Skip to content

Commit e48c1eb

Browse files
committed
zero entropy buffer in sata_get_random_base64
F/2595
1 parent 25668dd commit e48c1eb

1 file changed

Lines changed: 8 additions & 4 deletions

File tree

src/x86/ahci.c

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -257,15 +257,15 @@ static int sata_get_random_base64(uint8_t *out, int *out_size)
257257
{
258258
uint8_t rand[ATA_SECRET_RANDOM_BYTES];
259259
word32 base_64_len;
260-
int ret;
260+
int ret = -1;
261261

262262
ret = wolfBoot_get_random(rand, ATA_SECRET_RANDOM_BYTES);
263263
if (ret != 0)
264-
return ret;
264+
goto cleanup;
265265
base_64_len = *out_size;
266266
ret = Base64_Encode_NoNl(rand, ATA_SECRET_RANDOM_BYTES, out, &base_64_len);
267267
if (ret != 0)
268-
return ret;
268+
goto cleanup;
269269

270270
/* double check we have a NULL-terminated string */
271271
if ((int)base_64_len < *out_size) {
@@ -275,7 +275,11 @@ static int sata_get_random_base64(uint8_t *out, int *out_size)
275275
out[base_64_len-1] = '\0';
276276
}
277277
*out_size = (int)base_64_len;
278-
return 0;
278+
ret = 0;
279+
280+
cleanup:
281+
TPM2_ForceZero(rand, sizeof(rand));
282+
return ret;
279283
}
280284

281285
static int sata_create_and_seal_unlock_secret(const uint8_t *pubkey_hint,

0 commit comments

Comments
 (0)