | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/chip/g/dcrypto/hmac.c b/chip/g/dcrypto/hmac.c index 1c34ddfd96..1ba2833a41 100644 --- a/chip/g/dcrypto/hmac.c +++ b/chip/g/dcrypto/hmac.c @@ -40,7 +40,6 @@ static void HMAC_init(LITE_HMAC_CTX *ctx, const void *key, unsigned int len) void DCRYPTO_HMAC_SHA256_init(LITE_HMAC_CTX *ctx, const void *key, unsigned int len) { - DCRYPTO_SHA256_init(&ctx->hash, 0); HMAC_init(ctx, key, len); } |