Changed every memcmp to SCA equivalent mbedtls_platform_memcmp This makes physical attacks more difficult. Selftest memcmp functions were not changed.

commit: 61f412eb587dcb842c9388b93505bc078a58aac4 [log] [tgz]
author: Teppo Järvelin <teppo.jarvelin@arm.com> Thu Oct 03 12:25:22 2019 +0300
committer: Teppo Järvelin <teppo.jarvelin@arm.com> Thu Oct 03 13:14:33 2019 +0300
tree: aeec04ea080257880d100f8e848b7d91bbe739e1
parent: 51f65e4b86f59c7976168eeb61dbe16bbda88356 [diff] [blame]
diff --git a/library/x509_crl.c b/library/x509_crl.c
index 3113de4..7f99683 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c

@@ -511,10 +511,10 @@
     }
 
     if( crl->sig_oid.len != sig_oid2.len ||
-        memcmp( crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len ) != 0 ||
+        mbedtls_platform_memcmp( crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len ) != 0 ||
         sig_params1.len != sig_params2.len ||
         ( sig_params1.len != 0 &&
-          memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
+          mbedtls_platform_memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
     {
         mbedtls_x509_crl_free( crl );
         return( MBEDTLS_ERR_X509_SIG_MISMATCH );
commit	61f412eb587dcb842c9388b93505bc078a58aac4	[log] [tgz]
author	Teppo Järvelin <teppo.jarvelin@arm.com>	Thu Oct 03 12:25:22 2019 +0300
committer	Teppo Järvelin <teppo.jarvelin@arm.com>	Thu Oct 03 13:14:33 2019 +0300
tree	aeec04ea080257880d100f8e848b7d91bbe739e1
parent	51f65e4b86f59c7976168eeb61dbe16bbda88356 [diff] [blame]