Update HMAC and MD FI countermeasures
-Return error value by default.
-Success is returned only after checking internal states.
-Append flow_control to cover also last function call.
diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c
index 824b009..2ebdac0 100644
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@@ -123,30 +123,30 @@
flow_counter++;
if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V ) ) != 0 )
goto exit;
+ flow_counter++;
}
exit:
- if( ret == 0 )
+ mbedtls_platform_zeroize( K, sizeof( K ) );
+ /* Check for possible attack.
+ * Counters needs to have correct values when returning success
+ */
+ if ( ret != 0 )
+ return( ret ); // error case, return immediately
+
+ if ( ( ( flow_counter == 8 ) && ( sep[0] == 1 ) ) ||
+ ( ( flow_counter == 18 ) && ( sep[0] == 2 ) ) )
{
- ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
- /* Check for possible attack.
- * Counters needs to have correct values when returning success
- */
- if ( ( ( flow_counter == 7 ) && ( sep[0] == 1 ) ) ||
- ( ( flow_counter == 16 ) && ( sep[0] == 2 ) ) )
+ flow_counter = flow_counter - sep[0];
+ // Double check flow_counter
+ if ( ( flow_counter == 7 ) || ( flow_counter == 16 ) )
{
- flow_counter = flow_counter - sep[0];
- // Double check flow_counter
- if ( ( flow_counter == 6 ) || ( flow_counter == 14 ) )
- {
- ret = 0;
- }
+ return ret; // success, return 0 from ret
}
}
- mbedtls_platform_zeroize( K, sizeof( K ) );
- return( ret );
+ return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -259,14 +259,20 @@
ctx->reseed_counter = 1;
exit:
- if (ret == 0 && ctx->reseed_counter != 1)
- {
- /* Illegal condition, possible attack detected */
- ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
- }
+
/* 4. Done */
mbedtls_platform_zeroize( seed, seedlen );
- return( ret );
+
+ if ( ret != 0 )
+ return ret;
+
+ if ( ret == 0 && ctx->reseed_counter == 1 )
+ {
+ /* All ok, return 0 from ret */
+ return ret;
+ }
+
+ return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
}
/*
@@ -430,21 +436,20 @@
exit:
/* 8. Done */
- if (ret == 0)
+ if ( ret != 0 )
+ return ret;
+
+ /*
+ * Check doubled variables and illegal conditions in case of possible
+ * attack.
+ */
+ if ( ( out_len_fi == out_len ) && ( output_fi == output) &&
+ ( left == 0 ) )
{
- /*
- * Check doubled variables and illegal conditions in case of possible
- * attack.
- */
- ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
- if ( ( out_len_fi == out_len ) && ( output_fi == output) &&
- ( left == 0 ) )
- {
- ret = 0;
- }
+ return ret; // Success, return 0
}
- return( ret );
+ return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
}
/*
diff --git a/library/md.c b/library/md.c
index 7644ac6..777b43c 100644
--- a/library/md.c
+++ b/library/md.c
@@ -525,7 +525,7 @@
int ret;
unsigned char sum[MBEDTLS_MD_MAX_SIZE];
unsigned char *ipad, *opad;
- size_t i;
+ size_t i = 0;
mbedtls_md_handle_t md_info;
@@ -588,16 +588,14 @@
cleanup:
mbedtls_platform_zeroize( sum, sizeof( sum ) );
- if ( ret == 0 )
- {
- ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
- /* Check possible fault injection */
- if ( ( i - 2 ) == keylen ) {
- ret = 0;
- }
- }
+ if ( ret != 0 )
+ return ret;
- return( ret );
+ /* Check possible fault injection */
+ if ( ( i - 2 ) == keylen )
+ return ret; // success, return 0 from ret
+
+ return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
}
int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx,