commit 61f412eb587dcb842c9388b93505bc078a58aac4
author Teppo Järvelin <teppo.jarvelin@arm.com> Thu Oct 03 12:25:22 2019 +0300
committer Teppo Järvelin <teppo.jarvelin@arm.com> Thu Oct 03 13:14:33 2019 +0300
tree aeec04ea080257880d100f8e848b7d91bbe739e1
parent 51f65e4b86f59c7976168eeb61dbe16bbda88356

Changed every memcmp to SCA equivalent mbedtls_platform_memcmp

This makes physical attacks more difficult.
Selftest memcmp functions were not changed.

library/x509_crt.c

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 1923abf..1c6ac57 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1316,7 +1316,7 @@
      *    signature field in the sequence tbsCertificate (Section 4.1.2.3).
      */
     if( outer_sig_alg.len != inner_sig_alg_len ||
-        memcmp( outer_sig_alg.p, inner_sig_alg_start, inner_sig_alg_len ) != 0 )
+        mbedtls_platform_memcmp( outer_sig_alg.p, inner_sig_alg_start, inner_sig_alg_len ) != 0 )
     {
         return( MBEDTLS_ERR_X509_SIG_MISMATCH );
     }
@@ -2588,7 +2588,7 @@
         return( 1 );
     }
 
-    if( data_len == cb_ctx->oid_len && memcmp( data, cb_ctx->oid,
+    if( data_len == cb_ctx->oid_len && mbedtls_platform_memcmp( data, cb_ctx->oid,
                                                data_len ) == 0 )
     {
         return( 1 );
@@ -2646,7 +2646,7 @@
     while( cur != NULL && cur->serial.len != 0 )
     {
         if( serial_len == cur->serial.len &&
-            memcmp( serial, cur->serial.p, serial_len ) == 0 )
+            mbedtls_platform_memcmp( serial, cur->serial.p, serial_len ) == 0 )
         {
             if( mbedtls_x509_time_is_past( &cur->revocation_date ) )
                 return( 1 );
@@ -3173,7 +3173,7 @@
     for( cur = trust_ca; cur != NULL; cur = cur->next )
     {
         if( crt->raw.len == cur->raw.len &&
-            memcmp( crt->raw.p, cur->raw.p, crt->raw.len ) == 0 )
+            mbedtls_platform_memcmp( crt->raw.p, cur->raw.p, crt->raw.len ) == 0 )
         {
             return( 0 );
         }