aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrzej Kurek <andrzej.kurek@arm.com>2020-07-21 11:03:50 +0200
committerGitHub <noreply@github.com>2020-07-21 11:03:50 +0200
commit7e6075b7fd5fdb965c9491af2ebd629594bfebd4 (patch)
tree6665eef167f2ea9a44fddf611b6fee413f823628
parentc417c783e5f054df6be57e7fe5d696a46c499bec (diff)
parentcf3e35cc5804f6a7a239e2e2b82df9313fce87fe (diff)
downloadmbed-tls-7e6075b7fd5fdb965c9491af2ebd629594bfebd4.tar.gz
Merge pull request #3499 from AndrzejKurek/fi-duplicate-buffers-revert
Revert a part of the sensitive information duplication changes
-rw-r--r--library/aes.c23
-rw-r--r--library/ccm.c46
-rw-r--r--library/ssl_cli.c17
-rw-r--r--library/ssl_srv.c33
-rw-r--r--library/ssl_tls.c97
-rw-r--r--tinycrypt/ecc.c6
-rw-r--r--tinycrypt/ecc_dh.c8
-rw-r--r--tinycrypt/ecc_dsa.c8
8 files changed, 20 insertions, 218 deletions
diff --git a/library/aes.c b/library/aes.c
index e49f74f76..f6c4fc33e 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -686,8 +686,6 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int flow_ctrl = 0;
volatile unsigned int i = 0;
volatile int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
- volatile const unsigned char *key_dup = key;
- volatile unsigned int keybits_dup = keybits;
uint32_t *RK;
uint32_t offset = 0;
@@ -816,10 +814,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
#endif
) )
{
- if( keybits_dup == keybits && key_dup == key )
- {
- return ret;
- }
+ return ret;
}
mbedtls_platform_memset( RK, 0, ( keybits >> 5 ) * 4 );
@@ -1069,8 +1064,6 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
aes_r_data_t *aes_data_table[2]; // pointers to real and fake data
int round_ctrl_table_len = ctx->nr + 2 + AES_SCA_CM_ROUNDS;
volatile int flow_control;
- volatile const unsigned char *input_dup = input;
- volatile unsigned char *output_dup = output;
// control bytes for AES calculation rounds,
// reserve based on max rounds + dummy rounds + 2 (for initial key addition)
uint8_t round_ctrl_table[( 14 + AES_SCA_CM_ROUNDS + 2 )];
@@ -1170,11 +1163,7 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
if( flow_control == tindex + dummy_rounds + 8 )
{
- /* Validate control path due possible fault injection */
- if( output_dup == output && input_dup == input )
- {
- return 0;
- }
+ return 0;
}
// Clear the output in case of a FI
@@ -1355,8 +1344,6 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
aes_r_data_t *aes_data_table[2]; // pointers to real and fake data
int round_ctrl_table_len = ctx->nr + 2 + AES_SCA_CM_ROUNDS;
volatile int flow_control;
- volatile const unsigned char *input_dup = input;
- volatile unsigned char *output_dup = output;
// control bytes for AES calculation rounds,
// reserve based on max rounds + dummy rounds + 2 (for initial key addition)
uint8_t round_ctrl_table[( 14 + AES_SCA_CM_ROUNDS + 2 )];
@@ -1456,11 +1443,7 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
if( flow_control == tindex + dummy_rounds + 8 )
{
- /* Validate control path due possible fault injection */
- if( output_dup == output && input_dup == input )
- {
- return 0;
- }
+ return 0;
}
// Clear the output in case of a FI
diff --git a/library/ccm.c b/library/ccm.c
index 54d051e34..750ec9e98 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -77,8 +77,6 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
{
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
const mbedtls_cipher_info_t *cipher_info;
- volatile const unsigned char *key_dup = key;
- volatile unsigned int keybits_dup = keybits;
CCM_VALIDATE_RET( ctx != NULL );
CCM_VALIDATE_RET( key != NULL );
@@ -101,14 +99,7 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
return( ret );
}
- if( keybits_dup == keybits && key_dup == key )
- {
- return( ret );
- }
-
- // In case of a FI - clear the context
- mbedtls_cipher_free( &ctx->cipher_ctx );
- return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ return( ret );
}
/*
@@ -174,15 +165,6 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
unsigned char ctr[16];
const unsigned char *src;
unsigned char *dst;
- volatile size_t length_dup = length;
