Add returning a FAULT_DETECTED error on suspected FI attacks The change applies to the places where we prevent double synchronous FI attacks with random delay, and where we do not respond to their detection. The response to such an attack should be to return the appropriate error code. Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>

commit: e048b91d25974d4d6b723ce8fa24b8cdce79bd96 [log] [tgz]
author: Piotr Nowicki <piotr.nowicki@arm.com> Fri Jun 05 17:59:28 2020 +0200
committer: Piotr Nowicki <piotr.nowicki@arm.com> Tue Jun 09 12:00:42 2020 +0200
tree: 036c5e2dd40b3588354278126485b0d13f4cd7c3
parent: b06ec05dc0258788e6e03528e3d1b0fe1981a220 [diff] [blame]
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index fbad37b..2cd34b2 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -27,9 +27,9 @@
 
 #if defined(MBEDTLS_SSL_SRV_C)
 
-#if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
-#else
+
+#if !defined(MBEDTLS_PLATFORM_C)
 #include <stdlib.h>
 #define mbedtls_calloc    calloc
 #define mbedtls_free      free
@@ -4659,6 +4659,10 @@
             MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) );
             goto exit;
         }
+        else
+        {
+            ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+        }
 
     }
commit	e048b91d25974d4d6b723ce8fa24b8cdce79bd96	[log] [tgz]
author	Piotr Nowicki <piotr.nowicki@arm.com>	Fri Jun 05 17:59:28 2020 +0200
committer	Piotr Nowicki <piotr.nowicki@arm.com>	Tue Jun 09 12:00:42 2020 +0200
tree	036c5e2dd40b3588354278126485b0d13f4cd7c3
parent	b06ec05dc0258788e6e03528e3d1b0fe1981a220 [diff] [blame]