diff options
-rw-r--r-- | board/cr50/dcrypto/dcrypto_p256.c | 1 | ||||
-rw-r--r-- | board/cr50/dcrypto/x509.c | 5 | ||||
-rw-r--r-- | board/cr50/tpm2/ecc.c | 5 |
3 files changed, 6 insertions, 5 deletions
diff --git a/board/cr50/dcrypto/dcrypto_p256.c b/board/cr50/dcrypto/dcrypto_p256.c index c03145938b..e13e9b51bb 100644 --- a/board/cr50/dcrypto/dcrypto_p256.c +++ b/board/cr50/dcrypto/dcrypto_p256.c @@ -150,7 +150,6 @@ int dcrypto_p256_ecdsa_sign(struct drbg_ctx *drbg, const p256_int *key, /* Pick uniform 0 < k < R */ result |= (p256_hmac_drbg_generate(drbg, &k) != HMAC_DRBG_SUCCESS); - drbg_exit(drbg); CP8WB(k, &k, &rnd); diff --git a/board/cr50/dcrypto/x509.c b/board/cr50/dcrypto/x509.c index 3850100443..9005325a3e 100644 --- a/board/cr50/dcrypto/x509.c +++ b/board/cr50/dcrypto/x509.c @@ -428,6 +428,7 @@ int DCRYPTO_x509_gen_u2f_cert_name(const p256_int *d, const p256_int *pk_x, struct sha256_ctx sha; p256_int h, r, s; struct drbg_ctx drbg; + int result; SEQ_START(ctx, V_SEQ, SEQ_LARGE) { /* outer seq */ /* @@ -517,7 +518,9 @@ int DCRYPTO_x509_gen_u2f_cert_name(const p256_int *d, const p256_int *pk_x, SHA256_update(&sha, body, (ctx.p + ctx.n) - body); p256_from_bin(SHA256_final(&sha)->b8, &h); hmac_drbg_init_rfc6979(&drbg, d, &h); - if (!dcrypto_p256_ecdsa_sign(&drbg, d, &h, &r, &s)) + result = dcrypto_p256_ecdsa_sign(&drbg, d, &h, &r, &s); + drbg_exit(&drbg); + if (!result) return 0; /* Append X509 signature */ diff --git a/board/cr50/tpm2/ecc.c b/board/cr50/tpm2/ecc.c index 39d5dcf607..90a6dac08b 100644 --- a/board/cr50/tpm2/ecc.c +++ b/board/cr50/tpm2/ecc.c @@ -9,6 +9,7 @@ #include "CryptoEngine.h" #include "TPMB.h" +#include "fips_rand.h" #include "trng.h" #include "util.h" #include "dcrypto.h" @@ -264,7 +265,6 @@ CRYPT_RESULT _cpri__SignEcc( const size_t digest_len = MIN(digest->size, sizeof(digest_local)); p256_int p256_digest; int result; - struct drbg_ctx drbg; if (curve_id != TPM_ECC_NIST_P256) return CRYPT_PARAMETER; @@ -284,8 +284,7 @@ CRYPT_RESULT _cpri__SignEcc( reverse_tpm2b(&d->b); append_zeros_to_p256_param(d); - hmac_drbg_init_rand(&drbg, 512); - result = dcrypto_p256_ecdsa_sign(&drbg, + result = fips_p256_ecdsa_sign( (p256_int *) d->b.buffer, &p256_digest, (p256_int *) r->b.buffer, |