- volatile const unsigned char *iv_dup = iv;
- volatile size_t iv_len_dup = iv_len;
- volatile const unsigned char *add_dup = add;
- volatile size_t add_len_dup = add_len;
- volatile const unsigned char *input_dup = input;
- volatile unsigned char *output_dup = output;
- volatile unsigned char *tag_dup = tag;
- volatile size_t tag_len_dup = tag_len;
/*
* Check length requirements: SP800-38C A.1
@@ -334,16 +316,6 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
CTR_CRYPT( y, y, 16 );
mbedtls_platform_memcpy( tag, y, tag_len );
- if( length_dup != length || iv_dup != iv || iv_len_dup != iv_len ||
- add_dup != add || add_len_dup != add_len || input_dup != input ||
- output_dup != output || tag_dup != tag || tag_len_dup != tag_len)
- {
-
- // In case of a FI - clear the output
- mbedtls_platform_memset( output, 0, length );
- return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
- }
-
return( ret );
}
@@ -398,15 +370,6 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
unsigned char check_tag[16];
unsigned char i;
int diff;
- volatile size_t length_dup = length;
- volatile const unsigned char *iv_dup = iv;
- volatile size_t iv_len_dup = iv_len;
- volatile const unsigned char *add_dup = add;
- volatile size_t add_len_dup = add_len;
- volatile const unsigned char *input_dup = input;
- volatile unsigned char *output_dup = output;
- volatile const unsigned char *tag_dup = tag;
- volatile size_t tag_len_dup = tag_len;
CCM_VALIDATE_RET( ctx != NULL );
CCM_VALIDATE_RET( iv != NULL );
@@ -432,13 +395,6 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
return( MBEDTLS_ERR_CCM_AUTH_FAILED );
}
- if( length_dup != length || iv_dup != iv || iv_len_dup != iv_len ||
- add_dup != add || add_len_dup != add_len || input_dup != input ||
- output_dup != output || tag_dup != tag || tag_len_dup != tag_len)
- {
- return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
- }
-
return( ret );
}
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 5b47c0a9b..58cbd87b0 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2796,14 +2796,10 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
volatile int ret = 0;
unsigned char *p;
unsigned char *end;
- volatile unsigned char *buf_dup = buf;
- volatile size_t buflen_dup = buflen;
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
- ((void) buf_dup);
- ((void) buflen_dup);
p = buf + mbedtls_ssl_hs_hdr_len( ssl );
end = buf + buflen;
@@ -3104,7 +3100,7 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
{
mbedtls_platform_random_delay();
- if( ret == 0 && buf_dup == buf && buflen_dup == buflen )
+ if( ret == 0 )
{
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* We don't need the peer's public key anymore. Free it,
@@ -3587,10 +3583,7 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
{
int ret;
unsigned char *p, *end;
- volatile unsigned char *buf_dup = buf;
- volatile size_t buflen_dup = buflen;
size_t n;
-
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
@@ -3873,12 +3866,8 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
}
*olen = p - buf;
- /* Secure against buffer substitution */
- if( buf_dup == buf && buflen_dup == buflen )
- {
- return( 0 );
- }
- return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+
+ return( 0 );
}
static int ssl_out_client_key_exchange_postprocess( mbedtls_ssl_context *ssl )
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 7094a89a1..abfef5d45 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3269,19 +3269,13 @@ static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl,
- sig_start );
int ret = ssl->conf->f_async_resume( ssl,
sig_start, signature_len, sig_max_len );
- volatile size_t *signature_len_dup = signature_len;
if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS )
{
ssl->handshake->async_in_progress = 0;
mbedtls_ssl_set_async_operation_data( ssl, NULL );
}
MBEDTLS_SSL_DEBUG_RET( 2, "ssl_resume_server_key_exchange", ret );
- /* Secure against buffer substitution */
- if( signature_len_dup == signature_len )
- {
- return( ret );
- }
