mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 16:14:20 +01:00
Add random delay to enforce_volatile_reads
Add a random delay to mbedtls_platform_enforce_volatile_reads() as a countermeasure to fault injection attacks.
This commit is contained in:
parent
9a506e7424
commit
0490485be5
@ -260,9 +260,12 @@ uint32_t mbedtls_platform_random_in_range( size_t num );
|
||||
int mbedtls_platform_random_delay( size_t num );
|
||||
|
||||
/**
|
||||
* \brief This function does nothing, but can be inserted between
|
||||
* successive reads to a volatile local variable to prevent
|
||||
* compilers from optimizing them away.
|
||||
* \brief This function can be inserted between successive reads to a
|
||||
* volatile local variable to prevent compilers from optimizing
|
||||
* them away. In addition, this function will spent a small random
|
||||
* time in a busy loop as a counter-measure to fault injection
|
||||
* attack.
|
||||
*
|
||||
*/
|
||||
void mbedtls_platform_enforce_volatile_reads( void );
|
||||
|
||||
|
@ -189,13 +189,10 @@ int mbedtls_platform_random_delay( size_t max_rand )
|
||||
#endif /* !MBEDTLS_ENTROPY_HARDWARE_ALT */
|
||||
}
|
||||
|
||||
/* Some compilers (armcc 5 for example) optimize away successive reads from a
|
||||
* volatile local variable (which we use as a counter-measure to fault
|
||||
* injection attacks), unless there is a call to an external function between
|
||||
* them. This functions doesn't need to do anything, it just needs to be
|
||||
* in another compilation unit. So here's a function that does nothing. */
|
||||
void mbedtls_platform_enforce_volatile_reads( void )
|
||||
{
|
||||
// Add a small random delay as a counter-measure to fault injection attack.
|
||||
mbedtls_platform_random_delay( 50 );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
|
||||
|
Loading…
Reference in New Issue
Block a user