Merge pull request #3500 from AndrzejKurek/fi-sha256-fixes Introduce sha256 security review fixes

commit: 898d3301481ccfc0afe47806fb527715e2b83b3c [log] [tgz]
author: Andrzej Kurek <andrzej.kurek@arm.com> Mon Aug 03 12:13:40 2020 +0200
committer: GitHub <noreply@github.com> Mon Aug 03 12:13:40 2020 +0200
tree: d5b79044889ebcc9f85125c7683d54614fbccc7c
parent: 84afe68ad42ed2f73a5e5a9ecfec4a14c4c337a1 [diff]
parent: 8917326d7be28928634e634e3be6c92fe61b9140 [diff]
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 4e0f989..7d16074 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h

@@ -232,6 +232,18 @@
 int mbedtls_platform_memcmp( const void *buf1, const void *buf2, size_t num );
 
 /**
+ * \brief       RNG-function for getting a random 32-bit integer.
+ *
+ *
+ * \note        Currently the function is dependent of hardware providing an
+ *              rng with MBEDTLS_ENTROPY_HARDWARE_ALT. By default, 0 is
+ *              returned.
+ *
+ * \return      The generated random number.
+ */
+uint32_t mbedtls_platform_random_uint32( void );
+
+/**
  * \brief       RNG-function for getting a random in given range.
  *
  *              This function is meant to provide a global RNG to be used

diff --git a/library/aes.c b/library/aes.c
index e49f74f..e9e7544 100644
--- a/library/aes.c
+++ b/library/aes.c

@@ -552,7 +552,7 @@
     int i = 0, j, is_even_pos, dummy_rounds, num;
 
     mbedtls_platform_memset( tbl, 0, tbl_len );
-    // get random from 0x0fff (each f will be used separately)
+    // get random from 0x0fff
     num = mbedtls_platform_random_in_range( 0x1000 );
 
     // Randomize execution order of initial round key addition
@@ -570,7 +570,7 @@
     tbl_len = tbl_len - (AES_SCA_CM_ROUNDS - dummy_rounds);
 
     // randomize positions for the dummy rounds
-    num = ( num & 0x000f ) % ( dummy_rounds + 1 );
+    num = ( num & 0x0fff ) % ( dummy_rounds + 1 );
 
     // add dummy rounds after initial round key addition (if needed)
     for ( ; i < num + 2; i++ )
@@ -686,8 +686,6 @@
     unsigned int flow_ctrl = 0;
     volatile unsigned int i = 0;
     volatile int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
-    volatile const unsigned char *key_dup = key;
-    volatile unsigned int keybits_dup = keybits;
     uint32_t *RK;
     uint32_t offset = 0;
 
@@ -727,7 +725,9 @@
         return( mbedtls_aesni_setkey_enc( (unsigned char *) ctx->rk, key, keybits ) );
 #endif
 
-    mbedtls_platform_memset( RK, 0, ( keybits >> 5 ) * 4 );
+    /* Three least significant bits are truncated from keybits, which is
+     * expected to be a multiple of 8. */
+    mbedtls_platform_memset( RK, 0, keybits >> 3 );
     offset = mbedtls_platform_random_in_range( keybits >> 5 );
 
     for( j = offset; j < ( keybits >> 5 ); j++ )
@@ -816,10 +816,7 @@
 #endif
     ) )
     {
-        if( keybits_dup == keybits && key_dup == key )
-        {
-            return ret;
-        }
+        return ret;
     }
 
     mbedtls_platform_memset( RK, 0, ( keybits >> 5 ) * 4 );
@@ -1069,8 +1066,6 @@
     aes_r_data_t *aes_data_table[2];    // pointers to real and fake data
     int round_ctrl_table_len = ctx->nr + 2 + AES_SCA_CM_ROUNDS;
     volatile int flow_control;
-    volatile const unsigned char *input_dup = input;
-    volatile unsigned char *output_dup = output;
     // control bytes for AES calculation rounds,
     // reserve based on max rounds + dummy rounds + 2 (for initial key addition)
     uint8_t round_ctrl_table[( 14 + AES_SCA_CM_ROUNDS + 2 )];
@@ -1096,7 +1091,7 @@
     do
     {
         GET_UINT32_LE( aes_data_real.xy_values[i], input,  ( i * 4 ) );
-        aes_data_fake.xy_values[i] = mbedtls_platform_random_in_range( 0xffffffff );
+        aes_data_fake.xy_values[i] = mbedtls_platform_random_uint32();
         flow_control++;
     } while( ( i = ( i + 1 ) % 4 ) != offset );
 
@@ -1170,11 +1165,7 @@
 
     if( flow_control == tindex + dummy_rounds + 8 )
     {
-        /* Validate control path due possible fault injection */
-        if( output_dup == output && input_dup == input )
-        {
-            return 0;
-        }
+        return 0;
     }
 
     // Clear the output in case of a FI
@@ -1355,8 +1346,6 @@
     aes_r_data_t *aes_data_table[2];    // pointers to real and fake data
     int round_ctrl_table_len = ctx->nr + 2 + AES_SCA_CM_ROUNDS;
     volatile int flow_control;
-    volatile const unsigned char *input_dup = input;
-    volatile unsigned char *output_dup = output;
     // control bytes for AES calculation rounds,
     // reserve based on max rounds + dummy rounds + 2 (for initial key addition)
     uint8_t round_ctrl_table[( 14 + AES_SCA_CM_ROUNDS + 2 )];
@@ -1456,11 +1445,7 @@
 
     if( flow_control == tindex + dummy_rounds + 8 )
     {
-        /* Validate control path due possible fault injection */
-        if( output_dup == output && input_dup == input )
-        {
-            return 0;
-        }
+        return 0;
     }
 
     // Clear the output in case of a FI

diff --git a/library/ccm.c b/library/ccm.c
index 54d051e..750ec9e 100644
--- a/library/ccm.c
+++ b/library/ccm.c

@@ -77,8 +77,6 @@
 {
     int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
     const mbedtls_cipher_info_t *cipher_info;
-    volatile const unsigned char *key_dup = key;
-    volatile unsigned int keybits_dup = keybits;
 
     CCM_VALIDATE_RET( ctx != NULL );
     CCM_VALIDATE_RET( key != NULL );
@@ -101,14 +99,7 @@
         return( ret );
     }
 
-    if( keybits_dup == keybits && key_dup == key )
-    {
-        return( ret );
-    }
-
-    // In case of a FI - clear the context
-    mbedtls_cipher_free( &ctx->cipher_ctx );
-    return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+    return( ret );
 }
 
 /*
@@ -174,15 +165,6 @@
     unsigned char ctr[16];
     const unsigned char *src;
     unsigned char *dst;
-    volatile size_t length_dup = length;
-    volatile const unsigned char *iv_dup = iv;
-    volatile size_t iv_len_dup = iv_len;
-    volatile const unsigned char *add_dup = add;
-    volatile size_t add_len_dup = add_len;
-    volatile const unsigned char *input_dup = input;
-    volatile unsigned char *output_dup = output;
-    volatile unsigned char *tag_dup = tag;
-    volatile size_t tag_len_dup = tag_len;
 
     /*
      * Check length requirements: SP800-38C A.1
@@ -334,16 +316,6 @@
     CTR_CRYPT( y, y, 16 );
     mbedtls_platform_memcpy( tag, y, tag_len );
 
-    if( length_dup != length || iv_dup != iv || iv_len_dup != iv_len ||
-        add_dup != add || add_len_dup != add_len || input_dup != input ||
-        output_dup != output || tag_dup != tag || tag_len_dup != tag_len)
-    {
-
-        // In case of a FI - clear the output
-        mbedtls_platform_memset( output, 0, length );
-        return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
-    }
-
     return( ret );
 }
 
@@ -398,15 +370,6 @@
     unsigned char check_tag[16];
     unsigned char i;
     int diff;
-    volatile size_t length_dup = length;
-    volatile const unsigned char *iv_dup = iv;
-    volatile size_t iv_len_dup = iv_len;
-    volatile const unsigned char *add_dup = add;
-    volatile size_t add_len_dup = add_len;
-    volatile const unsigned char *input_dup = input;
-    volatile unsigned char *output_dup = output;
-    volatile const unsigned char *tag_dup = tag;
-    volatile size_t tag_len_dup = tag_len;
 
     CCM_VALIDATE_RET( ctx != NULL );
     CCM_VALIDATE_RET( iv != NULL );
@@ -432,13 +395,6 @@
         return( MBEDTLS_ERR_CCM_AUTH_FAILED );
     }
 
-    if( length_dup != length || iv_dup != iv || iv_len_dup != iv_len ||
-        add_dup != add || add_len_dup != add_len || input_dup != input ||
-        output_dup != output || tag_dup != tag || tag_len_dup != tag_len)
-    {
-        return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
-    }
-
     return( ret );
 }
 

diff --git a/library/platform_util.c b/library/platform_util.c
index de2fa2b..fc6eb5a 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c

@@ -172,6 +172,20 @@
     return( (int) diff | (int) ( flow_counter ^ num ) );
 }
 
+uint32_t mbedtls_platform_random_uint32( )
+{
+#if !defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
+    return 0;
+#else
+    uint32_t result = 0;
+    size_t olen = 0;
+
+    mbedtls_hardware_poll( NULL, (unsigned char *) &result, sizeof( result ),
+                           &olen );
+    return( result );
+#endif
+}
+
 uint32_t mbedtls_platform_random_in_range( size_t num )
 {
 #if !defined(MBEDTLS_ENTROPY_HARDWARE_ALT)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 5b47c0a..58cbd87 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -2796,14 +2796,10 @@
     volatile int ret = 0;
     unsigned char *p;
     unsigned char *end;
-    volatile unsigned char *buf_dup = buf;
-    volatile size_t buflen_dup = buflen;
 
     mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
         mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
 
-    ((void) buf_dup);
-    ((void) buflen_dup);
     p   = buf + mbedtls_ssl_hs_hdr_len( ssl );
     end = buf + buflen;
 
@@ -3104,7 +3100,7 @@
         {
             mbedtls_platform_random_delay();
 
-            if( ret == 0 && buf_dup == buf && buflen_dup == buflen )
+            if( ret == 0 )
             {
 #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
                 /* We don't need the peer's public key anymore. Free it,
@@ -3587,10 +3583,7 @@
 {
     int ret;
     unsigned char *p, *end;
-    volatile unsigned char *buf_dup = buf;
-    volatile size_t buflen_dup = buflen;
     size_t n;
-
     mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
         mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
 
@@ -3873,12 +3866,8 @@
     }
 
     *olen = p - buf;
-    /* Secure against buffer substitution */
-    if( buf_dup == buf && buflen_dup == buflen )
-    {
-       return( 0 );
-    }
-    return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+
+    return( 0 );
 }
 
 static int ssl_out_client_key_exchange_postprocess( mbedtls_ssl_context *ssl )

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 7094a89..abfef5d 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -3269,19 +3269,13 @@
                            - sig_start );
     int ret = ssl->conf->f_async_resume( ssl,
                                          sig_start, signature_len, sig_max_len );
-    volatile size_t *signature_len_dup = signature_len;
     if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS )
     {
         ssl->handshake->async_in_progress = 0;
         mbedtls_ssl_set_async_operation_data( ssl, NULL );
     }
     MBEDTLS_SSL_DEBUG_RET( 2, "ssl_resume_server_key_exchange", ret );
-    /* Secure against buffer substitution */
-    if( signature_len_dup == signature_len )
-    {
-        return( ret );
-    }
-    return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+    return( ret );
 }
 #endif /* defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) &&
           defined(MBEDTLS_SSL_ASYNC_PRIVATE) */
@@ -3292,7 +3286,6 @@
 static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
                                             size_t *signature_len )
 {
-    volatile size_t *signature_len_dup = signature_len;
     mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
         mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
 
@@ -3679,12 +3672,7 @@
         }
     }
 #endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
-
-    if( signature_len_dup == signature_len )
-    {
-        return( 0 );
-    }
-    return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+    return( 0 );
 }
 
 /* Prepare the ServerKeyExchange message and send it. For ciphersuites
@@ -3832,8 +3820,6 @@
                                        const unsigned char *end )
 {
     int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
-    unsigned char ** volatile p_dup = p;
-    volatile const unsigned char *end_dup = end;
     size_t n;
 
     /*
@@ -3864,12 +3850,7 @@
 
     MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY );
 
-    /* Secure against buffer substitution */
-    if( p_dup == p && end_dup == end )
-    {
-        return( ret );
-    }
-    return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+    return( ret );
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
           MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
@@ -4236,8 +4217,6 @@
     mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
         mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
     unsigned char *p, *end;
-    volatile unsigned char *buf_dup = buf;
-    volatile size_t buflen_dup = buflen;
 
     p = buf + mbedtls_ssl_hs_hdr_len( ssl );
     end = buf + buflen;
@@ -4432,11 +4411,7 @@
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
     }
-    if( buf_dup == buf && buflen_dup == buflen )
-    {
-        return( ret );
-    }
-    return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+    return( ret );
 }
 
 /* Update the handshake state */

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c16bd61..bbe94cb 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -177,8 +177,6 @@
                               size_t buflen )
 {
     int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
-    volatile unsigned char *buf_dup = buf;
-    volatile size_t buflen_dup = buflen;
     mbedtls_record rec;
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "=> mbedtls_ssl_check_record" ) );
     MBEDTLS_SSL_DEBUG_BUF( 3, "record buffer", buf, buflen );
@@ -230,10 +228,6 @@
         ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD;
     }
 
-    if( buf_dup != buf || buflen_dup != buflen )
-    {
-        return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
-    }
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "<= mbedtls_ssl_check_record" ) );
     return( ret );
 }
@@ -288,9 +282,6 @@
                          unsigned char const *own_cid,
                          size_t own_cid_len )
 {
-    volatile unsigned char const *own_cid_dup = own_cid;
-    volatile size_t own_cid_len_dup = own_cid_len;
-
     if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
@@ -317,12 +308,7 @@
      * MBEDTLS_SSL_CID_IN_LEN_MAX at most 255. */
     ssl->own_cid_len = (uint8_t) own_cid_len;
 
-    /* Secure against buffer substitution */
-    if( own_cid_dup == own_cid && own_cid_len_dup == own_cid_len )
-    {
-        return( 0 );
-    }
-    return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+    return( 0 );
 }
 
 int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
@@ -619,13 +605,7 @@
     mbedtls_sha1_context sha1;
     unsigned char padding[16];
     unsigned char sha1sum[20];
-    volatile const unsigned char *secret_dup = secret;
-    volatile size_t slen_dup = slen;
-    volatile const char *label_dup = label;
-    volatile const unsigned char *random_dup = random;
-    volatile size_t rlen_dup = rlen;
-    volatile unsigned char *dstbuf_dup = dstbuf;
-    volatile size_t dlen_dup = dlen;
+    ((void)label);
 
     mbedtls_md5_init(  &md5  );
     mbedtls_sha1_init( &sha1 );
@@ -670,14 +650,7 @@
     mbedtls_platform_zeroize( padding, sizeof( padding ) );
     mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) );
 
-    /* Secure against buffer substitution */
-    if( secret_dup == secret && slen_dup == slen && label_dup == label &&
-        random_dup == random && rlen_dup == rlen && dstbuf_dup == dstbuf &&
-        dlen_dup == dlen )
-    {
-        return( ret );
-    }
-    return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+    return( ret );
 }
 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
 
@@ -695,13 +668,6 @@
     mbedtls_md_handle_t md_info;
     mbedtls_md_context_t md_ctx;
     int ret;
-    volatile const unsigned char *secret_dup = secret;
-    volatile size_t slen_dup = slen;
-    volatile const char *label_dup = label;
-    volatile const unsigned char *random_dup = random;
-    volatile size_t rlen_dup = rlen;
-    volatile unsigned char *dstbuf_dup = dstbuf;
-    volatile size_t dlen_dup = dlen;
 
     mbedtls_md_init( &md_ctx );
 
@@ -788,14 +754,7 @@
     mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
     mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
 
-    /* Secure against buffer substitution */
-    if( secret_dup == secret && slen_dup == slen && label_dup == label &&
-        random_dup == random && rlen_dup == rlen && dstbuf_dup == dstbuf &&
-        dlen_dup == dlen )
-    {
-        return( 0 );
-    }
-    return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+    return( 0 );
 }
 #endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */
 
@@ -818,13 +777,6 @@
     mbedtls_md_handle_t md_info;
     mbedtls_md_context_t md_ctx;
     int ret;
-    volatile const unsigned char *secret_dup = secret;
-    volatile size_t slen_dup = slen;
-    volatile const char *label_dup = label;
-    volatile const unsigned char *random_dup = random;
-    volatile size_t rlen_dup = rlen;
-    volatile unsigned char *dstbuf_dup = dstbuf;
-    volatile size_t dlen_dup = dlen;
 
     mbedtls_md_init( &md_ctx );
 
@@ -884,14 +836,7 @@
     (void)mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
     (void)mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
 
-    /* Secure against buffer substitution */
-    if( secret_dup == secret && slen_dup == slen && label_dup == label &&
-        random_dup == random && rlen_dup == rlen && dstbuf_dup == dstbuf &&
-        dlen_dup == dlen )
-    {
-        return( 0 );
-    }
-    return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+    return( 0 );
 }
 
 #if defined(MBEDTLS_SHA256_C)
@@ -1883,7 +1828,6 @@
                                const mbedtls_ssl_context *ssl )
 {
     int ret;
-    volatile unsigned char *master_dup = master;
 
 /* #if !defined(MBEDTLS_DEBUG_C) && !defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) */
 /*     ssl = NULL; /\* make sure we don't use it except for debug and EMS *\/ */
@@ -1944,12 +1888,7 @@
 
     mbedtls_platform_zeroize( handshake->premaster,
                               sizeof(handshake->premaster) );
-    /* Secure against buffer substitution */
-    if( master_dup == master )
-    {
-        return( 0 );
-    }
-    return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+    return( 0 );
 }
 
 int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
@@ -2466,9 +2405,6 @@
     size_t pad = ( MBEDTLS_SSL_CID_PADDING_GRANULARITY -
                    ( len + 1 ) % MBEDTLS_SSL_CID_PADDING_GRANULARITY ) %
         MBEDTLS_SSL_CID_PADDING_GRANULARITY;
-    volatile unsigned char *content_dup = content;
-    volatile size_t *content_size_dup = content_size;
-    volatile size_t remaining_dup = remaining;
 
     /* Write real content type */
     if( remaining == 0 )
@@ -2484,14 +2420,7 @@
     remaining -= pad;
 
     *content_size = len;
-
-    /* Secure against buffer substitution */
-    if( content_dup == content && content_size_dup == content_size &&
-        ( remaining_dup - 1 - pad ) == remaining )
-    {
-        return( 0 );
-    }
-    return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+    return( 0 );
 }
 
 /* This function parses a DTLSInnerPlaintext structure.
@@ -13028,10 +12957,6 @@
 {
     int ret = 0;
     mbedtls_md_context_t ctx;
-    volatile unsigned char* hash_dup = hash;
-    volatile size_t *hashlen_dup = hashlen;
-    volatile unsigned char* data_dup = data;
-    volatile size_t data_len_dup = data_len;
 
     mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( md_alg );
     *hashlen = mbedtls_md_get_size( md_info );
@@ -13078,13 +13003,7 @@
         mbedtls_ssl_pend_fatal_alert( ssl,
                                       MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
 
-    /* Secure against buffer substitution */
-    if( hash_dup == hash && hashlen_dup == hashlen &&
-        data_dup == data && data_len_dup == data_len )
-    {
-        return( ret );
-    }
-    return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+    return( ret );
 }
 #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
           MBEDTLS_SSL_PROTO_TLS1_2 */

diff --git a/library/x509.c b/library/x509.c
index 093a315..65f2ec6 100644
--- a/library/x509.c
+++ b/library/x509.c

@@ -176,7 +176,7 @@
         return( MBEDTLS_ERR_X509_INVALID_ALG +
                 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
 
-    p = (unsigned char *) alg->p;
+    p = alg->p;
     end = p + alg->len;
 
     if( p >= end )

diff --git a/tinycrypt/ecc.c b/tinycrypt/ecc.c
index 8055432..bf54fe8 100644
--- a/tinycrypt/ecc.c
+++ b/tinycrypt/ecc.c

@@ -1239,8 +1239,6 @@
 	int ret = UECC_FAULT_DETECTED;
 	uECC_word_t _private[NUM_ECC_WORDS];
 	uECC_word_t _public[NUM_ECC_WORDS * 2];
-	volatile const uint8_t *private_key_dup = private_key;
-	volatile const uint8_t *public_key_dup = public_key;
 
 	uECC_vli_bytesToNative(
 	_private,
@@ -1266,8 +1264,6 @@
 	uECC_vli_nativeToBytes(
 	public_key +
 	NUM_ECC_BYTES, NUM_ECC_BYTES, _public + NUM_ECC_WORDS);
-	if (private_key_dup != private_key || public_key_dup != public_key){
-		return UECC_FAULT_DETECTED;
-	}
+
 	return ret;
 }

diff --git a/tinycrypt/ecc_dh.c b/tinycrypt/ecc_dh.c
index bf3a803..5a7a9e5 100644
--- a/tinycrypt/ecc_dh.c
+++ b/tinycrypt/ecc_dh.c

@@ -170,9 +170,6 @@
 	wordcount_t num_words = NUM_ECC_WORDS;
 	wordcount_t num_bytes = NUM_ECC_BYTES;
 	int r = UECC_FAULT_DETECTED;
-	volatile const uint8_t *public_key_dup = public_key;
-	volatile const uint8_t *private_key_dup = private_key;
-	volatile const uint8_t *secret_dup = secret;
 
 	/* Converting buffers to correct bit order: */
 	uECC_vli_bytesToNative(_private,
@@ -190,11 +187,6 @@
 
 	/* erasing temporary buffer used to store secret: */
 	mbedtls_platform_zeroize(_private, sizeof(_private));
-	if (public_key_dup != public_key || private_key_dup != private_key || secret_dup != secret) {
-	    /* Erase secret in case of FI */
-	    mbedtls_platform_memset(secret, 0, NUM_ECC_BYTES);
-		return UECC_FAULT_DETECTED;
-	}
 
 	return r;
 }

diff --git a/tinycrypt/ecc_dsa.c b/tinycrypt/ecc_dsa.c
index 2a676dc..d432a2e 100644
--- a/tinycrypt/ecc_dsa.c
+++ b/tinycrypt/ecc_dsa.c

@@ -204,10 +204,6 @@
 	bitcount_t i;
 	bitcount_t flow_control;
 	volatile uECC_word_t diff;
-	volatile const uint8_t *public_key_dup = public_key;
-	volatile const uint8_t *message_hash_dup = message_hash;
-	volatile unsigned hash_size_dup = hash_size;
-	volatile const uint8_t *signature_dup = signature;
 
 	uECC_word_t _public[NUM_ECC_WORDS * 2];
 	uECC_word_t r[NUM_ECC_WORDS], s[NUM_ECC_WORDS];
@@ -309,10 +305,6 @@
 		 * 1 (base value) + num_bits - 1 (from the loop) + 5 incrementations.
 		 */
 		if (diff == 0 && flow_control == (num_bits + 5)) {
-			if (public_key_dup != public_key || message_hash_dup != message_hash ||
-				hash_size_dup != hash_size || signature_dup != signature) {
-				return UECC_FAULT_DETECTED;
-			}
 			return UECC_SUCCESS;
 		}
 		else {
commit	898d3301481ccfc0afe47806fb527715e2b83b3c	[log] [tgz]
author	Andrzej Kurek <andrzej.kurek@arm.com>	Mon Aug 03 12:13:40 2020 +0200
committer	GitHub <noreply@github.com>	Mon Aug 03 12:13:40 2020 +0200
tree	d5b79044889ebcc9f85125c7683d54614fbccc7c
parent	84afe68ad42ed2f73a5e5a9ecfec4a14c4c337a1 [diff]
parent	8917326d7be28928634e634e3be6c92fe61b9140 [diff]