- return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ return( ret );
}
#endif /* defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) &&
defined(MBEDTLS_SSL_ASYNC_PRIVATE) */
@@ -3292,7 +3286,6 @@ static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl,
static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
size_t *signature_len )
{
- volatile size_t *signature_len_dup = signature_len;
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
@@ -3679,12 +3672,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
}
}
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
-
- if( signature_len_dup == signature_len )
- {
- return( 0 );
- }
- return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ return( 0 );
}
/* Prepare the ServerKeyExchange message and send it. For ciphersuites
@@ -3832,8 +3820,6 @@ static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char *
const unsigned char *end )
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
- unsigned char ** volatile p_dup = p;
- volatile const unsigned char *end_dup = end;
size_t n;
/*
@@ -3864,12 +3850,7 @@ static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char *
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY );
- /* Secure against buffer substitution */
- if( p_dup == p && end_dup == end )
- {
- return( ret );
- }
- return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ return( ret );
}
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
@@ -4236,8 +4217,6 @@ static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl,
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
unsigned char *p, *end;
- volatile unsigned char *buf_dup = buf;
- volatile size_t buflen_dup = buflen;
p = buf + mbedtls_ssl_hs_hdr_len( ssl );
end = buf + buflen;
@@ -4432,11 +4411,7 @@ static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- if( buf_dup == buf && buflen_dup == buflen )
- {
- return( ret );
- }
- return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ return( ret );
}
/* Update the handshake state */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c16bd6154..bbe94cbb1 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -177,8 +177,6 @@ int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl,
size_t buflen )
{
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
- volatile unsigned char *buf_dup = buf;
- volatile size_t buflen_dup = buflen;
mbedtls_record rec;
MBEDTLS_SSL_DEBUG_MSG( 1, ( "=> mbedtls_ssl_check_record" ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "record buffer", buf, buflen );
@@ -230,10 +228,6 @@ exit:
ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD;
}
- if( buf_dup != buf || buflen_dup != buflen )
- {
- return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
- }
MBEDTLS_SSL_DEBUG_MSG( 1, ( "<= mbedtls_ssl_check_record" ) );
return( ret );
}
@@ -288,9 +282,6 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
unsigned char const *own_cid,
size_t own_cid_len )
{
- volatile unsigned char const *own_cid_dup = own_cid;
- volatile size_t own_cid_len_dup = own_cid_len;
-
if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -317,12 +308,7 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
* MBEDTLS_SSL_CID_IN_LEN_MAX at most 255. */
ssl->own_cid_len = (uint8_t) own_cid_len;
- /* Secure against buffer substitution */
- if( own_cid_dup == own_cid && own_cid_len_dup == own_cid_len )
- {
- return( 0 );
- }
- return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ return( 0 );
}
int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
@@ -619,13 +605,7 @@ MBEDTLS_NO_INLINE static int ssl3_prf( const unsigned char *secret, size_t slen,
mbedtls_sha1_context sha1;
unsigned char padding[16];
unsigned char sha1sum[20];
- volatile const unsigned char *secret_dup = secret;
- volatile size_t slen_dup = slen;
- volatile const char *label_dup = label;
- volatile const unsigned char *random_dup = random;
- volatile size_t rlen_dup = rlen;
- volatile unsigned char *dstbuf_dup = dstbuf;
- volatile size_t dlen_dup = dlen;
+ ((void)label);
mbedtls_md5_init( &md5 );
mbedtls_sha1_init( &sha1 );
@@ -670,14 +650,7 @@ exit:
