Update signature of mbedtls_platform_random_delay
Skip parameter and return value from mbedtls_platform_random_delay
to make it more resistant for FI attacks.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d86960e..03bfd11 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1929,7 +1929,7 @@
ssl );
if( ret == 0 )
{
- mbedtls_platform_random_delay(50);
+ mbedtls_platform_random_delay();
if( ret == 0 )
{
ssl->handshake->key_derivation_done = MBEDTLS_SSL_FI_FLAG_SET;
@@ -2011,7 +2011,7 @@
mbedtls_ssl_conf_get_prng( ssl->conf ) );
if( ret == 0 )
{
- mbedtls_platform_random_delay(50);
+ mbedtls_platform_random_delay();
if( ret == 0 )
{
ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET;
@@ -2054,7 +2054,7 @@
mbedtls_ssl_conf_get_prng( ssl->conf ) );
if( ret == 0 )
{
- mbedtls_platform_random_delay(50);
+ mbedtls_platform_random_delay();
if( ret == 0 )
{
ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET;
@@ -2085,7 +2085,7 @@
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) );
if( ret == 0 )
{
- mbedtls_platform_random_delay(50);
+ mbedtls_platform_random_delay();
if( ret == 0 )
{
ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET;
@@ -2114,7 +2114,7 @@
mbedtls_ssl_conf_get_prng( ssl->conf ) );
if( ret == 0 )
{
- mbedtls_platform_random_delay(50);
+ mbedtls_platform_random_delay();
if( ret == 0 )
{
ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET;
@@ -7346,7 +7346,7 @@
if( verify_ret == 0 )
{
- mbedtls_platform_random_delay(50);
+ mbedtls_platform_random_delay();
if( verify_ret == 0 )
{
flow_counter++;
@@ -7436,7 +7436,7 @@
( verify_ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
verify_ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ) )
{
- mbedtls_platform_random_delay(50);
+ mbedtls_platform_random_delay();
if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL &&
( verify_ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
verify_ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ) )
@@ -7502,7 +7502,7 @@
flow_counter == 4 )
#endif
{
- mbedtls_platform_random_delay(50);
+ mbedtls_platform_random_delay();
if( verify_ret == 0 &&
#if defined(MBEDTLS_ECP_C) || defined(MBEDTLS_USE_TINYCRYPT)
flow_counter == 5 )
@@ -7989,7 +7989,7 @@
1 )
#endif
{
- mbedtls_platform_random_delay(50);
+ mbedtls_platform_random_delay();
if( authmode == MBEDTLS_SSL_VERIFY_NONE ||
authmode == MBEDTLS_SSL_VERIFY_OPTIONAL ||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
@@ -8010,7 +8010,7 @@
#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
if( ssl->handshake->resume == MBEDTLS_SSL_FI_FLAG_SET )
{
- mbedtls_platform_random_delay(50);
+ mbedtls_platform_random_delay();
if( ssl->handshake->resume == MBEDTLS_SSL_FI_FLAG_SET )
{
/* When doing session resume, no premaster or peer authentication */
@@ -8027,7 +8027,7 @@
if( ssl->handshake->peer_authenticated == MBEDTLS_SSL_FI_FLAG_SET )
{
- mbedtls_platform_random_delay(50);
+ mbedtls_platform_random_delay();
if( ssl->handshake->peer_authenticated == MBEDTLS_SSL_FI_FLAG_SET )
{
ret = 0;
@@ -8048,7 +8048,7 @@
ssl->handshake->key_derivation_done == MBEDTLS_SSL_FI_FLAG_SET &&
ssl->handshake->premaster_generated == MBEDTLS_SSL_FI_FLAG_SET )
{
- mbedtls_platform_random_delay(50);
+ mbedtls_platform_random_delay();
if( ssl->handshake->hello_random_set == MBEDTLS_SSL_FI_FLAG_SET &&
ssl->handshake->key_derivation_done == MBEDTLS_SSL_FI_FLAG_SET &&
ssl->handshake->premaster_generated == MBEDTLS_SSL_FI_FLAG_SET )