diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-08-31 15:43:57 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-09-01 00:46:03 +0000 |
| commit | 9167dcfd19191d5477c4f1b4dbe5cef5e8a5528c (patch) | |
| tree | 9242dbae6dee148b329c450a8912ebd055ce34ed | |
| parent | 50e3ce90b2f81075ed2e22a73ade0ed5cee35471 (diff) | |
| download | chrome-ec-9167dcfd19191d5477c4f1b4dbe5cef5e8a5528c.tar.gz | |
cr50: fix initialization check for FIPS DRBG
During unit testing discovered an issue with test order specific bug
which resulted in incorrect system-level DRBG initialization. It was
revealed after several independent CLs landed.
This fix corrects this issue.
BUG=b:138577416
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I1222bc72d5560a4984a78abf53d5e3b2178d0977
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3133626
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
| -rw-r--r-- | board/cr50/fips_rand.c | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/board/cr50/fips_rand.c b/board/cr50/fips_rand.c index f6f66903d8..2b3eae1b65 100644 --- a/board/cr50/fips_rand.c +++ b/board/cr50/fips_rand.c @@ -241,7 +241,7 @@ bool fips_drbg_init(void) uint32_t random; if (!fips_crypto_allowed()) - return EC_ERROR_INVALID_CONFIG; + return false; /** * initialize DRBG with 440 bits of entropy as required @@ -329,13 +329,9 @@ int fips_p256_ecdsa_sign(const p256_int *key, const p256_int *message, { if (!fips_crypto_allowed()) return 0; - if (!rand_state.drbg_initialized) { - int err; + if (!rand_state.drbg_initialized && !fips_drbg_init()) + return false; - err = fips_drbg_init(); - if (err) - return 0; - } return dcrypto_p256_ecdsa_sign(&fips_drbg, key, message, r, s); } |