bootutil: Fix AES and SHA-256 contexts not zeroized with mbedTLS

taltenbach · rlubos · commit 8eb23f8254b1 · 2024-10-22T14:50:14.000+02:00
For some reason, the calls to mbedtls_aes_free, mbedtls_nist_kw_free and
mbedtls_sha256_free_drop were commented out which means the AES and
SHA-256 contexts were not properly de-initialized after usage when
mbedTLS is used. In the case of AES-KW it seems that might lead to a
memory leak depending on the mbedTLS configuration, but in any case and
independently of the mbedTLS configuration, this leads to the contexts
not be zeroized after usage.

Not zeroizing a context means it stays in RAM an undefined amount of
time, which might enable an attacker to access it and to dump the
sensitive data it contains.

Signed-off-by: Thomas Altenbach &lt;thomas.altenbach@legrand.com&gt;
diff --git a/boot/bootutil/include/bootutil/crypto/aes_ctr.h b/boot/bootutil/include/bootutil/crypto/aes_ctr.h
@@ -87,9 +87,7 @@ static inline void bootutil_aes_ctr_init(bootutil_aes_ctr_context *ctx)
 
 static inline void bootutil_aes_ctr_drop(bootutil_aes_ctr_context *ctx)
 {
-    /* XXX: config defines MBEDTLS_PLATFORM_NO_STD_FUNCTIONS so no need to free */
-    /* (void)mbedtls_aes_free(ctx); */
-    (void)ctx;
+    mbedtls_aes_free(ctx);
 }
 
 static inline int bootutil_aes_ctr_set_key(bootutil_aes_ctr_context *ctx, const uint8_t *k)
diff --git a/boot/bootutil/include/bootutil/crypto/aes_kw.h b/boot/bootutil/include/bootutil/crypto/aes_kw.h
@@ -45,9 +45,7 @@ static inline void bootutil_aes_kw_init(bootutil_aes_kw_context *ctx)
 
 static inline void bootutil_aes_kw_drop(bootutil_aes_kw_context *ctx)
 {
-    /* XXX: config defines MBEDTLS_PLATFORM_NO_STD_FUNCTIONS so no need to free */
-    /* (void)mbedtls_aes_free(ctx); */
-    (void)ctx;
+    mbedtls_nist_kw_free(ctx);
 }
 
 static inline int bootutil_aes_kw_set_unwrap_key(bootutil_aes_kw_context *ctx, const uint8_t *k, uint32_t klen)
diff --git a/boot/bootutil/include/bootutil/crypto/sha.h b/boot/bootutil/include/bootutil/crypto/sha.h
@@ -134,9 +134,7 @@ static inline int bootutil_sha_init(bootutil_sha_context *ctx)
 
 static inline int bootutil_sha_drop(bootutil_sha_context *ctx)
 {
-    /* XXX: config defines MBEDTLS_PLATFORM_NO_STD_FUNCTIONS so no need to free */
-    /* (void)mbedtls_sha256_free(ctx); */
-    (void)ctx;
+    mbedtls_sha256_free(ctx);
     return 0;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -87,9 +87,7 @@ static inline void bootutil_aes_ctr_init(bootutil_aes_ctr_context *ctx)`
`87`	`87`
`88`	`88`	`static inline void bootutil_aes_ctr_drop(bootutil_aes_ctr_context *ctx)`
`89`	`89`	`{`
`90`		`- /* XXX: config defines MBEDTLS_PLATFORM_NO_STD_FUNCTIONS so no need to free */`
`91`		`- /* (void)mbedtls_aes_free(ctx); */`
`92`		`- (void)ctx;`
	`90`	`+ mbedtls_aes_free(ctx);`
`93`	`91`	`}`
`94`	`92`
`95`	`93`	`static inline int bootutil_aes_ctr_set_key(bootutil_aes_ctr_context ctx, const uint8_t k)`
Original file line number	Diff line number	Diff line change
`@@ -45,9 +45,7 @@ static inline void bootutil_aes_kw_init(bootutil_aes_kw_context *ctx)`
`45`	`45`
`46`	`46`	`static inline void bootutil_aes_kw_drop(bootutil_aes_kw_context *ctx)`
`47`	`47`	`{`
`48`		`- /* XXX: config defines MBEDTLS_PLATFORM_NO_STD_FUNCTIONS so no need to free */`
`49`		`- /* (void)mbedtls_aes_free(ctx); */`
`50`		`- (void)ctx;`
	`48`	`+ mbedtls_nist_kw_free(ctx);`
`51`	`49`	`}`
`52`	`50`
`53`	`51`	`static inline int bootutil_aes_kw_set_unwrap_key(bootutil_aes_kw_context ctx, const uint8_t k, uint32_t klen)`
Original file line number	Diff line number	Diff line change
`@@ -134,9 +134,7 @@ static inline int bootutil_sha_init(bootutil_sha_context *ctx)`
`134`	`134`
`135`	`135`	`static inline int bootutil_sha_drop(bootutil_sha_context *ctx)`
`136`	`136`	`{`
`137`		`- /* XXX: config defines MBEDTLS_PLATFORM_NO_STD_FUNCTIONS so no need to free */`
`138`		`- /* (void)mbedtls_sha256_free(ctx); */`
`139`		`- (void)ctx;`
	`137`	`+ mbedtls_sha256_free(ctx);`
`140`	`138`	`return 0;`
`141`	`139`	`}`
`142`	`140`