mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 11:25:42 +01:00
Changed every memcmp to SCA equivalent mbedtls_platform_memcmp
This makes physical attacks more difficult. Selftest memcmp functions were not changed.
This commit is contained in:
Teppo Järvelin
parent
51f65e4b86
commit
61f412eb58
@ -130,11 +130,11 @@
|
||||
*/
|
||||
#define MBEDTLS_OID_CMP(oid_str, oid_buf) \
|
||||
( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) || \
|
||||
memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 )
|
||||
mbedtls_platform_memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 )
|
||||
|
||||
#define MBEDTLS_OID_CMP_RAW(oid_str, oid_buf, oid_buf_len) \
|
||||
( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf_len) ) || \
|
||||
memcmp( (oid_str), (oid_buf), (oid_buf_len) ) != 0 )
|
||||
mbedtls_platform_memcmp( (oid_str), (oid_buf), (oid_buf_len) ) != 0 )
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
|
||||
@ -431,7 +431,7 @@ mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *
|
||||
while( list != NULL )
|
||||
{
|
||||
if( list->oid.len == len &&
|
||||
memcmp( list->oid.p, oid, len ) == 0 )
|
||||
mbedtls_platform_memcmp( list->oid.p, oid, len ) == 0 )
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
||||
@ -347,7 +347,7 @@ static mbedtls_asn1_named_data *asn1_find_named_data(
|
||||
while( list != NULL )
|
||||
{
|
||||
if( list->oid.len == len &&
|
||||
memcmp( list->oid.p, oid, len ) == 0 )
|
||||
mbedtls_platform_memcmp( list->oid.p, oid, len ) == 0 )
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
||||
@ -260,7 +260,7 @@ int mbedtls_base64_self_test( int verbose )
|
||||
src = base64_test_dec;
|
||||
|
||||
if( mbedtls_base64_encode( buffer, sizeof( buffer ), &len, src, 64 ) != 0 ||
|
||||
memcmp( base64_test_enc, buffer, 88 ) != 0 )
|
||||
memcmp( base64_test_enc, buffer, 88 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
@ -274,7 +274,7 @@ int mbedtls_base64_self_test( int verbose )
|
||||
src = base64_test_enc;
|
||||
|
||||
if( mbedtls_base64_decode( buffer, sizeof( buffer ), &len, src, 88 ) != 0 ||
|
||||
memcmp( base64_test_dec, buffer, 64 ) != 0 )
|
||||
memcmp( base64_test_dec, buffer, 64 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
@ -505,7 +505,7 @@ int mbedtls_ccm_self_test( int verbose )
|
||||
ciphertext + msg_len[i], tag_len[i] );
|
||||
|
||||
if( ret != 0 ||
|
||||
memcmp( ciphertext, res[i], msg_len[i] + tag_len[i] ) != 0 )
|
||||
memcmp( ciphertext, res[i], msg_len[i] + tag_len[i] ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
@ -520,7 +520,7 @@ int mbedtls_ccm_self_test( int verbose )
|
||||
ciphertext + msg_len[i], tag_len[i] );
|
||||
|
||||
if( ret != 0 ||
|
||||
memcmp( plaintext, msg, msg_len[i] ) != 0 )
|
||||
memcmp( plaintext, msg, msg_len[i] ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
@ -902,7 +902,7 @@ static int test_aes128_cmac_prf( int verbose )
|
||||
mbedtls_printf( " AES CMAC 128 PRF #%u: ", i );
|
||||
ret = mbedtls_aes_cmac_prf_128( PRFK, PRFKlen[i], PRFM, 20, output );
|
||||
if( ret != 0 ||
|
||||
memcmp( output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE ) != 0 )
|
||||
memcmp( output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE ) != 0 )
|
||||
{
|
||||
|
||||
if( verbose != 0 )
|
||||
|
||||
@ -417,7 +417,7 @@ int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
|
||||
int i;
|
||||
|
||||
for( i = 0; i < WEAK_KEY_COUNT; i++ )
|
||||
if( memcmp( weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0 )
|
||||
if( mbedtls_platform_memcmp( weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0 )
