diff --git a/library/entropy.c b/library/entropy.c index b4d1f2921..8d42dd78e 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -273,7 +273,7 @@ static int entropy_gather_internal( mbedtls_entropy_context *ctx ) volatile int strong_fi = ctx->source[i].strong; if( strong_fi == MBEDTLS_ENTROPY_SOURCE_STRONG ) { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay(50); if( strong_fi == MBEDTLS_ENTROPY_SOURCE_STRONG ) have_one_strong_fi = MBEDTLS_ENTROPY_SOURCE_STRONG; @@ -305,7 +305,7 @@ cleanup: if( have_one_strong_fi == MBEDTLS_ENTROPY_SOURCE_STRONG ) { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay(50); if( have_one_strong_fi == MBEDTLS_ENTROPY_SOURCE_STRONG ) { return( ret ); diff --git a/library/pk.c b/library/pk.c index 1e991c5a0..252c78905 100644 --- a/library/pk.c +++ b/library/pk.c @@ -1553,7 +1553,7 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, if( verify_ret == 0 ) { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay(50); if( verify_ret == 0 ) { return( verify_ret ); diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 479554d78..88d609b07 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -717,7 +717,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) ( mbedtls_ssl_conf_get_prng( ssl->conf ), p, 28 ); if( ret == 0 ) { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay(50); if( ret == 0 ) { ssl->handshake->hello_random_set = MBEDTLS_SSL_FI_FLAG_SET; @@ -2369,7 +2369,7 @@ static int ssl_rsa_generate_partial_pms( mbedtls_ssl_context *ssl, if( ret == 0 ) { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay(50); if( ret == 0 ) { ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET; @@ -2442,7 +2442,7 @@ static int ssl_rsa_encrypt_partial_pms( mbedtls_ssl_context *ssl, if( ret == 0 ) { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay(50); if( ret == 0 ) { ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET; @@ -3071,7 +3071,7 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl, if( ret == 0 ) { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay(50); if( ret == 0 ) { diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 92d1da016..2ba1c19f4 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -4064,7 +4064,7 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl, if( pmscounter == ssl->handshake->pmslen ) { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay(50); if( pmscounter == ssl->handshake->pmslen ) { ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET; @@ -4651,7 +4651,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) if( ret == 0 ) { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay(50); if( ret == 0 ) { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 19bdc9079..d86960e10 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1929,7 +1929,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) ssl ); if( ret == 0 ) { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay(50); if( ret == 0 ) { ssl->handshake->key_derivation_done = MBEDTLS_SSL_FI_FLAG_SET; @@ -2011,7 +2011,7 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl ) mbedtls_ssl_conf_get_prng( ssl->conf ) ); if( ret == 0 ) { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay(50); if( ret == 0 ) { ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET; @@ -2054,7 +2054,7 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl ) mbedtls_ssl_conf_get_prng( ssl->conf ) ); if( ret == 0 ) { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay(50); if( ret == 0 ) { ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET; @@ -2085,7 +2085,7 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl ) mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ); if( ret == 0 ) { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay(50); if( ret == 0 ) { ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET; @@ -2114,7 +2114,7 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl ) mbedtls_ssl_conf_get_prng( ssl->conf ) ); if( ret == 0 ) { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay(50); if( ret == 0 ) { ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET; @@ -7346,7 +7346,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, if( verify_ret == 0 ) { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay(50); if( verify_ret == 0 ) { flow_counter++; @@ -7436,7 +7436,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, ( verify_ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || verify_ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ) ) { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay(50); if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL && ( verify_ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || verify_ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ) ) @@ -7502,7 +7502,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, flow_counter == 4 ) #endif { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay(50); if( verify_ret == 0 && #if defined(MBEDTLS_ECP_C) || defined(MBEDTLS_USE_TINYCRYPT) flow_counter == 5 ) @@ -7989,7 +7989,7 @@ int mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) 1 ) #endif { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay(50); if( authmode == MBEDTLS_SSL_VERIFY_NONE || authmode == MBEDTLS_SSL_VERIFY_OPTIONAL || #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) @@ -8010,7 +8010,7 @@ int mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) #if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) if( ssl->handshake->resume == MBEDTLS_SSL_FI_FLAG_SET ) { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay(50); if( ssl->handshake->resume == MBEDTLS_SSL_FI_FLAG_SET ) { /* When doing session resume, no premaster or peer authentication */ @@ -8027,7 +8027,7 @@ int mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) if( ssl->handshake->peer_authenticated == MBEDTLS_SSL_FI_FLAG_SET ) { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay(50); if( ssl->handshake->peer_authenticated == MBEDTLS_SSL_FI_FLAG_SET ) { ret = 0; @@ -8048,7 +8048,7 @@ int mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) ssl->handshake->key_derivation_done == MBEDTLS_SSL_FI_FLAG_SET && ssl->handshake->premaster_generated == MBEDTLS_SSL_FI_FLAG_SET ) { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay(50); if( ssl->handshake->hello_random_set == MBEDTLS_SSL_FI_FLAG_SET && ssl->handshake->key_derivation_done == MBEDTLS_SSL_FI_FLAG_SET && ssl->handshake->premaster_generated == MBEDTLS_SSL_FI_FLAG_SET )