yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-12-22 19:15:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Enhancement fixes

Browse source 
Co-authored-by: Andrzej Kurek <andrzej.kurek@arm.com>
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
This commit is contained in:
Shelly Liberman 2020-08-05 15:26:10 +03:00
parent 4062d6ca68
commit c6a7e6b0c4
3 changed files with 13 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
configs/baremetal.h
View file

@ -146,7 +146,7 @@
#define MBEDTLS_DEPRECATED_REMOVED #define MBEDTLS_DEPRECATED_REMOVED
/* Fault Injection Countermesures */ /* Fault Injection Countermeasures */
#define MBEDTLS_FI_COUNTERMEASURES #define MBEDTLS_FI_COUNTERMEASURES
#if defined(MBEDTLS_USER_CONFIG_FILE) #if defined(MBEDTLS_USER_CONFIG_FILE)

6
include/mbedtls/config.h
View file

@ -657,10 +657,10 @@
/** /**
* \def MBEDTLS_FI_COUNTERMEASURES * \def MBEDTLS_FI_COUNTERMEASURES
* *
* Add countermeasures against possible FI attack. * Add countermeasures against a possible FI attack.
* *
* Uncommenting this macro inrease sode size and slow performence, * Uncommenting this macro increases code size and slows performance,
* it peforms double calls and double result checks of some crypto functions * it performs double calls and double result checks of some crypto functions
*/ */
//#define MBEDTLS_FI_COUNTERMEASURES //#define MBEDTLS_FI_COUNTERMEASURES

18
library/ssl_tls.c
View file

@ -11269,36 +11269,36 @@ static int ssl_write_real( mbedtls_ssl_context *ssl,
*/ */
ssl->out_msglen = len; ssl->out_msglen = len;
ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA; ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA;
mbedtls_platform_memcpy(ssl->out_msg, buf, len); mbedtls_platform_memcpy( ssl->out_msg, buf, len );
#if defined(MBEDTLS_FI_COUNTERMEASURES) && !defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) #if defined(MBEDTLS_FI_COUNTERMEASURES) && !defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
/* Secure against buffer substitution */ /* Secure against buffer substitution */
if (buf == ssl->out_msg_dup && if (buf == ssl->out_msg_dup &&
ssl->out_msglen == ssl->out_msglen_dup && ssl->out_msglen == ssl->out_msglen_dup &&
ssl->out_msg_dup[0] == ssl->out_msg[0]) ssl->out_msg_dup[0] == ssl->out_msg[0] )
{/*write record only if data was copied from correct user pointer */ {/*write record only if data was copied from correct user pointer */
#endif #endif
if ((ret = mbedtls_ssl_write_record(ssl, SSL_FORCE_FLUSH)) != 0) if ( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_record", ret); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
return(ret); return( ret );
} }
#if defined(MBEDTLS_FI_COUNTERMEASURES) && !defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) #if defined(MBEDTLS_FI_COUNTERMEASURES) && !defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
} }
else else
{ {
return(MBEDTLS_ERR_PLATFORM_FAULT_DETECTED); return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
} }
#endif #endif
} }
if (ret == 0) if ( ret == 0 )
{ {
return((int)len); return( (int) len );
} }
else else
{ {
return(MBEDTLS_ERR_PLATFORM_FAULT_DETECTED); return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
} }
} }