From f1c0b12f5c856febf06d1ad6fa77492106886184 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 10 Mar 2022 00:13:13 +0100 Subject: [PATCH] Increasing random buffer and checks. Signed-off-by: Pol Henarejos --- src/hsm/sc_hsm.c | 5 ++++- src/rng/random.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/hsm/sc_hsm.c b/src/hsm/sc_hsm.c index 7db07d2..f6d0392 100644 --- a/src/hsm/sc_hsm.c +++ b/src/hsm/sc_hsm.c @@ -420,7 +420,10 @@ static int cmd_reset_retry() { } static int cmd_challenge() { - res_APDU = (uint8_t *)random_bytes_get(apdu.expected_res_size); + uint8_t *rb = (uint8_t *)random_bytes_get(apdu.expected_res_size); + if (!rb) + return SW_WRONG_LENGTH(); + res_APDU = rb; res_APDU_size = apdu.expected_res_size; return SW_OK(); } diff --git a/src/rng/random.c b/src/rng/random.c index 3a65673..34c5e00 100644 --- a/src/rng/random.c +++ b/src/rng/random.c @@ -49,9 +49,12 @@ void random_fini (void) * Return pointer to random 32-byte */ void random_bytes_free (const uint8_t *p); +#define MAX_RANDOM_BUFFER 1024 const uint8_t * random_bytes_get (size_t len) { - static uint32_t return_word[512/sizeof(uint32_t)]; + if (len > MAX_RANDOM_BUFFER) + return NULL; + static uint32_t return_word[MAX_RANDOM_BUFFER/sizeof(uint32_t)]; for (int ix = 0; ix < len; ix += RANDOM_BYTES_LENGTH) { neug_wait_full (); memcpy(return_word+ix/sizeof(uint32_t), random_word, RANDOM_BYTES_LENGTH);