Add FI countermeasures for sensitive switch instructions

Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
This commit is contained in:
Piotr Nowicki 2020-06-19 10:04:27 +02:00
parent 98c847a483
commit 78fc139121

View file

@ -7112,7 +7112,7 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl,
mbedtls_x509_crt *chain )
{
int ret;
volatile int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
int crt_cnt=0;
#endif
@ -7225,9 +7225,24 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl,
switch( ret )
{
case 0: /* ok */
mbedtls_platform_random_delay();
if( ret != 0 )
{
alert = MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR;
ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
goto crt_parse_der_failed;
}
break;
case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND:
/* Ignore certificate with an unknown algorithm: maybe a
prior certificate was already trusted. */
* prior certificate was already trusted. */
mbedtls_platform_random_delay();
if( ret != MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND )
{
alert = MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR;
ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
goto crt_parse_der_failed;
}
break;
case MBEDTLS_ERR_X509_ALLOC_FAILED: