mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-03-24 10:35:12 +00:00
Replaced mbedtls_ssl_safer_memcmp with mbedtls_platform_memcmp
Saves some bytes and mbedtls_platform_memcmp is a bit safer for side channel attacks.
This commit is contained in:
Teppo Järvelin
parent
650343cdcd
commit
707ceb88f0
|
|
@ -2231,7 +2231,7 @@
|
||||||
#define rsa_rsassa_pss_verify_ext mbedtls_rsa_rsassa_pss_verify_ext
|
#define rsa_rsassa_pss_verify_ext mbedtls_rsa_rsassa_pss_verify_ext
|
||||||
#define rsa_self_test mbedtls_rsa_self_test
|
#define rsa_self_test mbedtls_rsa_self_test
|
||||||
#define rsa_set_padding mbedtls_rsa_set_padding
|
#define rsa_set_padding mbedtls_rsa_set_padding
|
||||||
#define safer_memcmp mbedtls_ssl_safer_memcmp
|
#define safer_memcmp mbedtls_platform_memcmp
|
||||||
#define set_alarm mbedtls_set_alarm
|
#define set_alarm mbedtls_set_alarm
|
||||||
#define sha1 mbedtls_sha1
|
#define sha1 mbedtls_sha1
|
||||||
#define sha1_context mbedtls_sha1_context
|
#define sha1_context mbedtls_sha1_context
|
||||||
|
|
|
||||||
|
|
@ -1159,26 +1159,6 @@ void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
|
||||||
int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
|
int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
|
||||||
const mbedtls_ssl_session *src );
|
const mbedtls_ssl_session *src );
|
||||||
|
|
||||||
/* constant-time buffer comparison */
|
|
||||||
static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
|
|
||||||
{
|
|
||||||
size_t i;
|
|
||||||
volatile const unsigned char *A = (volatile const unsigned char *) a;
|
|
||||||
volatile const unsigned char *B = (volatile const unsigned char *) b;
|
|
||||||
volatile unsigned char diff = 0;
|
|
||||||
|
|
||||||
for( i = 0; i < n; i++ )
|
|
||||||
{
|
|
||||||
/* Read volatile data in order before computing diff.
|
|
||||||
* This avoids IAR compiler warning:
|
|
||||||
* 'the order of volatile accesses is undefined ..' */
|
|
||||||
unsigned char x = A[i], y = B[i];
|
|
||||||
diff |= x ^ y;
|
|
||||||
}
|
|
||||||
|
|
||||||
return( diff );
|
|
||||||
}
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
|
||||||
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
defined(MBEDTLS_SSL_PROTO_TLS1_1)
|
||||||
int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
|
int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
|
||||||
|
|
|
||||||
|
|
@ -28,12 +28,12 @@
|
||||||
#if defined(MBEDTLS_ASN1_WRITE_C)
|
#if defined(MBEDTLS_ASN1_WRITE_C)
|
||||||
|
|
||||||
#include "mbedtls/asn1write.h"
|
#include "mbedtls/asn1write.h"
|
||||||
|
#include "mbedtls/platform_util.h"
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
#if defined(MBEDTLS_PLATFORM_C)
|
#if defined(MBEDTLS_PLATFORM_C)
|
||||||
#include "mbedtls/platform.h"
|
#include "mbedtls/platform.h"
|
||||||
#include "mbedtls/platform_util.h"
|
|
||||||
#else
|
#else
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#define mbedtls_calloc calloc
|
#define mbedtls_calloc calloc
|
||||||
|
|
|
||||||
|
|
@ -40,7 +40,6 @@
|
||||||
#if defined(MBEDTLS_ECP_C)
|
#if defined(MBEDTLS_ECP_C)
|
||||||
#include "mbedtls/bignum.h"
|
#include "mbedtls/bignum.h"
|
||||||
#include "mbedtls/ecp.h"
|
#include "mbedtls/ecp.h"
|
||||||
#include "mbedtls/platform_util.h"
|
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_ECDSA_C)
|
#if defined(MBEDTLS_ECDSA_C)
|
||||||
#include "mbedtls/ecdsa.h"
|
#include "mbedtls/ecdsa.h"
|
||||||
|
|
|
||||||
|
|
@ -1152,9 +1152,9 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
|
||||||
/* Check verify-data in constant-time. The length OTOH is no secret */
|
/* Check verify-data in constant-time. The length OTOH is no secret */
|
||||||
if( len != 1 + ssl->verify_data_len * 2 ||
|
if( len != 1 + ssl->verify_data_len * 2 ||
|
||||||
buf[0] != ssl->verify_data_len * 2 ||
|
buf[0] != ssl->verify_data_len * 2 ||
|
||||||
mbedtls_ssl_safer_memcmp( buf + 1,
|
mbedtls_platform_memcmp( buf + 1,
|
||||||
ssl->own_verify_data, ssl->verify_data_len ) != 0 ||
|
ssl->own_verify_data, ssl->verify_data_len ) != 0 ||
|
||||||
mbedtls_ssl_safer_memcmp( buf + 1 + ssl->verify_data_len,