|
||||
return( 1 );
|
||||
|
||||
return( 0 );
|
||||
@ -939,7 +939,7 @@ int mbedtls_des_self_test( int verbose )
|
||||
if( ( v == MBEDTLS_DES_DECRYPT &&
|
||||
memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
|
||||
( v != MBEDTLS_DES_DECRYPT &&
|
||||
memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
|
||||
memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
@ -1035,7 +1035,7 @@ int mbedtls_des_self_test( int verbose )
|
||||
if( ( v == MBEDTLS_DES_DECRYPT &&
|
||||
memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
|
||||
( v != MBEDTLS_DES_DECRYPT &&
|
||||
memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
|
||||
memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
@ -823,7 +823,7 @@ int mbedtls_gcm_self_test( int verbose )
|
||||
goto exit;
|
||||
|
||||
if ( memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
|
||||
memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
|
||||
memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
|
||||
{
|
||||
ret = 1;
|
||||
goto exit;
|
||||
@ -855,7 +855,7 @@ int mbedtls_gcm_self_test( int verbose )
|
||||
goto exit;
|
||||
|
||||
if( memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
|
||||
memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
|
||||
memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
|
||||
{
|
||||
ret = 1;
|
||||
goto exit;
|
||||
@ -907,7 +907,7 @@ int mbedtls_gcm_self_test( int verbose )
|
||||
goto exit;
|
||||
|
||||
if( memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
|
||||
memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
|
||||
memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
|
||||
{
|
||||
ret = 1;
|
||||
goto exit;
|
||||
@ -960,7 +960,7 @@ int mbedtls_gcm_self_test( int verbose )
|
||||
goto exit;
|
||||
|
||||
if( memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
|
||||
memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
|
||||
memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
|
||||
{
|
||||
ret = 1;
|
||||
goto exit;
|
||||
|
||||
@ -651,7 +651,7 @@ int mbedtls_nist_kw_self_test( int verbose )
|
||||
ret = mbedtls_nist_kw_wrap( &ctx, MBEDTLS_KW_MODE_KW, kw_msg[i],
|
||||
kw_msg_len[i], out, &olen, sizeof( out ) );
|
||||
if( ret != 0 || kw_out_len[i] != olen ||
|
||||
memcmp( out, kw_res[i], kw_out_len[i] ) != 0 )
|
||||
memcmp( out, kw_res[i], kw_out_len[i] ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed. ");
|
||||
@ -674,7 +674,7 @@ int mbedtls_nist_kw_self_test( int verbose )
|
||||
out, olen, out, &olen, sizeof( out ) );
|
||||
|
||||
if( ret != 0 || olen != kw_msg_len[i] ||
|
||||
memcmp( out, kw_msg[i], kw_msg_len[i] ) != 0 )
|
||||
memcmp( out, kw_msg[i], kw_msg_len[i] ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
@ -706,7 +706,7 @@ int mbedtls_nist_kw_self_test( int verbose )
|
||||
kwp_msg_len[i], out, &olen, sizeof( out ) );
|
||||
|
||||
if( ret != 0 || kwp_out_len[i] != olen ||
|
||||
memcmp( out, kwp_res[i], kwp_out_len[i] ) != 0 )
|
||||
memcmp( out, kwp_res[i], kwp_out_len[i] ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed. ");
|
||||
@ -729,7 +729,7 @@ int mbedtls_nist_kw_self_test( int verbose )
|
||||
olen, out, &olen, sizeof( out ) );
|
||||
|
||||
if( ret != 0 || olen != kwp_msg_len[i] ||
|
||||
memcmp( out, kwp_msg[i], kwp_msg_len[i] ) != 0 )
|
||||
memcmp( out, kwp_msg[i], kwp_msg_len[i] ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed. ");
|
||||
|
||||
@ -75,7 +75,7 @@
|
||||
if( p == NULL || oid == NULL ) return( NULL ); \
|
||||
while( cur->asn1 != NULL ) { \
