yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 11:35:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Improve the FI resistance in ssl_tls.c key switching

Browse Source 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2020-09-19 12:45:20 +02:00
parent f7df0d37ab
commit 69bafce7a3
No known key found for this signature in database
GPG Key ID: 89A90840DC388527
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
library/ssl_tls.c
View File

@ -63,12 +63,14 @@ static int mbedtls_ssl_switch_key( mbedtls_ssl_transform *transform,
const mbedtls_operation_t operation )
{
unsigned char * key;
int ret;
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
int flow_ctrl = 0;
#if defined(MBEDTLS_VALIDATE_SSL_KEYS_INTEGRITY)
uint32_t hash;
#endif
if( operation == MBEDTLS_ENCRYPT )
{
flow_ctrl++;
key = transform->key_enc;
#if defined(MBEDTLS_VALIDATE_SSL_KEYS_INTEGRITY)
hash = transform->key_enc_hash;
@ -76,6 +78,7 @@ static int mbedtls_ssl_switch_key( mbedtls_ssl_transform *transform,
}
else if ( operation == MBEDTLS_DECRYPT )
{
flow_ctrl++;
key = transform->key_dec;
#if defined(MBEDTLS_VALIDATE_SSL_KEYS_INTEGRITY)
hash = transform->key_dec_hash;
@ -91,6 +94,12 @@ static int mbedtls_ssl_switch_key( mbedtls_ssl_transform *transform,
{
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
}
else
{
flow_ctrl++;
}
#else
flow_ctrl++;
#endif
if( operation != transform->cipher_ctx.operation )
{
@ -102,7 +111,11 @@ static int mbedtls_ssl_switch_key( mbedtls_ssl_transform *transform,
return( ret );
}
}
return( 0 );
if( flow_ctrl == 2 )
{
return( 0 );
}
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
}
#endif