mbedtls_platform_zeroize( padding, sizeof( padding ) );
mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) );
- /* Secure against buffer substitution */
- if( secret_dup == secret && slen_dup == slen && label_dup == label &&
- random_dup == random && rlen_dup == rlen && dstbuf_dup == dstbuf &&
- dlen_dup == dlen )
- {
- return( ret );
- }
- return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ return( ret );
}
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
@@ -695,13 +668,6 @@ MBEDTLS_NO_INLINE static int tls1_prf( const unsigned char *secret, size_t slen,
mbedtls_md_handle_t md_info;
mbedtls_md_context_t md_ctx;
int ret;
- volatile const unsigned char *secret_dup = secret;
- volatile size_t slen_dup = slen;
- volatile const char *label_dup = label;
- volatile const unsigned char *random_dup = random;
- volatile size_t rlen_dup = rlen;
- volatile unsigned char *dstbuf_dup = dstbuf;
- volatile size_t dlen_dup = dlen;
mbedtls_md_init( &md_ctx );
@@ -788,14 +754,7 @@ MBEDTLS_NO_INLINE static int tls1_prf( const unsigned char *secret, size_t slen,
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
- /* Secure against buffer substitution */
- if( secret_dup == secret && slen_dup == slen && label_dup == label &&
- random_dup == random && rlen_dup == rlen && dstbuf_dup == dstbuf &&
- dlen_dup == dlen )
- {
- return( 0 );
- }
- return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ return( 0 );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */
@@ -818,13 +777,6 @@ int tls_prf_generic( mbedtls_md_type_t md_type,
mbedtls_md_handle_t md_info;
mbedtls_md_context_t md_ctx;
int ret;
- volatile const unsigned char *secret_dup = secret;
- volatile size_t slen_dup = slen;
- volatile const char *label_dup = label;
- volatile const unsigned char *random_dup = random;
- volatile size_t rlen_dup = rlen;
- volatile unsigned char *dstbuf_dup = dstbuf;
- volatile size_t dlen_dup = dlen;
mbedtls_md_init( &md_ctx );
@@ -884,14 +836,7 @@ int tls_prf_generic( mbedtls_md_type_t md_type,
(void)mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
(void)mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
- /* Secure against buffer substitution */
- if( secret_dup == secret && slen_dup == slen && label_dup == label &&
- random_dup == random && rlen_dup == rlen && dstbuf_dup == dstbuf &&
- dlen_dup == dlen )
- {
- return( 0 );
- }
- return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ return( 0 );
}
#if defined(MBEDTLS_SHA256_C)
@@ -1883,7 +1828,6 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
const mbedtls_ssl_context *ssl )
{
int ret;
- volatile unsigned char *master_dup = master;
/* #if !defined(MBEDTLS_DEBUG_C) && !defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) */
/* ssl = NULL; /\* make sure we don't use it except for debug and EMS *\/ */
@@ -1944,12 +1888,7 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
mbedtls_platform_zeroize( handshake->premaster,
sizeof(handshake->premaster) );
- /* Secure against buffer substitution */
- if( master_dup == master )
- {
- return( 0 );
- }
- return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ return( 0 );
}
int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
@@ -2466,9 +2405,6 @@ static int ssl_cid_build_inner_plaintext( unsigned char *content,
size_t pad = ( MBEDTLS_SSL_CID_PADDING_GRANULARITY -
( len + 1 ) % MBEDTLS_SSL_CID_PADDING_GRANULARITY ) %
MBEDTLS_SSL_CID_PADDING_GRANULARITY;
- volatile unsigned char *content_dup = content;
- volatile size_t *content_size_dup = content_size;
- volatile size_t remaining_dup = remaining;
/* Write real content type */
if( remaining == 0 )
@@ -2484,14 +2420,7 @@ static int ssl_cid_build_inner_plaintext( unsigned char *content,
remaining -= pad;
*content_size = len;
-
- /* Secure against buffer substitution */
- if( content_dup == content && content_size_dup == content_size &&
- ( remaining_dup - 1 - pad ) == remaining )
- {
- return( 0 );
- }
- return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ return( 0 );
}
/* This function parses a DTLSInnerPlaintext structure.
