mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 09:05:39 +01:00
Improve the FI resistance in ssl_tls.c key switching
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
parent
f7df0d37ab
commit
69bafce7a3
@ -63,12 +63,14 @@ static int mbedtls_ssl_switch_key( mbedtls_ssl_transform *transform,
|
|||||||
const mbedtls_operation_t operation )
|
const mbedtls_operation_t operation )
|
||||||
{
|
{
|
||||||
unsigned char * key;
|
unsigned char * key;
|
||||||
int ret;
|
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||||
|
int flow_ctrl = 0;
|
||||||
#if defined(MBEDTLS_VALIDATE_SSL_KEYS_INTEGRITY)
|
#if defined(MBEDTLS_VALIDATE_SSL_KEYS_INTEGRITY)
|
||||||
uint32_t hash;
|
uint32_t hash;
|
||||||
#endif
|
#endif
|
||||||
if( operation == MBEDTLS_ENCRYPT )
|
if( operation == MBEDTLS_ENCRYPT )
|
||||||
{
|
{
|
||||||
|
flow_ctrl++;
|
||||||
key = transform->key_enc;
|
key = transform->key_enc;
|
||||||
#if defined(MBEDTLS_VALIDATE_SSL_KEYS_INTEGRITY)
|
#if defined(MBEDTLS_VALIDATE_SSL_KEYS_INTEGRITY)
|
||||||
hash = transform->key_enc_hash;
|
hash = transform->key_enc_hash;
|
||||||
@ -76,6 +78,7 @@ static int mbedtls_ssl_switch_key( mbedtls_ssl_transform *transform,
|
|||||||
}
|
}
|
||||||
else if ( operation == MBEDTLS_DECRYPT )
|
else if ( operation == MBEDTLS_DECRYPT )
|
||||||
{
|
{
|
||||||
|
flow_ctrl++;
|
||||||
key = transform->key_dec;
|
key = transform->key_dec;
|
||||||
#if defined(MBEDTLS_VALIDATE_SSL_KEYS_INTEGRITY)
|
#if defined(MBEDTLS_VALIDATE_SSL_KEYS_INTEGRITY)
|
||||||
hash = transform->key_dec_hash;
|
hash = transform->key_dec_hash;
|
||||||
@ -91,6 +94,12 @@ static int mbedtls_ssl_switch_key( mbedtls_ssl_transform *transform,
|
|||||||
{
|
{
|
||||||
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
flow_ctrl++;
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
flow_ctrl++;
|
||||||
#endif
|
#endif
|
||||||
if( operation != transform->cipher_ctx.operation )
|
if( operation != transform->cipher_ctx.operation )
|
||||||
{
|
{
|
||||||
@ -102,7 +111,11 @@ static int mbedtls_ssl_switch_key( mbedtls_ssl_transform *transform,
|
|||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if( flow_ctrl == 2 )
|
||||||
|
{
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
}
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user