|
||||
if( cur->asn1_len == oid->len && \
|
||||
memcmp( cur->asn1, oid->p, oid->len ) == 0 ) { \
|
||||
mbedtls_platform_memcmp( cur->asn1, oid->p, oid->len ) == 0 ) { \
|
||||
return( p ); \
|
||||
} \
|
||||
p++; \
|
||||
|
||||
@ -273,7 +273,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
|
||||
|
||||
enc = 0;
|
||||
|
||||
if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
|
||||
if( s2 - s1 >= 22 && mbedtls_platform_memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
|
||||
{
|
||||
#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
|
||||
( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
|
||||
@ -286,7 +286,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
|
||||
|
||||
|
||||
#if defined(MBEDTLS_DES_C)
|
||||
if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
|
||||
if( s2 - s1 >= 23 && mbedtls_platform_memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
|
||||
{
|
||||
enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC;
|
||||
|
||||
@ -296,7 +296,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
|
||||
|
||||
s1 += 16;
|
||||
}
|
||||
else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 )
|
||||
else if( s2 - s1 >= 18 && mbedtls_platform_memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 )
|
||||
{
|
||||
enc_alg = MBEDTLS_CIPHER_DES_CBC;
|
||||
|
||||
@ -309,15 +309,15 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
|
||||
#endif /* MBEDTLS_DES_C */
|
||||
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 )
|
||||
if( s2 - s1 >= 14 && mbedtls_platform_memcmp( s1, "DEK-Info: AES-", 14 ) == 0 )
|
||||
{
|
||||
if( s2 - s1 < 22 )
|
||||
return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
|
||||
else if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 )
|
||||
else if( mbedtls_platform_memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 )
|
||||
enc_alg = MBEDTLS_CIPHER_AES_128_CBC;
|
||||
else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 )
|
||||
else if( mbedtls_platform_memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 )
|
||||
enc_alg = MBEDTLS_CIPHER_AES_192_CBC;
|
||||
else if( memcmp( s1, "DEK-Info: AES-256-CBC,", 22 ) == 0 )
|
||||
else if( mbedtls_platform_memcmp( s1, "DEK-Info: AES-256-CBC,", 22 ) == 0 )
|
||||
enc_alg = MBEDTLS_CIPHER_AES_256_CBC;
|
||||
else
|
||||
return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
|
||||
|
||||
@ -556,7 +556,7 @@ static int uecc_eckey_check_pair( const void *pub, const void *prv )
|
||||
const mbedtls_uecc_keypair *uecc_prv =
|
||||
(const mbedtls_uecc_keypair *) prv;
|
||||
|
||||
if( memcmp( uecc_pub->public_key,
|
||||
if( mbedtls_platform_memcmp( uecc_pub->public_key,
|
||||
uecc_prv->public_key,
|
||||
2 * NUM_ECC_BYTES ) == 0 )
|
||||
{
|
||||
|
||||
@ -383,7 +383,7 @@ int mbedtls_pkcs5_self_test( int verbose )
|
||||
ret = mbedtls_pkcs5_pbkdf2_hmac( &sha1_ctx, password[i], plen[i], salt[i],
|
||||
slen[i], it_cnt[i], key_len[i], key );
|
||||
if( ret != 0 ||
|
||||
memcmp( result_key[i], key, key_len[i] ) != 0 )
|
||||
memcmp( result_key[i], key, key_len[i] ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "failed\n" );
|
||||
|
||||
@ -309,7 +309,7 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_
|
||||
return( ret );
|
||||
|
||||
if( len != MBEDTLS_OID_SIZE( MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD ) ||
|
||||
memcmp( p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 )
|
||||
mbedtls_platform_memcmp( p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
|
||||
@ -2266,7 +2266,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
|
||||
if ( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
if( memcmp( hash_start, result, hlen ) != 0 )
|
||||
if( mbedtls_platform_memcmp( hash_start, result, hlen ) != 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_RSA_VERIFY_FAILED;
|
||||
goto exit;
|
||||
|
||||
@ -93,7 +93,7 @@ int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session )
|
||||
continue;
|
||||
}
|
||||
|
||||
if( memcmp( session->id, entry->session.id,
|
||||
if( mbedtls_platform_memcmp( session->id, entry->session.id,
|
||||
entry->session.id_len ) != 0 )
|
||||
continue;
|
||||
|
||||
@ -179,7 +179,7 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
|
||||
}
|
||||
#endif
|
||||
|
||||
if( memcmp( session->id, cur->session.id, cur->session.id_len ) == 0 )
|
||||
if( mbedtls_platform_memcmp( session->id, cur->session.id, cur->session.id_len ) == 0 )
|
||||
break; /* client reconnected, keep timestamp for session id */
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
|
||||
@ -1482,7 +1482,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
|
||||
for( p = ssl->conf->alpn_list; *p != NULL; p++ )
|
||||
{
|
||||
if( name_len == strlen( *p ) &&
|
||||
memcmp( buf + 3, *p, name_len ) == 0 )
|
||||
mbedtls_platform_memcmp( buf + 3, *p, name_len ) == 0 )
|
||||
{
|
||||
ssl->alpn_chosen = *p;
|
||||
return( 0 );
|
||||
@ -1815,7 +1815,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||
mbedtls_ssl_session_get_ciphersuite( ssl->session_negotiate ) != i ||
|
||||
mbedtls_ssl_session_get_compression( ssl->session_negotiate ) != comp ||
|
||||
ssl->session_negotiate->id_len != n ||
|
||||
memcmp( ssl->session_negotiate->id, buf + 35, n ) != 0 )
|
||||
mbedtls_platform_memcmp( ssl->session_negotiate->id, buf + 35, n ) != 0 )
|
||||
{
|
||||
ssl->handshake->resume = 0;
|
||||
}
|
||||
@ -2811,7 +2811,7 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
|
||||
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
||||
}
|
||||
|
||||
if( memcmp( p, ecdh_group, sizeof( ecdh_group ) ) != 0 )
|
||||
if( mbedtls_platform_memcmp( p, ecdh_group, sizeof( ecdh_group ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad server key exchange (unexpected header)" ) );
|
||||
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
|
||||
|
||||
@ -708,7 +708,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
|
||||
cur_len = *theirs++;
|
||||
|
||||
if( cur_len == ours_len &&
|
||||
memcmp( theirs, *ours, cur_len ) == 0 )
|
||||
mbedtls_platform_memcmp( theirs, *ours, cur_len ) == 0 )
|
||||
{
|
||||
ssl->alpn_chosen = *ours;
|
||||
return( 0 );
|
||||
@ -1618,7 +1618,7 @@ read_record_header:
|
||||
* fragment_offset == 0 and fragment_length == length
|
||||
*/
|
||||
if( ssl->in_msg[6] != 0 || ssl->in_msg[7] != 0 || ssl->in_msg[8] != 0 ||
|
||||
memcmp( ssl->in_msg + 1, ssl->in_msg + 9, 3 ) != 0 )
|
||||
mbedtls_platform_memcmp( ssl->in_msg + 1, ssl->in_msg + 9, 3 ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "ClientHello fragmentation not supported" ) );
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
|
||||
@ -259,7 +259,7 @@ static mbedtls_ssl_ticket_key *ssl_ticket_select_key(
|
||||
unsigned char i;
|
||||
|
||||
for( i = 0; i < sizeof( ctx->keys ) / sizeof( *ctx->keys ); i++ )
|
||||
if( memcmp( name, ctx->keys[i].name, 4 ) == 0 )
|
||||
if( mbedtls_platform_memcmp( name, ctx->keys[i].name, 4 ) == 0 )
|
||||
return( &ctx->keys[i] );
|
||||
|
||||
return( NULL );
|
||||
|
||||
@ -2883,7 +2883,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||
* Match record's CID with incoming CID.
|
||||
*/
|
||||
if( rec->cid_len != transform->in_cid_len ||
|
||||
memcmp( rec->cid, transform->in_cid, rec->cid_len ) != 0 )
|
||||
mbedtls_platform_memcmp( rec->cid, transform->in_cid, rec->cid_len ) != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_SSL_UNEXPECTED_CID );
|
||||
}
|
||||
@ -4634,8 +4634,8 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
|
||||
static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
if( ssl->in_msglen < ssl->in_hslen ||
|
||||
memcmp( ssl->in_msg + 6, "\0\0\0", 3 ) != 0 ||
|
||||
memcmp( ssl->in_msg + 9, ssl->in_msg + 1, 3 ) != 0 )
|
||||
mbedtls_platform_memcmp( ssl->in_msg + 6, "\0\0\0", 3 ) != 0 ||
|
||||
mbedtls_platform_memcmp( ssl->in_msg + 9, ssl->in_msg + 1, 3 ) != 0 )
|
||||
{
|
||||
return( 1 );
|
||||
}
|
||||
@ -6013,7 +6013,7 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
|
||||
else
|
||||
{
|
||||
/* Make sure msg_type and length are consistent */
|
||||
if( memcmp( hs_buf->data, ssl->in_msg, 4 ) != 0 )
|
||||
if( mbedtls_platform_memcmp( hs_buf->data, ssl->in_msg, 4 ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Fragment header mismatch - ignore" ) );
|
||||
/* Ignore */
|
||||
@ -6872,7 +6872,7 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
|
||||
if( peer_crt->raw.len != crt_buf_len )
|
||||
return( -1 );
|
||||
|
||||
return( memcmp( peer_crt->raw.p, crt_buf, crt_buf_len ) );
|
||||
return( mbedtls_platform_memcmp( peer_crt->raw.p, crt_buf, crt_buf_len ) );
|
||||
}
|
||||
#elif defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
|
||||
@ -6903,7 +6903,7 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
|
||||
if( ret != 0 )
|
||||
return( -1 );
|
||||
|
||||
return( memcmp( tmp_digest, peer_cert_digest, digest_len ) );
|
||||
return( mbedtls_platform_memcmp( tmp_digest, peer_cert_digest, digest_len ) );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE && MBEDTLS_SSL_RENEGOTIATION */
|
||||
#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
|
||||
@ -7086,7 +7086,7 @@ static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl )
|
||||
if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) &&
|
||||
ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
|
||||
ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE &&
|
||||
memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 )
|
||||
mbedtls_platform_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
|
||||
return( 0 );
|
||||
@ -9961,7 +9961,7 @@ static int ssl_session_load( mbedtls_ssl_session *session,
|
||||
if( (size_t)( end - p ) < sizeof( ssl_serialized_session_header ) )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
if( memcmp( p, ssl_serialized_session_header,
|
||||
if( mbedtls_platform_memcmp( p, ssl_serialized_session_header,
|
||||
sizeof( ssl_serialized_session_header ) ) != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_SSL_VERSION_MISMATCH );
|
||||
@ -10403,9 +10403,9 @@ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl )
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
in_ctr_cmp = memcmp( ssl->in_ctr + ep_len,
|
||||
in_ctr_cmp = mbedtls_platform_memcmp( ssl->in_ctr + ep_len,
|
||||
ssl->conf->renego_period + ep_len, 8 - ep_len );
|
||||
out_ctr_cmp = memcmp( ssl->cur_out_ctr + ep_len,
|
||||
out_ctr_cmp = mbedtls_platform_memcmp( ssl->cur_out_ctr + ep_len,
|
||||
ssl->conf->renego_period + ep_len, 8 - ep_len );
|
||||
|
||||
if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 )
|
||||
@ -11448,7 +11448,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
|
||||
