bootutil: Fix AES and SHA-256 contexts not zeroized with mbedTLS

taltenbach · nordicjm · commit 5d5f04923f2d · 2024-09-12T14:09:32.000+01:00
For some reason, the calls to mbedtls_aes_free, mbedtls_nist_kw_free and
mbedtls_sha256_free_drop were commented out which means the AES and
SHA-256 contexts were not properly de-initialized after usage when
mbedTLS is used. In the case of AES-KW it seems that might lead to a
memory leak depending on the mbedTLS configuration, but in any case and
independently of the mbedTLS configuration, this leads to the contexts
not be zeroized after usage.

Not zeroizing a context means it stays in RAM an undefined amount of
time, which might enable an attacker to access it and to dump the
sensitive data it contains.

Signed-off-by: Thomas Altenbach &lt;thomas.altenbach@legrand.com&gt;
diff --git a/boot/bootutil/include/bootutil/crypto/aes_ctr.h b/boot/bootutil/include/bootutil/crypto/aes_ctr.h
@@ -53,9 +53,7 @@ static inline void bootutil_aes_ctr_init(bootutil_aes_ctr_context *ctx)
 
 static inline void bootutil_aes_ctr_drop(bootutil_aes_ctr_context *ctx)
 {
-    /* XXX: config defines MBEDTLS_PLATFORM_NO_STD_FUNCTIONS so no need to free */
-    /* (void)mbedtls_aes_free(ctx); */
-    (void)ctx;
+    mbedtls_aes_free(ctx);
 }
 
 static inline int bootutil_aes_ctr_set_key(bootutil_aes_ctr_context *ctx, const uint8_t *k)
diff --git a/boot/bootutil/include/bootutil/crypto/aes_kw.h b/boot/bootutil/include/bootutil/crypto/aes_kw.h
@@ -45,9 +45,7 @@ static inline void bootutil_aes_kw_init(bootutil_aes_kw_context *ctx)
 
 static inline void bootutil_aes_kw_drop(bootutil_aes_kw_context *ctx)
 {
-    /* XXX: config defines MBEDTLS_PLATFORM_NO_STD_FUNCTIONS so no need to free */
-    /* (void)mbedtls_aes_free(ctx); */
-    (void)ctx;
+    mbedtls_nist_kw_free(ctx);
 }
 
 static inline int bootutil_aes_kw_set_unwrap_key(bootutil_aes_kw_context *ctx, const uint8_t *k, uint32_t klen)
diff --git a/boot/bootutil/include/bootutil/crypto/sha.h b/boot/bootutil/include/bootutil/crypto/sha.h
@@ -126,9 +126,7 @@ static inline int bootutil_sha_init(bootutil_sha_context *ctx)
 
 static inline int bootutil_sha_drop(bootutil_sha_context *ctx)
 {
-    /* XXX: config defines MBEDTLS_PLATFORM_NO_STD_FUNCTIONS so no need to free */
-    /* (void)mbedtls_sha256_free(ctx); */
-    (void)ctx;
+    mbedtls_sha256_free(ctx);
     return 0;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -53,9 +53,7 @@ static inline void bootutil_aes_ctr_init(bootutil_aes_ctr_context *ctx)`
`53`	`53`
`54`	`54`	`static inline void bootutil_aes_ctr_drop(bootutil_aes_ctr_context *ctx)`
`55`	`55`	`{`
`56`		`- /* XXX: config defines MBEDTLS_PLATFORM_NO_STD_FUNCTIONS so no need to free */`
`57`		`- /* (void)mbedtls_aes_free(ctx); */`
`58`		`- (void)ctx;`
	`56`	`+ mbedtls_aes_free(ctx);`
`59`	`57`	`}`
`60`	`58`
`61`	`59`	`static inline int bootutil_aes_ctr_set_key(bootutil_aes_ctr_context ctx, const uint8_t k)`
Original file line number	Diff line number	Diff line change
`@@ -45,9 +45,7 @@ static inline void bootutil_aes_kw_init(bootutil_aes_kw_context *ctx)`
`45`	`45`
`46`	`46`	`static inline void bootutil_aes_kw_drop(bootutil_aes_kw_context *ctx)`
`47`	`47`	`{`
`48`		`- /* XXX: config defines MBEDTLS_PLATFORM_NO_STD_FUNCTIONS so no need to free */`
`49`		`- /* (void)mbedtls_aes_free(ctx); */`
`50`		`- (void)ctx;`
	`48`	`+ mbedtls_nist_kw_free(ctx);`
`51`	`49`	`}`
`52`	`50`
`53`	`51`	`static inline int bootutil_aes_kw_set_unwrap_key(bootutil_aes_kw_context ctx, const uint8_t k, uint32_t klen)`
Original file line number	Diff line number	Diff line change
`@@ -126,9 +126,7 @@ static inline int bootutil_sha_init(bootutil_sha_context *ctx)`
`126`	`126`
`127`	`127`	`static inline int bootutil_sha_drop(bootutil_sha_context *ctx)`
`128`	`128`	`{`
`129`		`- /* XXX: config defines MBEDTLS_PLATFORM_NO_STD_FUNCTIONS so no need to free */`
`130`		`- /* (void)mbedtls_sha256_free(ctx); */`
`131`		`- (void)ctx;`
	`129`	`+ mbedtls_sha256_free(ctx);`
`132`	`130`	`return 0;`
`133`	`131`	`}`
`134`	`132`