eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add FI countermeasures to the ssl module

Browse source 
This commit adds mainly buffer pointer and length duplication and checks,
but also some hamming distance and return values checking improvements.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2020-07-06 15:27:34 -04:00
parent 74f7d0f03d
commit 84bde419e1
No known key found for this signature in database
GPG key ID: 89A90840DC388527
3 changed files with 153 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

10
library/ssl_cli.c
View file

@ -3587,7 +3587,10 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
{
int ret;
unsigned char *p, *end;
volatile unsigned char *buf_dup = buf;
volatile size_t buflen_dup = buflen;
size_t n;
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
@ -3870,7 +3873,12 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
}
*olen = p - buf;
return( 0 );
/* Secure against buffer substitution */
if( buf_dup == buf && buflen_dup == buflen )
{
return( 0 );
}
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
}
static int ssl_out_client_key_exchange_postprocess( mbedtls_ssl_context *ssl )