commit 787011542bafd1c9cab2e95a0a04b0eee5eb2481
author Dave Rodgman <dave.rodgman@arm.com> Tue Aug 29 14:20:18 2023 +0100
committer Dave Rodgman <dave.rodgman@arm.com> Tue Aug 29 14:20:18 2023 +0100
tree ebf7950ccae0e48bfb904ab37cb99602d0f6053e
parent f4efd19dd0d83326f2137daa2e79f9a5e6bf3c78

Fully replace mbedtls_psa_safer_memcmp

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 94139af..9582f19 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -64,6 +64,7 @@
 #include "mbedtls/cipher.h"
 #include "mbedtls/ccm.h"
 #include "mbedtls/cmac.h"
+#include "mbedtls/constant_time.h"
 #include "mbedtls/des.h"
 #include "mbedtls/ecdh.h"
 #include "mbedtls/ecp.h"
@@ -2420,7 +2421,7 @@
         goto exit;
     }
 
-    if (mbedtls_psa_safer_memcmp(hash, actual_hash, actual_hash_length) != 0) {
+    if (mbedtls_ct_memcmp(hash, actual_hash, actual_hash_length) != 0) {
         status = PSA_ERROR_INVALID_SIGNATURE;
     }
 
@@ -2469,7 +2470,7 @@
         status = PSA_ERROR_INVALID_SIGNATURE;
         goto exit;
     }
-    if (mbedtls_psa_safer_memcmp(hash, actual_hash, actual_hash_length) != 0) {
+    if (mbedtls_ct_memcmp(hash, actual_hash, actual_hash_length) != 0) {
         status = PSA_ERROR_INVALID_SIGNATURE;
     }
 
@@ -2851,7 +2852,7 @@
         status = PSA_ERROR_INVALID_SIGNATURE;
         goto exit;
     }
-    if (mbedtls_psa_safer_memcmp(mac, actual_mac, actual_mac_length) != 0) {
+    if (mbedtls_ct_memcmp(mac, actual_mac, actual_mac_length) != 0) {
         status = PSA_ERROR_INVALID_SIGNATURE;
         goto exit;
     }

library/psa_crypto_core.h

diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 6d44768..4e28f30 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -40,20 +40,6 @@
  */
 int psa_can_do_hash(psa_algorithm_t hash_alg);
 
-/** Constant-time buffer comparison
- *
- * \param[in]  a    Left-hand buffer for comparison.
- * \param[in]  b    Right-hand buffer for comparison.
- * \param n         Amount of bytes to compare.
- *
- * \return 0 if the buffer contents are equal, non-zero otherwise
- */
-static inline int mbedtls_psa_safer_memcmp(
-    const uint8_t *a, const uint8_t *b, size_t n)
-{
-    return mbedtls_ct_memcmp(a, b, n);
-}
-
 /** The data structure representing a key slot, containing key material
  * and metadata for one key.
  */

library/psa_crypto_mac.c

diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c
index 07f123e..2f2c51d 100644
--- a/library/psa_crypto_mac.c
+++ b/library/psa_crypto_mac.c
@@ -29,6 +29,7 @@
 #include <mbedtls/md.h>
 
 #include <mbedtls/error.h>
+#include "mbedtls/constant_time.h"
 #include <string.h>
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
@@ -453,7 +454,7 @@
         goto cleanup;
     }
 
-    if (mbedtls_psa_safer_memcmp(mac, actual_mac, mac_length) != 0) {
+    if (mbedtls_ct_memcmp(mac, actual_mac, mac_length) != 0) {
         status = PSA_ERROR_INVALID_SIGNATURE;
     }