commit 4062d6ca6848c0b4d3fdc82077bc970c174d7115
author shelib01 <shelly.liberman@arm.com> Tue Jul 21 11:54:52 2020 +0300
committer Shelly Liberman <shelly.liberman@arm.com> Wed Aug 05 15:01:05 2020 +0300
tree 80c706cea33a20dfa509a5f20bb9d94704173817
parent 7e6075b7fd5fdb965c9491af2ebd629594bfebd4

Add user pointer and data size duplication to ssl context.

Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>

include/mbedtls/config.h

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 4ee5920..4ac141e 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -655,6 +655,16 @@
 //#define MBEDTLS_AES_SCA_COUNTERMEASURES
 
 /**
+ * \def MBEDTLS_FI_COUNTERMEASURES
+ *
+ * Add countermeasures against possible  FI attack.
+ *
+ * Uncommenting this macro inrease sode size and slow performence,
+ * it peforms double calls and double result checks of some crypto functions
+ */
+//#define MBEDTLS_FI_COUNTERMEASURES
+
+/**
  * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
  *
  * Use less ROM for the Camellia implementation (saves about 768 bytes).

include/mbedtls/ssl.h

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index e14f58f..ee231a5 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1460,6 +1460,10 @@
      *  after an initial handshake. */
     unsigned char own_cid[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+#if defined(MBEDTLS_FI_COUNTERMEASURES)
+    unsigned char *out_msg_dup;     /*!< out msg ptr duplication  */
+    size_t out_msglen_dup;          /*!< out msg size duplication */
+#endif
 };
 
 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)