diff options
| author | Joakim Bech <joakim.bech@linaro.org> | 2015-01-21 09:46:03 +0100 |
|---|---|---|
| committer | Pascal Brand <pascal.brand@st.com> | 2015-02-12 03:23:18 +0100 |
| commit | db5f4ae461cebc9d1d119d53aaa7ccd8ff7088d0 (patch) | |
| tree | 81dff4f8c8663e9964d3ec1151690ddf854b0f43 /core | |
| parent | c84d070c6a123fa9f1dec3d23ec2c837b4ee3fca (diff) | |
Fix information leakage in key generator
When generating keys we are using the RNG available for the particular
platform in use. For some reason we always or'ed a bit in the last byte,
which means that we leak information. Leaking information like this is
considered as a security flaw and therefore we have removed the line
setting this bit.
Fix #178
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU)
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Diffstat (limited to 'core')
| -rw-r--r-- | core/tee/tee_svc_cryp.c | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/core/tee/tee_svc_cryp.c b/core/tee/tee_svc_cryp.c index 6ab14a4..0ca62be 100644 --- a/core/tee/tee_svc_cryp.c +++ b/core/tee/tee_svc_cryp.c @@ -1462,8 +1462,6 @@ TEE_Result tee_svc_obj_generate_key( if (res != TEE_SUCCESS) return res; - /* Force the last bit to have exactly a value on byte_size */ - ((char *)key)[sizeof(key->key_size) + byte_size - 1] |= 0x80; key->key_size = byte_size; /* Set bits for all known attributes for this object type */ |