@@ -13028,10 +12957,6 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
{
int ret = 0;
mbedtls_md_context_t ctx;
- volatile unsigned char* hash_dup = hash;
- volatile size_t *hashlen_dup = hashlen;
- volatile unsigned char* data_dup = data;
- volatile size_t data_len_dup = data_len;
mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( md_alg );
*hashlen = mbedtls_md_get_size( md_info );
@@ -13078,13 +13003,7 @@ exit:
mbedtls_ssl_pend_fatal_alert( ssl,
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
- /* Secure against buffer substitution */
- if( hash_dup == hash && hashlen_dup == hashlen &&
- data_dup == data && data_len_dup == data_len )
- {
- return( ret );
- }
- return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ return( ret );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
MBEDTLS_SSL_PROTO_TLS1_2 */
diff --git a/tinycrypt/ecc.c b/tinycrypt/ecc.c
index 805543204..bf54fe8e7 100644
--- a/tinycrypt/ecc.c
+++ b/tinycrypt/ecc.c
@@ -1239,8 +1239,6 @@ int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key)
int ret = UECC_FAULT_DETECTED;
uECC_word_t _private[NUM_ECC_WORDS];
uECC_word_t _public[NUM_ECC_WORDS * 2];
- volatile const uint8_t *private_key_dup = private_key;
- volatile const uint8_t *public_key_dup = public_key;
uECC_vli_bytesToNative(
_private,
@@ -1266,8 +1264,6 @@ int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key)
uECC_vli_nativeToBytes(
public_key +
NUM_ECC_BYTES, NUM_ECC_BYTES, _public + NUM_ECC_WORDS);
- if (private_key_dup != private_key || public_key_dup != public_key){
- return UECC_FAULT_DETECTED;
- }
+
return ret;
}
diff --git a/tinycrypt/ecc_dh.c b/tinycrypt/ecc_dh.c
index bf3a80343..5a7a9e53e 100644
--- a/tinycrypt/ecc_dh.c
+++ b/tinycrypt/ecc_dh.c
@@ -170,9 +170,6 @@ int uECC_shared_secret(const uint8_t *public_key, const uint8_t *private_key,
wordcount_t num_words = NUM_ECC_WORDS;
wordcount_t num_bytes = NUM_ECC_BYTES;
int r = UECC_FAULT_DETECTED;
- volatile const uint8_t *public_key_dup = public_key;
- volatile const uint8_t *private_key_dup = private_key;
- volatile const uint8_t *secret_dup = secret;
/* Converting buffers to correct bit order: */
uECC_vli_bytesToNative(_private,
@@ -190,11 +187,6 @@ int uECC_shared_secret(const uint8_t *public_key, const uint8_t *private_key,
/* erasing temporary buffer used to store secret: */
mbedtls_platform_zeroize(_private, sizeof(_private));
- if (public_key_dup != public_key || private_key_dup != private_key || secret_dup != secret) {
- /* Erase secret in case of FI */
- mbedtls_platform_memset(secret, 0, NUM_ECC_BYTES);
- return UECC_FAULT_DETECTED;
- }
return r;
}
diff --git a/tinycrypt/ecc_dsa.c b/tinycrypt/ecc_dsa.c
index 2a676dc8f..d432a2e6a 100644
--- a/tinycrypt/ecc_dsa.c
+++ b/tinycrypt/ecc_dsa.c
@@ -204,10 +204,6 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
bitcount_t i;
bitcount_t flow_control;
volatile uECC_word_t diff;
- volatile const uint8_t *public_key_dup = public_key;
- volatile const uint8_t *message_hash_dup = message_hash;
- volatile unsigned hash_size_dup = hash_size;
- volatile const uint8_t *signature_dup = signature;
uECC_word_t _public[NUM_ECC_WORDS * 2];
uECC_word_t r[NUM_ECC_WORDS], s[NUM_ECC_WORDS];
@@ -309,10 +305,6 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
* 1 (base value) + num_bits - 1 (from the loop) + 5 incrementations.
*/
if (diff == 0 && flow_control == (num_bits + 5)) {
- if (public_key_dup != public_key || message_hash_dup != message_hash ||
- hash_size_dup != hash_size || signature_dup != signature) {
- return UECC_FAULT_DETECTED;
- }
return UECC_SUCCESS;
}
else {