Fully replace mbedtls_psa_safer_memcmp
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
Dave Rodgman
parent
f4efd19dd0
commit
787011542b
4 changed files with 8 additions and 19 deletions
|
|
@ -64,6 +64,7 @@
|
|||
#include "mbedtls/cipher.h"
|
||||
#include "mbedtls/ccm.h"
|
||||
#include "mbedtls/cmac.h"
|
||||
#include "mbedtls/constant_time.h"
|
||||
#include "mbedtls/des.h"
|
||||
#include "mbedtls/ecdh.h"
|
||||
#include "mbedtls/ecp.h"
|
||||
|
|
@ -2420,7 +2421,7 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
|
|||
goto exit;
|
||||
}
|
||||
|
||||
if (mbedtls_psa_safer_memcmp(hash, actual_hash, actual_hash_length) != 0) {
|
||||
if (mbedtls_ct_memcmp(hash, actual_hash, actual_hash_length) != 0) {
|
||||
status = PSA_ERROR_INVALID_SIGNATURE;
|
||||
}
|
||||
|
||||
|
|
@ -2469,7 +2470,7 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg,
|
|||
status = PSA_ERROR_INVALID_SIGNATURE;
|
||||
goto exit;
|
||||
}
|
||||
if (mbedtls_psa_safer_memcmp(hash, actual_hash, actual_hash_length) != 0) {
|
||||
if (mbedtls_ct_memcmp(hash, actual_hash, actual_hash_length) != 0) {
|
||||
status = PSA_ERROR_INVALID_SIGNATURE;
|
||||
}
|
||||
|
||||
|
|
@ -2851,7 +2852,7 @@ psa_status_t psa_mac_verify(mbedtls_svc_key_id_t key,
|
|||
status = PSA_ERROR_INVALID_SIGNATURE;
|
||||
goto exit;
|
||||
}
|
||||
if (mbedtls_psa_safer_memcmp(mac, actual_mac, actual_mac_length) != 0) {
|
||||
if (mbedtls_ct_memcmp(mac, actual_mac, actual_mac_length) != 0) {
|
||||
status = PSA_ERROR_INVALID_SIGNATURE;
|
||||
goto exit;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -40,20 +40,6 @@
|
|||
*/
|
||||
int psa_can_do_hash(psa_algorithm_t hash_alg);
|
||||
|
||||
/** Constant-time buffer comparison
|
||||
*
|
||||
* \param[in] a Left-hand buffer for comparison.
|
||||
* \param[in] b Right-hand buffer for comparison.
|
||||
* \param n Amount of bytes to compare.
|
||||
*
|
||||
* \return 0 if the buffer contents are equal, non-zero otherwise
|
||||
*/
|
||||
static inline int mbedtls_psa_safer_memcmp(
|
||||
const uint8_t *a, const uint8_t *b, size_t n)
|
||||
{
|
||||
return mbedtls_ct_memcmp(a, b, n);
|
||||
}
|
||||
|
||||
/** The data structure representing a key slot, containing key material
|
||||
* and metadata for one key.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@
|
|||
#include <mbedtls/md.h>
|
||||
|
||||
#include <mbedtls/error.h>
|
||||
#include "mbedtls/constant_time.h"
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
|
||||
|
|
@ -453,7 +454,7 @@ psa_status_t mbedtls_psa_mac_verify_finish(
|
|||
goto cleanup;
|
||||
}
|
||||
|
||||
if (mbedtls_psa_safer_memcmp(mac, actual_mac, mac_length) != 0) {
|
||||
if (mbedtls_ct_memcmp(mac, actual_mac, mac_length) != 0) {
|
||||
status = PSA_ERROR_INVALID_SIGNATURE;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@
|
|||
#include "psa_crypto_rsa.h"
|
||||
|
||||
#include "mbedtls/platform.h"
|
||||
#include "mbedtls/constant_time.h"
|
||||
/* END-common headers */
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
|
|
@ -2253,7 +2254,7 @@ psa_status_t psa_driver_wrapper_aead_verify(
|
|||
if( status == PSA_SUCCESS )
|
||||
{
|
||||
if( tag_length != check_tag_length ||
|
||||
mbedtls_psa_safer_memcmp( tag, check_tag, tag_length )
|
||||
mbedtls_ct_memcmp( tag, check_tag, tag_length )
|
||||
!= 0 )
|
||||
status = PSA_ERROR_INVALID_SIGNATURE;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue