Merge pull request #3785 from AndrzejKurek/m_tinycrypt_asm
TinyCrypt ARM assembler and other optimisations
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index e2c24e2..523e62c 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2794,6 +2794,7 @@
* structural change to provide default flow assumes failure
*/
volatile int ret = 0;
+ volatile int ret_fi = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
unsigned char *p;
unsigned char *end;
@@ -2931,6 +2932,7 @@
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
{
((void) ret);
+ ((void) ret_fi);
((void) p);
((void) end);
((void) ciphersuite_info);
@@ -3100,7 +3102,16 @@
{
mbedtls_platform_random_delay();
- if( ret == 0 )
+ if( rs_ctx == NULL )
+ {
+ ret_fi = mbedtls_pk_verify_restartable( peer_pk,
+ md_alg, hash, hashlen, p, sig_len, rs_ctx );
+ }
+ else
+ {
+ ret_fi = 0;
+ }
+ if( ret == 0 && ret_fi == 0 )
{
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* We don't need the peer's public key anymore. Free it,
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index ec0c21a..96f7446 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -4456,7 +4456,8 @@
#else /* !MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
{
- volatile int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+ volatile int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+ volatile int ret_fi = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
size_t i, sig_len;
unsigned char hash[48];
unsigned char *hash_start = hash;
@@ -4643,14 +4644,17 @@
}
ret = mbedtls_pk_verify( peer_pk,
- md_alg, hash_start, hashlen,
- ssl->in_msg + i, sig_len );
+ md_alg, hash_start, hashlen,
+ ssl->in_msg + i, sig_len );
if( ret == 0 )
{
mbedtls_platform_random_delay();
- if( ret == 0 )
+ ret_fi = mbedtls_pk_verify( peer_pk,
+ md_alg, hash_start, hashlen,
+ ssl->in_msg + i, sig_len );
+ if( ret == 0 && ret_fi == 0 )
{
mbedtls_ssl_update_handshake_status( ssl );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e00dd01..7dfc0af 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2601,6 +2601,7 @@
unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ];
size_t add_data_len;
size_t post_avail;
+ int encryption_status = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
/* The SSL context is only used for debugging purposes! */
#if !defined(MBEDTLS_DEBUG_C)
@@ -2770,7 +2771,7 @@
return( ret );
}
- if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx,
+ if( ( ret = encryption_status = mbedtls_cipher_crypt( &transform->cipher_ctx,
transform->iv_enc, transform->ivlen,
data, rec->data_len,
data, &olen ) ) != 0 )
@@ -2779,7 +2780,7 @@
return( ret );
}
#else
- if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
+ if( ( ret = encryption_status = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
transform->iv_enc, transform->ivlen,
data, rec->data_len,
data, &olen ) ) != 0 )
@@ -2869,7 +2870,7 @@
return( ret );
}
- if( ( ret = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx,
+ if( ( ret = encryption_status = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx,
iv, transform->ivlen,
add_data, add_data_len, /* add data */
data, rec->data_len, /* source */
@@ -2880,7 +2881,7 @@
return( ret );
}
#else
- if( ( ret = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx_enc,
+ if( ( ret = encryption_status = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx_enc,
iv, transform->ivlen,
add_data, add_data_len, /* add data */
data, rec->data_len, /* source */
@@ -2891,6 +2892,7 @@
return( ret );
}
#endif
+
MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag",
data + rec->data_len, transform->taglen );
@@ -2974,7 +2976,7 @@
return( ret );
}
- if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx,
+ if( ( ret = encryption_status = mbedtls_cipher_crypt( &transform->cipher_ctx,
transform->iv_enc,
transform->ivlen,
data, rec->data_len,
@@ -2984,7 +2986,7 @@
return( ret );
}
#else
- if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
+ if( ( ret = encryption_status = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
transform->iv_enc,
transform->ivlen,
data, rec->data_len,
@@ -2994,6 +2996,7 @@
return( ret );
}
#endif
+
if( rec->data_len != olen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
@@ -3082,7 +3085,11 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) );
- return( 0 );
+ if( encryption_status == 0 )
+ {
+ return( 0 );
+ }
+ return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
}
int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,