eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Replace mbedtls_platform_enforce_volatile_reads 2

Browse source 
Replace remaining mbedtls_platform_enforce_volatile_reads() with
mbedtls_platform_random_delay().
This commit is contained in:
Arto Kinnunen 2020-01-03 14:26:20 +02:00
parent e91f0dc905
commit 7195571681
5 changed files with 21 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

4
library/entropy.c
View file

@ -273,7 +273,7 @@ static int entropy_gather_internal( mbedtls_entropy_context *ctx )
volatile int strong_fi = ctx->source[i].strong; volatile int strong_fi = ctx->source[i].strong;
if( strong_fi == MBEDTLS_ENTROPY_SOURCE_STRONG ) if( strong_fi == MBEDTLS_ENTROPY_SOURCE_STRONG )
{ {
mbedtls_platform_enforce_volatile_reads(); mbedtls_platform_random_delay(50);
if( strong_fi == MBEDTLS_ENTROPY_SOURCE_STRONG ) if( strong_fi == MBEDTLS_ENTROPY_SOURCE_STRONG )
have_one_strong_fi = MBEDTLS_ENTROPY_SOURCE_STRONG; have_one_strong_fi = MBEDTLS_ENTROPY_SOURCE_STRONG;
@ -305,7 +305,7 @@ cleanup:
if( have_one_strong_fi == MBEDTLS_ENTROPY_SOURCE_STRONG ) if( have_one_strong_fi == MBEDTLS_ENTROPY_SOURCE_STRONG )
{ {
mbedtls_platform_enforce_volatile_reads(); mbedtls_platform_random_delay(50);
if( have_one_strong_fi == MBEDTLS_ENTROPY_SOURCE_STRONG ) if( have_one_strong_fi == MBEDTLS_ENTROPY_SOURCE_STRONG )
{ {
return( ret ); return( ret );

2
library/pk.c
View file

@ -1553,7 +1553,7 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
if( verify_ret == 0 ) if( verify_ret == 0 )
{ {
mbedtls_platform_enforce_volatile_reads(); mbedtls_platform_random_delay(50);
if( verify_ret == 0 ) if( verify_ret == 0 )
{ {
return( verify_ret ); return( verify_ret );

8
library/ssl_cli.c
View file

@ -717,7 +717,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
( mbedtls_ssl_conf_get_prng( ssl->conf ), p, 28 ); ( mbedtls_ssl_conf_get_prng( ssl->conf ), p, 28 );
if( ret == 0 ) if( ret == 0 )
{ {
mbedtls_platform_enforce_volatile_reads(); mbedtls_platform_random_delay(50);
if( ret == 0 ) if( ret == 0 )
{ {
ssl->handshake->hello_random_set = MBEDTLS_SSL_FI_FLAG_SET; ssl->handshake->hello_random_set = MBEDTLS_SSL_FI_FLAG_SET;
@ -2369,7 +2369,7 @@ static int ssl_rsa_generate_partial_pms( mbedtls_ssl_context *ssl,
if( ret == 0 ) if( ret == 0 )
{ {
mbedtls_platform_enforce_volatile_reads(); mbedtls_platform_random_delay(50);
if( ret == 0 ) if( ret == 0 )
{ {
ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET; ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET;
@ -2442,7 +2442,7 @@ static int ssl_rsa_encrypt_partial_pms( mbedtls_ssl_context *ssl,
if( ret == 0 ) if( ret == 0 )
{ {
mbedtls_platform_enforce_volatile_reads(); mbedtls_platform_random_delay(50);
if( ret == 0 ) if( ret == 0 )
{ {
ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET; ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET;
@ -3071,7 +3071,7 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
if( ret == 0 ) if( ret == 0 )
{ {
mbedtls_platform_enforce_volatile_reads(); mbedtls_platform_random_delay(50);
if( ret == 0 ) if( ret == 0 )
{ {

4
library/ssl_srv.c
View file

@ -4064,7 +4064,7 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
if( pmscounter == ssl->handshake->pmslen ) if( pmscounter == ssl->handshake->pmslen )
{ {
mbedtls_platform_enforce_volatile_reads(); mbedtls_platform_random_delay(50);
if( pmscounter == ssl->handshake->pmslen ) if( pmscounter == ssl->handshake->pmslen )
{ {
ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET; ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET;
@ -4651,7 +4651,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
if( ret == 0 ) if( ret == 0 )
{ {
mbedtls_platform_enforce_volatile_reads(); mbedtls_platform_random_delay(50);
if( ret == 0 ) if( ret == 0 )
{ {

