diff --git a/library/asn1write.c b/library/asn1write.c index 6e5badb51..0ec1647a6 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -33,6 +33,7 @@ #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" +#include "mbedtls/platform_util.h" #else #include #define mbedtls_calloc calloc diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3cc6046ef..12a433897 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2883,7 +2883,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * Match record's CID with incoming CID. */ if( rec->cid_len != transform->in_cid_len || - mbedtls_platform_memcmp( rec->cid, transform->in_cid, rec->cid_len ) != 0 ) + memcmp( rec->cid, transform->in_cid, rec->cid_len ) != 0 ) // use regular memcmp as CID is not that critical { return( MBEDTLS_ERR_SSL_UNEXPECTED_CID ); } @@ -6013,7 +6013,7 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl ) else { /* Make sure msg_type and length are consistent */ - if( mbedtls_platform_memcmp( hs_buf->data, ssl->in_msg, 4 ) != 0 ) + if( memcmp( hs_buf->data, ssl->in_msg, 4 ) != 0 ) // use regular memcmp as msg type is not that critical { MBEDTLS_SSL_DEBUG_MSG( 1, ( "Fragment header mismatch - ignore" ) ); /* Ignore */ @@ -7086,7 +7086,7 @@ static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl ) if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) && ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE && - mbedtls_platform_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 ) + memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 ) // use regular memcmp as this compare is not that critical { MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) ); return( 0 ); @@ -9961,7 +9961,8 @@ static int ssl_session_load( mbedtls_ssl_session *session, if( (size_t)( end - p ) < sizeof( ssl_serialized_session_header ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - if( mbedtls_platform_memcmp( p, ssl_serialized_session_header, + // use regular memcmp as session header is not that critical + if( memcmp( p, ssl_serialized_session_header, sizeof( ssl_serialized_session_header ) ) != 0 ) { return( MBEDTLS_ERR_SSL_VERSION_MISMATCH ); @@ -10403,9 +10404,10 @@ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) return( 0 ); } - in_ctr_cmp = mbedtls_platform_memcmp( ssl->in_ctr + ep_len, + // use regular memcmp as counters are not that critical + in_ctr_cmp = memcmp( ssl->in_ctr + ep_len, ssl->conf->renego_period + ep_len, 8 - ep_len ); - out_ctr_cmp = mbedtls_platform_memcmp( ssl->cur_out_ctr + ep_len, + out_ctr_cmp = memcmp( ssl->cur_out_ctr + ep_len, ssl->conf->renego_period + ep_len, 8 - ep_len ); if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 ) @@ -11448,7 +11450,8 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, if( (size_t)( end - p ) < sizeof( ssl_serialized_context_header ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - if( mbedtls_platform_memcmp( p, ssl_serialized_context_header, + // use regular memcmp as header is not that critical + if( memcmp( p, ssl_serialized_context_header, sizeof( ssl_serialized_context_header ) ) != 0 ) { return( MBEDTLS_ERR_SSL_VERSION_MISMATCH ); diff --git a/library/x509.c b/library/x509.c index 1e61db8a4..a79676095 100644 --- a/library/x509.c +++ b/library/x509.c @@ -588,8 +588,9 @@ int mbedtls_x509_name_cmp_raw( mbedtls_x509_buf_raw const *a, if( ret != 0 ) goto exit; + // use regular memcmp as oid is not that critical if( oid[0].len != oid[1].len || - mbedtls_platform_memcmp( oid[0].p, oid[1].p, oid[1].len ) != 0 ) + memcmp( oid[0].p, oid[1].p, oid[1].len ) != 0 ) { return( 1 ); }