if( (size_t)( end - p ) < sizeof( ssl_serialized_context_header ) )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
if( memcmp( p, ssl_serialized_context_header,
|
||||
if( mbedtls_platform_memcmp( p, ssl_serialized_context_header,
|
||||
sizeof( ssl_serialized_context_header ) ) != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_SSL_VERSION_MISMATCH );
|
||||
@ -11615,7 +11615,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
|
||||
for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
|
||||
{
|
||||
if( strlen( *cur ) == alpn_len &&
|
||||
memcmp( p, cur, alpn_len ) == 0 )
|
||||
mbedtls_platform_memcmp( p, cur, alpn_len ) == 0 )
|
||||
{
|
||||
ssl->alpn_chosen = *cur;
|
||||
break;
|
||||
|
||||
@ -500,7 +500,7 @@ static int x509_string_cmp( const mbedtls_x509_buf *a,
|
||||
{
|
||||
if( a->tag == b->tag &&
|
||||
a->len == b->len &&
|
||||
memcmp( a->p, b->p, b->len ) == 0 )
|
||||
mbedtls_platform_memcmp( a->p, b->p, b->len ) == 0 )
|
||||
{
|
||||
return( 0 );
|
||||
}
|
||||
@ -589,7 +589,7 @@ int mbedtls_x509_name_cmp_raw( mbedtls_x509_buf_raw const *a,
|
||||
goto exit;
|
||||
|
||||
if( oid[0].len != oid[1].len ||
|
||||
memcmp( oid[0].p, oid[1].p, oid[1].len ) != 0 )
|
||||
mbedtls_platform_memcmp( oid[0].p, oid[1].p, oid[1].len ) != 0 )
|
||||
{
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
@ -511,10 +511,10 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
|
||||
}
|
||||
|
||||
if( crl->sig_oid.len != sig_oid2.len ||
|
||||
memcmp( crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len ) != 0 ||
|
||||
mbedtls_platform_memcmp( crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len ) != 0 ||
|
||||
sig_params1.len != sig_params2.len ||
|
||||
( sig_params1.len != 0 &&
|
||||
memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
|
||||
mbedtls_platform_memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
|
||||
{
|
||||
mbedtls_x509_crl_free( crl );
|
||||
return( MBEDTLS_ERR_X509_SIG_MISMATCH );
|
||||
|
||||
@ -1316,7 +1316,7 @@ static int x509_crt_parse_frame( unsigned char *start,
|
||||
* signature field in the sequence tbsCertificate (Section 4.1.2.3).
|
||||
*/
|
||||
if( outer_sig_alg.len != inner_sig_alg_len ||
|
||||
memcmp( outer_sig_alg.p, inner_sig_alg_start, inner_sig_alg_len ) != 0 )
|
||||
mbedtls_platform_memcmp( outer_sig_alg.p, inner_sig_alg_start, inner_sig_alg_len ) != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_X509_SIG_MISMATCH );
|
||||
}
|
||||
@ -2588,7 +2588,7 @@ static int x509_crt_check_ext_key_usage_cb( void *ctx,
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
if( data_len == cb_ctx->oid_len && memcmp( data, cb_ctx->oid,
|
||||
if( data_len == cb_ctx->oid_len && mbedtls_platform_memcmp( data, cb_ctx->oid,
|
||||
data_len ) == 0 )
|
||||
{
|
||||
return( 1 );
|
||||
@ -2646,7 +2646,7 @@ static int x509_serial_is_revoked( unsigned char const *serial,
|
||||
while( cur != NULL && cur->serial.len != 0 )
|
||||
{
|
||||
if( serial_len == cur->serial.len &&
|
||||
memcmp( serial, cur->serial.p, serial_len ) == 0 )
|
||||
mbedtls_platform_memcmp( serial, cur->serial.p, serial_len ) == 0 )
|
||||
{
|
||||
if( mbedtls_x509_time_is_past( &cur->revocation_date ) )
|
||||
return( 1 );
|
||||
@ -3173,7 +3173,7 @@ static int x509_crt_check_ee_locally_trusted(
|
||||
for( cur = trust_ca; cur != NULL; cur = cur->next )
|
||||
{
|
||||
if( crt->raw.len == cur->raw.len &&
|
||||
memcmp( crt->raw.p, cur->raw.p, crt->raw.len ) == 0 )
|
||||
mbedtls_platform_memcmp( crt->raw.p, cur->raw.p, crt->raw.len ) == 0 )
|
||||
{
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user