diff options
Diffstat (limited to 'common/ccd_config.c')
-rw-r--r-- | common/ccd_config.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/common/ccd_config.c b/common/ccd_config.c index b3b12e12a7..d009acfd92 100644 --- a/common/ccd_config.c +++ b/common/ccd_config.c @@ -20,7 +20,6 @@ #include "timer.h" #include "tpm_registers.h" #include "tpm_vendor_cmds.h" -#include "trng.h" #include "wp.h" #define CPRINTS(format, args...) cprints(CC_CCD, format, ## args) @@ -310,11 +309,14 @@ static void raw_reset_password(void) * Set the password. * * @param password New password; must be non-empty + * @return EC_SUCCESS if successful */ -static void raw_set_password(const char *password) +static int raw_set_password(const char *password) { /* Get a new salt */ - rand_bytes(config.password_salt, sizeof(config.password_salt)); + if (!fips_rand_bytes(config.password_salt, + sizeof(config.password_salt))) + return EC_ERROR_HW_INTERNAL; /* Update the password digest */ ccd_password_digest(config.password_digest, password); @@ -322,6 +324,8 @@ static void raw_set_password(const char *password) /* Track whether we were opened when we set the password */ raw_set_flag(CCD_FLAG_PASSWORD_SET_WHEN_UNLOCKED, ccd_state == CCD_STATE_UNLOCKED); + + return EC_SUCCESS; } /******************************************************************************/ @@ -540,10 +544,15 @@ static int ccd_reset_password(void) */ static int ccd_set_password(const char *password) { + int result; + mutex_lock(&ccd_config_mutex); - raw_set_password(password); + result = raw_set_password(password); mutex_unlock(&ccd_config_mutex); + if (!result) + return result; + return ccd_save_config(); } |