commit 8e15153637a226f46b4301a706f6abdce1d7bb34
author Paul Elliott <paul.elliott@arm.com> Fri Feb 23 17:35:29 2024 +0000
committer Paul Elliott <paul.elliott@arm.com> Tue Mar 12 15:36:57 2024 +0000
tree 09bb0069632baa7b7a846188496338fb4a08ffde
parent 600472b4438601029e2f77c8336840306b2119db

Protect PSA global rng data with mutex.

Reads and writes of rng_state in psa_crypto_init() and psa_crypto_free()
were already covered by mutex.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 3019522..8f41641 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -7449,12 +7449,25 @@
     void (* entropy_init)(mbedtls_entropy_context *ctx),
     void (* entropy_free)(mbedtls_entropy_context *ctx))
 {
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_mutex_lock(&mbedtls_threading_psa_rngdata_mutex);
+#endif /* defined(MBEDTLS_THREADING_C) */
+
     if (global_data.rng_state != RNG_NOT_INITIALIZED) {
-        return PSA_ERROR_BAD_STATE;
+        status = PSA_ERROR_BAD_STATE;
+    } else {
+        global_data.rng.entropy_init = entropy_init;
+        global_data.rng.entropy_free = entropy_free;
+        status = PSA_SUCCESS;
     }
-    global_data.rng.entropy_init = entropy_init;
-    global_data.rng.entropy_free = entropy_free;
-    return PSA_SUCCESS;
+
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_mutex_unlock(&mbedtls_threading_psa_rngdata_mutex);
+#endif /* defined(MBEDTLS_THREADING_C) */
+
+    return status;
 }
 #endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */