Changed mbedtls_platform_memcmp to memcmp for places that don't have critical data and are under baremetal
Changed back because we don't wan't to slow down the performance more than we must.
diff --git a/library/asn1write.c b/library/asn1write.c
index 6e5badb..0ec1647 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -33,6 +33,7 @@
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
+#include "mbedtls/platform_util.h"
#else
#include <stdlib.h>
#define mbedtls_calloc calloc
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 3cc6046..12a4338 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2883,7 +2883,7 @@
* Match record's CID with incoming CID.
*/
if( rec->cid_len != transform->in_cid_len ||
- mbedtls_platform_memcmp( rec->cid, transform->in_cid, rec->cid_len ) != 0 )
+ memcmp( rec->cid, transform->in_cid, rec->cid_len ) != 0 ) // use regular memcmp as CID is not that critical
{
return( MBEDTLS_ERR_SSL_UNEXPECTED_CID );
}
@@ -6013,7 +6013,7 @@
else
{
/* Make sure msg_type and length are consistent */
- if( mbedtls_platform_memcmp( hs_buf->data, ssl->in_msg, 4 ) != 0 )
+ if( memcmp( hs_buf->data, ssl->in_msg, 4 ) != 0 ) // use regular memcmp as msg type is not that critical
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Fragment header mismatch - ignore" ) );
/* Ignore */
@@ -7086,7 +7086,7 @@
if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) &&
ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE &&
- mbedtls_platform_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 )
+ memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 ) // use regular memcmp as this compare is not that critical
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
return( 0 );
@@ -9961,7 +9961,8 @@
if( (size_t)( end - p ) < sizeof( ssl_serialized_session_header ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- if( mbedtls_platform_memcmp( p, ssl_serialized_session_header,
+ // use regular memcmp as session header is not that critical
+ if( memcmp( p, ssl_serialized_session_header,
sizeof( ssl_serialized_session_header ) ) != 0 )
{
return( MBEDTLS_ERR_SSL_VERSION_MISMATCH );
@@ -10403,9 +10404,10 @@
return( 0 );
}
- in_ctr_cmp = mbedtls_platform_memcmp( ssl->in_ctr + ep_len,
+ // use regular memcmp as counters are not that critical
+ in_ctr_cmp = memcmp( ssl->in_ctr + ep_len,
ssl->conf->renego_period + ep_len, 8 - ep_len );
- out_ctr_cmp = mbedtls_platform_memcmp( ssl->cur_out_ctr + ep_len,
+ out_ctr_cmp = memcmp( ssl->cur_out_ctr + ep_len,
ssl->conf->renego_period + ep_len, 8 - ep_len );
if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 )
@@ -11448,7 +11450,8 @@
if( (size_t)( end - p ) < sizeof( ssl_serialized_context_header ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- if( mbedtls_platform_memcmp( p, ssl_serialized_context_header,
+ // use regular memcmp as header is not that critical
+ if( memcmp( p, ssl_serialized_context_header,
sizeof( ssl_serialized_context_header ) ) != 0 )
{
return( MBEDTLS_ERR_SSL_VERSION_MISMATCH );
diff --git a/library/x509.c b/library/x509.c
index 1e61db8..a796760 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -588,8 +588,9 @@
if( ret != 0 )
goto exit;
+ // use regular memcmp as oid is not that critical
if( oid[0].len != oid[1].len ||
- mbedtls_platform_memcmp( oid[0].p, oid[1].p, oid[1].len ) != 0 )
+ memcmp( oid[0].p, oid[1].p, oid[1].len ) != 0 )
{
return( 1 );
}