TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 61f412eb587dcb842c9388b93505bc078a58aac4^! / . / library / nist_kw.c
commit61f412eb587dcb842c9388b93505bc078a58aac4[log] [tgz]
authorTeppo Järvelin <teppo.jarvelin@arm.com>Thu Oct 03 12:25:22 2019 +0300
committerTeppo Järvelin <teppo.jarvelin@arm.com>Thu Oct 03 13:14:33 2019 +0300
treeaeec04ea080257880d100f8e848b7d91bbe739e1
parent51f65e4b86f59c7976168eeb61dbe16bbda88356 [diff] [blame]
Changed every memcmp to SCA equivalent mbedtls_platform_memcmp

This makes physical attacks more difficult.
Selftest memcmp functions were not changed.

diff --git a/library/nist_kw.c b/library/nist_kw.c
index 317a242..345a24d 100644
--- a/library/nist_kw.c
+++ b/library/nist_kw.c

@@ -651,7 +651,7 @@
         ret = mbedtls_nist_kw_wrap( &ctx, MBEDTLS_KW_MODE_KW, kw_msg[i],
                                     kw_msg_len[i], out, &olen, sizeof( out ) );
         if( ret != 0 || kw_out_len[i] != olen ||
-            memcmp( out, kw_res[i], kw_out_len[i] ) != 0 )
+                memcmp( out, kw_res[i], kw_out_len[i] ) != 0 )
         {
             if( verbose != 0 )
                 mbedtls_printf( "failed. ");
@@ -674,7 +674,7 @@
                                       out, olen, out, &olen, sizeof( out ) );
 
         if( ret != 0 || olen != kw_msg_len[i] ||
-            memcmp( out, kw_msg[i], kw_msg_len[i] ) != 0 )
+                memcmp( out, kw_msg[i], kw_msg_len[i] ) != 0 )
         {
             if( verbose != 0 )
                 mbedtls_printf( "failed\n" );
@@ -706,7 +706,7 @@
                                     kwp_msg_len[i], out, &olen, sizeof( out ) );
 
         if( ret != 0 || kwp_out_len[i] != olen ||
-            memcmp( out, kwp_res[i], kwp_out_len[i] ) != 0 )
+                memcmp( out, kwp_res[i], kwp_out_len[i] ) != 0 )
         {
             if( verbose != 0 )
                 mbedtls_printf( "failed. ");
@@ -729,7 +729,7 @@
                                        olen, out, &olen, sizeof( out ) );
 
         if( ret != 0 || olen != kwp_msg_len[i] ||
-            memcmp( out, kwp_msg[i], kwp_msg_len[i] ) != 0 )
+                memcmp( out, kwp_msg[i], kwp_msg_len[i] ) != 0 )
         {
             if( verbose != 0 )
                 mbedtls_printf( "failed. ");