commit 61f412eb587dcb842c9388b93505bc078a58aac4
author Teppo Järvelin <teppo.jarvelin@arm.com> Thu Oct 03 12:25:22 2019 +0300
committer Teppo Järvelin <teppo.jarvelin@arm.com> Thu Oct 03 13:14:33 2019 +0300
tree aeec04ea080257880d100f8e848b7d91bbe739e1
parent 51f65e4b86f59c7976168eeb61dbe16bbda88356

Changed every memcmp to SCA equivalent mbedtls_platform_memcmp

This makes physical attacks more difficult.
Selftest memcmp functions were not changed.

library/ssl_cli.c

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index ebc2a63..16f1513 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1482,7 +1482,7 @@
     for( p = ssl->conf->alpn_list; *p != NULL; p++ )
     {
         if( name_len == strlen( *p ) &&
-            memcmp( buf + 3, *p, name_len ) == 0 )
+            mbedtls_platform_memcmp( buf + 3, *p, name_len ) == 0 )
         {
             ssl->alpn_chosen = *p;
             return( 0 );
@@ -1815,7 +1815,7 @@
         mbedtls_ssl_session_get_ciphersuite( ssl->session_negotiate ) != i ||
         mbedtls_ssl_session_get_compression( ssl->session_negotiate ) != comp ||
         ssl->session_negotiate->id_len != n ||
-        memcmp( ssl->session_negotiate->id, buf + 35, n ) != 0 )
+        mbedtls_platform_memcmp( ssl->session_negotiate->id, buf + 35, n ) != 0 )
     {
         ssl->handshake->resume = 0;
     }
@@ -2811,7 +2811,7 @@
             return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
         }
 
-        if( memcmp( p, ecdh_group, sizeof( ecdh_group ) ) != 0 )
+        if( mbedtls_platform_memcmp( p, ecdh_group, sizeof( ecdh_group ) ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad server key exchange (unexpected header)" ) );
             return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );