eden-emu/mbedtls
19
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Revert a part of the sensitive information duplication changes

Browse source 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2020-07-15 16:31:27 -04:00
parent c417c783e5
commit afec8853c5
No known key found for this signature in database
GPG key ID: 89A90840DC388527
5 changed files with 19 additions and 197 deletions
Download patch file Download diff file Expand all files Collapse all files

97
library/ssl_tls.c
View file

@ -177,8 +177,6 @@ int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl,
size_t buflen )
{
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
volatile unsigned char *buf_dup = buf;
volatile size_t buflen_dup = buflen;
mbedtls_record rec;
MBEDTLS_SSL_DEBUG_MSG( 1, ( "=> mbedtls_ssl_check_record" ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "record buffer", buf, buflen );
@ -230,10 +228,6 @@ exit:
ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD;
}
if( buf_dup != buf || buflen_dup != buflen )
{
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
}
MBEDTLS_SSL_DEBUG_MSG( 1, ( "<= mbedtls_ssl_check_record" ) );
return( ret );
}
@ -288,9 +282,6 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
unsigned char const *own_cid,
size_t own_cid_len )
{
volatile unsigned char const *own_cid_dup = own_cid;
volatile size_t own_cid_len_dup = own_cid_len;
if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@ -317,12 +308,7 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
* MBEDTLS_SSL_CID_IN_LEN_MAX at most 255. */
ssl->own_cid_len = (uint8_t) own_cid_len;
/* Secure against buffer substitution */
if( own_cid_dup == own_cid && own_cid_len_dup == own_cid_len )
{
return( 0 );
}
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
return( 0 );
}
int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
@ -619,13 +605,7 @@ MBEDTLS_NO_INLINE static int ssl3_prf( const unsigned char *secret, size_t slen,
mbedtls_sha1_context sha1;
unsigned char padding[16];
unsigned char sha1sum[20];
volatile const unsigned char *secret_dup = secret;
volatile size_t slen_dup = slen;
volatile const char *label_dup = label;
volatile const unsigned char *random_dup = random;
volatile size_t rlen_dup = rlen;
volatile unsigned char *dstbuf_dup = dstbuf;
volatile size_t dlen_dup = dlen;
((void)label);
mbedtls_md5_init( &md5 );
mbedtls_sha1_init( &sha1 );
@ -670,14 +650,7 @@ exit:
mbedtls_platform_zeroize( padding, sizeof( padding ) );
mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) );
/* Secure against buffer substitution */
if( secret_dup == secret && slen_dup == slen && label_dup == label &&
random_dup == random && rlen_dup == rlen && dstbuf_dup == dstbuf &&
dlen_dup == dlen )
{
return( ret );
}
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
return( ret );
}
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
@ -695,13 +668,6 @@ MBEDTLS_NO_INLINE static int tls1_prf( const unsigned char *secret, size_t slen,
mbedtls_md_handle_t md_info;
mbedtls_md_context_t md_ctx;
int ret;
volatile const unsigned char *secret_dup = secret;
volatile size_t slen_dup = slen;
volatile const char *label_dup = label;
volatile const unsigned char *random_dup = random;
volatile size_t rlen_dup = rlen;
volatile unsigned char *dstbuf_dup = dstbuf;
volatile size_t dlen_dup = dlen;
mbedtls_md_init( &md_ctx );
@ -788,14 +754,7 @@ MBEDTLS_NO_INLINE static int tls1_prf( const unsigned char *secret, size_t slen,
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
/* Secure against buffer substitution */
if( secret_dup == secret && slen_dup == slen && label_dup == label &&
random_dup == random && rlen_dup == rlen && dstbuf_dup == dstbuf &&
dlen_dup == dlen )
{
return( 0 );
}
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
return( 0 );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */
@ -818,13 +777,6 @@ int tls_prf_generic( mbedtls_md_type_t md_type,
mbedtls_md_handle_t md_info;
mbedtls_md_context_t md_ctx;
int ret;
volatile const unsigned char *secret_dup = secret;
volatile size_t slen_dup = slen;
volatile const char *label_dup = label;
volatile const unsigned char *random_dup = random;
volatile size_t rlen_dup = rlen;
volatile unsigned char *dstbuf_dup = dstbuf;
volatile size_t dlen_dup = dlen;
mbedtls_md_init( &md_ctx );
@ -884,14 +836,7 @@ int tls_prf_generic( mbedtls_md_type_t md_type,
(void)mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
(void)mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
/* Secure against buffer substitution */
if( secret_dup == secret && slen_dup == slen && label_dup == label &&
random_dup == random && rlen_dup == rlen && dstbuf_dup == dstbuf &&
dlen_dup == dlen )
{
return( 0 );
}
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
return( 0 );
}
#if defined(MBEDTLS_SHA256_C)
@ -1883,7 +1828,6 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
const mbedtls_ssl_context *ssl )
{
int ret;
volatile unsigned char *master_dup = master;
/* #if !defined(MBEDTLS_DEBUG_C) && !defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) */
/* ssl = NULL; /\* make sure we don't use it except for debug and EMS *\/ */
@ -1944,12 +1888,7 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
mbedtls_platform_zeroize( handshake->premaster,
sizeof(handshake->premaster) );
/* Secure against buffer substitution */
if( master_dup == master )
{
return( 0 );
}
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
return( 0 );
}
int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
@ -2466,9 +2405,6 @@ static int ssl_cid_build_inner_plaintext( unsigned char *content,
size_t pad = ( MBEDTLS_SSL_CID_PADDING_GRANULARITY -
( len + 1 ) % MBEDTLS_SSL_CID_PADDING_GRANULARITY ) %
MBEDTLS_SSL_CID_PADDING_GRANULARITY;
volatile unsigned char *content_dup = content;
volatile size_t *content_size_dup = content_size;
volatile size_t remaining_dup = remaining;
/* Write real content type */
if( remaining == 0 )
@ -2484,14 +2420,7 @@ static int ssl_cid_build_inner_plaintext( unsigned char *content,
remaining -= pad;
*content_size = len;
/* Secure against buffer substitution */
if( content_dup == content && content_size_dup == content_size &&
( remaining_dup - 1 - pad ) == remaining )
{
return( 0 );
}
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
return( 0 );
}
/* This function parses a DTLSInnerPlaintext structure.
@ -13028,10 +12957,6 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
{
int ret = 0;
mbedtls_md_context_t ctx;
volatile unsigned char* hash_dup = hash;
volatile size_t *hashlen_dup = hashlen;
volatile unsigned char* data_dup = data;
volatile size_t data_len_dup = data_len;
mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( md_alg );
*hashlen = mbedtls_md_get_size( md_info );
@ -13078,13 +13003,7 @@ exit:
mbedtls_ssl_pend_fatal_alert( ssl,
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
/* Secure against buffer substitution */
if( hash_dup == hash && hashlen_dup == hashlen &&
data_dup == data && data_len_dup == data_len )
{
return( ret );
}
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
return( ret );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
MBEDTLS_SSL_PROTO_TLS1_2 */