Add returning a FAULT_DETECTED error on suspected FI attacks
The change applies to the places where we prevent double synchronous FI attacks with random delay, and where we do not respond to their detection. The response to such an attack should be to return the appropriate error code. Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
This commit is contained in:
Piotr Nowicki
parent
b06ec05dc0
commit
e048b91d25
5 changed files with 34 additions and 12 deletions
|
|
@ -27,9 +27,9 @@
|
|||
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
|
||||
#if !defined(MBEDTLS_PLATFORM_C)
|
||||
#include <stdlib.h>
|
||||
#define mbedtls_calloc calloc
|
||||
#define mbedtls_free free
|
||||
|
|
@ -4659,6 +4659,10 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
|
|||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) );
|
||||
goto exit;
|
||||
}
|
||||
else
|
||||
{
|
||||
ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue