/*
- * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* extensions field, such as an image hash or a public key.
*/
+#include <arch_helpers.h>
#include <assert.h>
#include <img_parser_mod.h>
#include <mbedtls_common.h>
static mbedtls_asn1_buf sig_alg;
static mbedtls_asn1_buf signature;
+/*
+ * Clear all static temporary variables.
+ */
+static void clear_temp_vars(void)
+{
+#define ZERO_AND_CLEAN(x) \
+ do { \
+ memset(&x, 0, sizeof(x)); \
+ clean_dcache_range((uintptr_t)&x, sizeof(x)); \
+ } while (0);
+
+ ZERO_AND_CLEAN(tbs)
+ ZERO_AND_CLEAN(v3_ext);
+ ZERO_AND_CLEAN(pk);
+ ZERO_AND_CLEAN(sig_alg);
+ ZERO_AND_CLEAN(signature);
+
+#undef ZERO_AND_CLEAN
+}
+
/*
* Get X509v3 extension
*
/*
* Check the integrity of the certificate ASN.1 structure.
+ *
* Extract the relevant data that will be used later during authentication.
+ *
+ * This function doesn't clear the static variables located on the top of this
+ * file in case of an error. It is only called from check_integrity(), which
+ * performs the cleanup if necessary.
*/
static int cert_parse(void *img, unsigned int img_len)
{
mbedtls_init();
}
+/*
+ * Wrapper for cert_parse() that clears the static variables used by it in case
+ * of an error.
+ */
static int check_integrity(void *img, unsigned int img_len)
{
- return cert_parse(img, img_len);
+ int rc = cert_parse(img, img_len);
+
+ if (rc != IMG_PARSER_OK)
+ clear_temp_vars();
+
+ return rc;
}
/*
projects / project / bcm63xx / atf.git / commitdiff