diff options
author | Antonio Nino Diaz <antonio.ninodiaz@arm.com> | 2017-01-13 13:53:32 +0000 |
---|---|---|
committer | Antonio Nino Diaz <antonio.ninodiaz@arm.com> | 2017-01-24 14:42:13 +0000 |
commit | b621fb503c76f3bdf06ed5ed1d3a995df8da9c50 (patch) | |
tree | e26cbe6607da8407709277b5d4808bb759e501cb /drivers/auth | |
parent | aa050a7bdb943ca94ab914f2a9dc508e09a57431 (diff) | |
download | trusted-firmware-a-b621fb503c76f3bdf06ed5ed1d3a995df8da9c50.tar.gz |
tbbr: Use constant-time bcmp() to compare hashes
To avoid timing side-channel attacks, it is needed to use a constant
time memory comparison function when comparing hashes. The affected
code only cheks for equality so it isn't needed to use any variant of
memcmp(), bcmp() is enough.
Also, timingsafe_bcmp() is as fast as memcmp() when the two compared
regions are equal, so this change incurrs no performance hit in said
case. In case they are unequal, the boot sequence wouldn't continue as
normal, so performance is not an issue.
Change-Id: I1c7c70ddfa4438e6031c8814411fef79fd3bb4df
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Diffstat (limited to 'drivers/auth')
-rw-r--r-- | drivers/auth/mbedtls/mbedtls_crypto.c | 2 | ||||
-rw-r--r-- | drivers/auth/mbedtls/mbedtls_x509_parser.c | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/drivers/auth/mbedtls/mbedtls_crypto.c b/drivers/auth/mbedtls/mbedtls_crypto.c index 1a96e8f8d0..11d3ede45a 100644 --- a/drivers/auth/mbedtls/mbedtls_crypto.c +++ b/drivers/auth/mbedtls/mbedtls_crypto.c @@ -217,7 +217,7 @@ static int verify_hash(void *data_ptr, unsigned int data_len, } /* Compare values */ - rc = memcmp(data_hash, hash, mbedtls_md_get_size(md_info)); + rc = timingsafe_bcmp(data_hash, hash, mbedtls_md_get_size(md_info)); if (rc != 0) { return CRYPTO_ERR_HASH; } diff --git a/drivers/auth/mbedtls/mbedtls_x509_parser.c b/drivers/auth/mbedtls/mbedtls_x509_parser.c index 73da9d1e7c..f9485de3d2 100644 --- a/drivers/auth/mbedtls/mbedtls_x509_parser.c +++ b/drivers/auth/mbedtls/mbedtls_x509_parser.c @@ -392,7 +392,7 @@ static int cert_parse(void *img, unsigned int img_len) if (sig_alg1.len != sig_alg2.len) { return IMG_PARSER_ERR_FORMAT; } - if (0 != memcmp(sig_alg1.p, sig_alg2.p, sig_alg1.len)) { + if (0 != timingsafe_bcmp(sig_alg1.p, sig_alg2.p, sig_alg1.len)) { return IMG_PARSER_ERR_FORMAT; } memcpy(&sig_alg, &sig_alg1, sizeof(sig_alg)); |