24
library/ssl_tls.c
View file

@ -1929,7 +1929,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
ssl ); ssl );
if( ret == 0 ) if( ret == 0 )
{ {
mbedtls_platform_enforce_volatile_reads(); mbedtls_platform_random_delay(50);
if( ret == 0 ) if( ret == 0 )
{ {
ssl->handshake->key_derivation_done = MBEDTLS_SSL_FI_FLAG_SET; ssl->handshake->key_derivation_done = MBEDTLS_SSL_FI_FLAG_SET;
@ -2011,7 +2011,7 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl )
mbedtls_ssl_conf_get_prng( ssl->conf ) ); mbedtls_ssl_conf_get_prng( ssl->conf ) );
if( ret == 0 ) if( ret == 0 )
{ {
mbedtls_platform_enforce_volatile_reads(); mbedtls_platform_random_delay(50);
if( ret == 0 ) if( ret == 0 )
{ {
ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET; ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET;
@ -2054,7 +2054,7 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl )
mbedtls_ssl_conf_get_prng( ssl->conf ) ); mbedtls_ssl_conf_get_prng( ssl->conf ) );
if( ret == 0 ) if( ret == 0 )
{ {
mbedtls_platform_enforce_volatile_reads(); mbedtls_platform_random_delay(50);
if( ret == 0 ) if( ret == 0 )
{ {
ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET; ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET;
@ -2085,7 +2085,7 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl )
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) ); mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) );
if( ret == 0 ) if( ret == 0 )
{ {
mbedtls_platform_enforce_volatile_reads(); mbedtls_platform_random_delay(50);
if( ret == 0 ) if( ret == 0 )
{ {
ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET; ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET;
@ -2114,7 +2114,7 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl )
mbedtls_ssl_conf_get_prng( ssl->conf ) ); mbedtls_ssl_conf_get_prng( ssl->conf ) );
if( ret == 0 ) if( ret == 0 )
{ {
mbedtls_platform_enforce_volatile_reads(); mbedtls_platform_random_delay(50);
if( ret == 0 ) if( ret == 0 )
{ {
ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET; ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET;
@ -7346,7 +7346,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
if( verify_ret == 0 ) if( verify_ret == 0 )
{ {
mbedtls_platform_enforce_volatile_reads(); mbedtls_platform_random_delay(50);
if( verify_ret == 0 ) if( verify_ret == 0 )
{ {
flow_counter++; flow_counter++;
@ -7436,7 +7436,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
( verify_ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || ( verify_ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
verify_ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ) ) verify_ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ) )
{ {
mbedtls_platform_enforce_volatile_reads(); mbedtls_platform_random_delay(50);
if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL && if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL &&
( verify_ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || ( verify_ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
verify_ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ) ) verify_ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ) )
@ -7502,7 +7502,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
flow_counter == 4 ) flow_counter == 4 )
#endif #endif
{ {
mbedtls_platform_enforce_volatile_reads(); mbedtls_platform_random_delay(50);
if( verify_ret == 0 && if( verify_ret == 0 &&
#if defined(MBEDTLS_ECP_C) || defined(MBEDTLS_USE_TINYCRYPT) #if defined(MBEDTLS_ECP_C) || defined(MBEDTLS_USE_TINYCRYPT)
flow_counter == 5 ) flow_counter == 5 )
@ -7989,7 +7989,7 @@ int mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
1 ) 1 )
#endif #endif
{ {
mbedtls_platform_enforce_volatile_reads(); mbedtls_platform_random_delay(50);
if( authmode == MBEDTLS_SSL_VERIFY_NONE || if( authmode == MBEDTLS_SSL_VERIFY_NONE ||
authmode == MBEDTLS_SSL_VERIFY_OPTIONAL || authmode == MBEDTLS_SSL_VERIFY_OPTIONAL ||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
@ -8010,7 +8010,7 @@ int mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) #if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
if( ssl->handshake->resume == MBEDTLS_SSL_FI_FLAG_SET ) if( ssl->handshake->resume == MBEDTLS_SSL_FI_FLAG_SET )
{ {
mbedtls_platform_enforce_volatile_reads(); mbedtls_platform_random_delay(50);
if( ssl->handshake->resume == MBEDTLS_SSL_FI_FLAG_SET ) if( ssl->handshake->resume == MBEDTLS_SSL_FI_FLAG_SET )
{ {
/* When doing session resume, no premaster or peer authentication */ /* When doing session resume, no premaster or peer authentication */
@ -8027,7 +8027,7 @@ int mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
if( ssl->handshake->peer_authenticated == MBEDTLS_SSL_FI_FLAG_SET ) if( ssl->handshake->peer_authenticated == MBEDTLS_SSL_FI_FLAG_SET )
{ {
mbedtls_platform_enforce_volatile_reads(); mbedtls_platform_random_delay(50);
if( ssl->handshake->peer_authenticated == MBEDTLS_SSL_FI_FLAG_SET ) if( ssl->handshake->peer_authenticated == MBEDTLS_SSL_FI_FLAG_SET )
{ {
ret = 0; ret = 0;
@ -8048,7 +8048,7 @@ int mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
ssl->handshake->key_derivation_done == MBEDTLS_SSL_FI_FLAG_SET && ssl->handshake->key_derivation_done == MBEDTLS_SSL_FI_FLAG_SET &&
ssl->handshake->premaster_generated == MBEDTLS_SSL_FI_FLAG_SET ) ssl->handshake->premaster_generated == MBEDTLS_SSL_FI_FLAG_SET )
{ {
mbedtls_platform_enforce_volatile_reads(); mbedtls_platform_random_delay(50);
if( ssl->handshake->hello_random_set == MBEDTLS_SSL_FI_FLAG_SET && if( ssl->handshake->hello_random_set == MBEDTLS_SSL_FI_FLAG_SET &&
ssl->handshake->key_derivation_done == MBEDTLS_SSL_FI_FLAG_SET && ssl->handshake->key_derivation_done == MBEDTLS_SSL_FI_FLAG_SET &&
ssl->handshake->premaster_generated == MBEDTLS_SSL_FI_FLAG_SET ) ssl->handshake->premaster_generated == MBEDTLS_SSL_FI_FLAG_SET )