|
mbedtls_platform_memcmp( buf + 1 + ssl->verify_data_len,
|
||||||
ssl->peer_verify_data, ssl->verify_data_len ) != 0 )
|
ssl->peer_verify_data, ssl->verify_data_len ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
|
||||||
|
|
|
||||||
|
|
@ -229,7 +229,7 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
|
||||||
if( mbedtls_ssl_safer_memcmp( cookie + 4, ref_hmac, sizeof( ref_hmac ) ) != 0 )
|
if( mbedtls_platform_memcmp( cookie + 4, ref_hmac, sizeof( ref_hmac ) ) != 0 )
|
||||||
return( -1 );
|
return( -1 );
|
||||||
|
|
||||||
#if defined(MBEDTLS_HAVE_TIME)
|
#if defined(MBEDTLS_HAVE_TIME)
|
||||||
|
|
|
||||||
|
|
@ -160,7 +160,7 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
|
||||||
/* Check verify-data in constant-time. The length OTOH is no secret */
|
/* Check verify-data in constant-time. The length OTOH is no secret */
|
||||||
if( len != 1 + ssl->verify_data_len ||
|
if( len != 1 + ssl->verify_data_len ||
|
||||||
buf[0] != ssl->verify_data_len ||
|
buf[0] != ssl->verify_data_len ||
|
||||||
mbedtls_ssl_safer_memcmp( buf + 1, ssl->peer_verify_data,
|
mbedtls_platform_memcmp( buf + 1, ssl->peer_verify_data,
|
||||||
ssl->verify_data_len ) != 0 )
|
ssl->verify_data_len ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
|
||||||
|
|
@ -4089,7 +4089,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
|
||||||
/* Identity is not a big secret since clients send it in the clear,
|
/* Identity is not a big secret since clients send it in the clear,
|
||||||
* but treat it carefully anyway, just in case */
|
* but treat it carefully anyway, just in case */
|
||||||
if( n != ssl->conf->psk_identity_len ||
|
if( n != ssl->conf->psk_identity_len ||
|
||||||
mbedtls_ssl_safer_memcmp( ssl->conf->psk_identity, *p, n ) != 0 )
|
mbedtls_platform_memcmp( ssl->conf->psk_identity, *p, n ) != 0 )
|
||||||
{
|
{
|
||||||
ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
|
ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -3083,7 +3083,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
*
|
*
|
||||||
* Afterwards, we know that data + data_len is followed by at
|
* Afterwards, we know that data + data_len is followed by at
|
||||||
* least maclen Bytes, which justifies the call to
|
* least maclen Bytes, which justifies the call to
|
||||||
* mbedtls_ssl_safer_memcmp() below.
|
* mbedtls_platform_memcmp() below.
|
||||||
*
|
*
|
||||||
* Further, we still know that data_len > minlen */
|
* Further, we still know that data_len > minlen */
|
||||||
rec->data_len -= transform->maclen;
|
rec->data_len -= transform->maclen;
|
||||||
|
|
@ -3105,7 +3105,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
transform->maclen );
|
transform->maclen );
|
||||||
|
|
||||||
/* Compare expected MAC with MAC at the end of the record. */
|
/* Compare expected MAC with MAC at the end of the record. */
|
||||||
if( mbedtls_ssl_safer_memcmp( data + rec->data_len, mac_expect,
|
if( mbedtls_platform_memcmp( data + rec->data_len, mac_expect,
|
||||||
transform->maclen ) != 0 )
|
transform->maclen ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
|
||||||
|
|
@ -3444,7 +3444,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", data + rec->data_len, transform->maclen );
|
MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", data + rec->data_len, transform->maclen );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if( mbedtls_ssl_safer_memcmp( data + rec->data_len, mac_expect,
|
if( mbedtls_platform_memcmp( data + rec->data_len, mac_expect,
|
||||||
transform->maclen ) != 0 )
|
transform->maclen ) != 0 )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_DEBUG_ALL)
|
#if defined(MBEDTLS_SSL_DEBUG_ALL)
|
||||||
|
|
@ -7913,7 +7913,7 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED );
|
return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( mbedtls_ssl_safer_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ),
|
if( mbedtls_platform_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ),
|
||||||
buf, hash_len ) != 0 )
|
buf, hash_len ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue