libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext()
Adds fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext() by using
the macro FTMN_CALLEE_DONE_MEMCMP() instead of memcmp() when checking
that the hash in the RSA signature is matching the expected value.
FTMN_CALLEE_DONE_MEMCMP() saves on success the result in a thread local
storage if fault mitigations was enabled when the function was called.
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
[tve: rebased onto mbedtls-3.6.0]
Signed-off-by: Tom Van Eyck <tom.vaneyck@kuleuven.be>
[sby: rebased onto mbedtls-3.6.2]
Signed-off-by: Sungbae Yoo <sungbaey@nvidia.com>
diff --git a/lib/libmbedtls/mbedtls/library/rsa.c b/lib/libmbedtls/mbedtls/library/rsa.c
index 8f1363f..848e781 100644
--- a/lib/libmbedtls/mbedtls/library/rsa.c
+++ b/lib/libmbedtls/mbedtls/library/rsa.c
@@ -48,6 +48,8 @@
#include "mbedtls/platform.h"
+#include <fault_mitigation.h>
+
/*
* Wrapper around mbedtls_asn1_get_mpi() that rejects zero.
*
@@ -2640,7 +2642,7 @@
return ret;
}
- if (memcmp(hash_start, result, hlen) != 0) {
+ if (FTMN_CALLEE_DONE_MEMCMP(memcmp, hash_start, result, hlen) != 0) {
return MBEDTLS_ERR_RSA_VERIFY_FAILED;
}