Merge pull request #3931 from shelib01/plat_rand_buf_FI_protection

Platform random buf FI mitigation added
2024-11-26 12:05:38 +01:00 · 2020-12-02 13:30:25 +02:00 · 2020-12-02 13:30:25 +02:00 · c6603c501c
commit c6603c501c
parent 26bea33674 7326c62efb
2 changed files with 9 additions and 2 deletions
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -2988,7 +2988,7 @@
 *
 * Uncomment to provide your own alternate implementation for mbedtls_platform_fault(),
 * used in library/platform_util.c to signal a fault injection in either
- * mbedtls_platform_memcpy or mbedtls_platform_memset.
+ * mbedtls_platform_memcpy, mbedtls_platform_memset or mbedtls_platform_random_buf.
 *
 * You will need to provide a header "platform_fault.h" and an implementation at
 * compile time.
--- a/library/platform_util.c
+++ b/library/platform_util.c
@ -334,6 +334,7 @@ uint32_t mbedtls_platform_random_uint32( void )

 void mbedtls_platform_random_buf( uint8_t *buf, size_t len )
 {
+    volatile size_t flow_control = 0;
    uint16_t val;

    while( len > 1 )
@ -342,13 +343,19 @@ void mbedtls_platform_random_buf( uint8_t *buf, size_t len )
        buf[len-1] = (uint8_t)val;
        buf[len-2] = (uint8_t)(val>>8);
        len -= 2;
+        flow_control += 2;
    }
    if( len == 1 )
    {
        buf[0] = (uint8_t)mbedtls_platform_random_uint16();
+        flow_control ++;
    }

-    return;
+    if ( flow_control == len )
+    {
+        return;
+    }
+    mbedtls_platform_fault();
 }

 uint32_t mbedtls_platform_random_in_range( uint32_t num )