Changed every memcmp to SCA equivalent mbedtls_platform_memcmp This makes physical attacks more difficult. Selftest memcmp functions were not changed.

commit: 61f412eb587dcb842c9388b93505bc078a58aac4 [log] [tgz]
author: Teppo Järvelin <teppo.jarvelin@arm.com> Thu Oct 03 12:25:22 2019 +0300
committer: Teppo Järvelin <teppo.jarvelin@arm.com> Thu Oct 03 13:14:33 2019 +0300
tree: aeec04ea080257880d100f8e848b7d91bbe739e1
parent: 51f65e4b86f59c7976168eeb61dbe16bbda88356 [diff] [blame]
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 747b9f4..c9b03f5 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -708,7 +708,7 @@
             cur_len = *theirs++;
 
             if( cur_len == ours_len &&
-                memcmp( theirs, *ours, cur_len ) == 0 )
+                mbedtls_platform_memcmp( theirs, *ours, cur_len ) == 0 )
             {
                 ssl->alpn_chosen = *ours;
                 return( 0 );
@@ -1618,7 +1618,7 @@
          * fragment_offset == 0 and fragment_length == length
          */
         if( ssl->in_msg[6] != 0 || ssl->in_msg[7] != 0 || ssl->in_msg[8] != 0 ||
-            memcmp( ssl->in_msg + 1, ssl->in_msg + 9, 3 ) != 0 )
+            mbedtls_platform_memcmp( ssl->in_msg + 1, ssl->in_msg + 9, 3 ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "ClientHello fragmentation not supported" ) );
             return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
commit	61f412eb587dcb842c9388b93505bc078a58aac4	[log] [tgz]
author	Teppo Järvelin <teppo.jarvelin@arm.com>	Thu Oct 03 12:25:22 2019 +0300
committer	Teppo Järvelin <teppo.jarvelin@arm.com>	Thu Oct 03 13:14:33 2019 +0300
tree	aeec04ea080257880d100f8e848b7d91bbe739e1
parent	51f65e4b86f59c7976168eeb61dbe16bbda88356 [diff] [blame]