Changed mbedtls_platform_memcpy to memcpy in places which don't handle critical data
and under baremetal define
diff --git a/library/platform_util.c b/library/platform_util.c
index 6d3c9ef..db46fe9 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -211,7 +211,7 @@
if( lt != NULL )
{
- mbedtls_platform_memcpy( tm_buf, lt, sizeof( struct tm ) );
+ memcpy( tm_buf, lt, sizeof( struct tm ) );
}
#if defined(MBEDTLS_THREADING_C)
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 5770c75..f7d331f 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -440,7 +440,8 @@
p = mbedtls_platform_put_uint16_be( p, ext_len );
*p++ = (uint8_t) ssl->own_cid_len;
- mbedtls_platform_memcpy( p, ssl->own_cid, ssl->own_cid_len );
+ /* Not using more secure mbedtls_platform_memcpy as cid is public */
+ memcpy( p, ssl->own_cid, ssl->own_cid_len );
*olen = ssl->own_cid_len + 5;
}
@@ -1272,7 +1273,8 @@
ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED;
ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len;
- mbedtls_platform_memcpy( ssl->handshake->peer_cid, buf, peer_cid_len );
+ /* Not using more secure mbedtls_platform_memcpy as peer_cid is public */
+ memcpy( ssl->handshake->peer_cid, buf, peer_cid_len );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "Server CID", buf, peer_cid_len );
@@ -1848,7 +1850,8 @@
ssl->session_negotiate->compression = comp;
#endif
ssl->session_negotiate->id_len = n;
- mbedtls_platform_memcpy( ssl->session_negotiate->id, buf + 35, n );
+ /* Not using more secure mbedtls_platform_memcpy as id is public */
+ memcpy( ssl->session_negotiate->id, buf + 35, n );
}
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 19a459e..a9f983e 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -63,7 +63,8 @@
if( ( ssl->cli_id = mbedtls_calloc( 1, ilen ) ) == NULL )
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
- mbedtls_platform_memcpy( ssl->cli_id, info, ilen );
+ /* Not using more secure mbedtls_platform_memcpy as id is public*/
+ memcpy( ssl->cli_id, info, ilen );
ssl->cli_id_len = ilen;
return( 0 );
@@ -485,7 +486,8 @@
ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED;
ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len;
- mbedtls_platform_memcpy( ssl->handshake->peer_cid, buf, peer_cid_len );
+ /* Not using more secure mbedtls_platform_memcpy as peer_cid is is public */
+ memcpy( ssl->handshake->peer_cid, buf, peer_cid_len );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "Client CID", buf, peer_cid_len );
@@ -1738,7 +1740,8 @@
ssl->session_negotiate->id_len = sess_len;
memset( ssl->session_negotiate->id, 0,
sizeof( ssl->session_negotiate->id ) );
- mbedtls_platform_memcpy( ssl->session_negotiate->id, buf + 35,
+ /* Not using more secure mbedtls_platform_memcpy as id is public */
+ memcpy( ssl->session_negotiate->id, buf + 35,
ssl->session_negotiate->id_len );
/*
@@ -2391,7 +2394,8 @@
ext_len = (size_t) ssl->own_cid_len + 1;
p = mbedtls_platform_put_uint16_be( p, ext_len );
*p++ = (uint8_t) ssl->own_cid_len;
- mbedtls_platform_memcpy( p, ssl->own_cid, ssl->own_cid_len );
+ /* Not using more secure mbedtls_platform_memcpy as cid is public */
+ memcpy( p, ssl->own_cid, ssl->own_cid_len );
*olen = ssl->own_cid_len + 5;
}
@@ -2887,7 +2891,8 @@
* 44+n . 43+n+m extensions
*/
*p++ = (unsigned char) ssl->session_negotiate->id_len;
- mbedtls_platform_memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len );
+ /* Not using more secure mbedtls_platform_memcpy as id is public */
+ memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len );
p += ssl->session_negotiate->id_len;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 37f89d4..988c593 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -299,7 +299,8 @@
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
- mbedtls_platform_memcpy( ssl->own_cid, own_cid, own_cid_len );
+ /* Not using more secure mbedtls_platform_memcpy as cid is public */
+ memcpy( ssl->own_cid, own_cid, own_cid_len );
/* Truncation is not an issue here because
* MBEDTLS_SSL_CID_IN_LEN_MAX at most 255. */
ssl->own_cid_len = (uint8_t) own_cid_len;
@@ -335,7 +336,8 @@
*peer_cid_len = ssl->transform_in->out_cid_len;
if( peer_cid != NULL )
{
- mbedtls_platform_memcpy( peer_cid, ssl->transform_in->out_cid,
+ /* Not using more secure mbedtls_platform_memcpy as cid is public */
+ memcpy( peer_cid, ssl->transform_in->out_cid,
ssl->transform_in->out_cid_len );
}
}
@@ -1317,12 +1319,14 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Copy CIDs into SSL transform" ) );
transform->in_cid_len = ssl->own_cid_len;
- mbedtls_platform_memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len );
+ /* Not using more secure mbedtls_platform_memcpy as cid is public */
+ memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len );
MBEDTLS_SSL_DEBUG_BUF( 3, "Incoming CID", transform->in_cid,
transform->in_cid_len );
transform->out_cid_len = ssl->handshake->peer_cid_len;
- mbedtls_platform_memcpy( transform->out_cid, ssl->handshake->peer_cid,
+ /* Not using more secure mbedtls_platform_memcpy as cid is public */
+ memcpy( transform->out_cid, ssl->handshake->peer_cid,
ssl->handshake->peer_cid_len );
MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid,
transform->out_cid_len );
@@ -2479,7 +2483,8 @@
* Add CID information
*/
rec->cid_len = transform->out_cid_len;
- mbedtls_platform_memcpy( rec->cid, transform->out_cid, transform->out_cid_len );
+ /* Not using more secure mbedtls_platform_memcpy as cid is public */
+ memcpy( rec->cid, transform->out_cid, transform->out_cid_len );
MBEDTLS_SSL_DEBUG_BUF( 3, "CID", rec->cid, rec->cid_len );
if( rec->cid_len != 0 )
@@ -4540,7 +4545,8 @@
/* Update the record content type and CID. */
ssl->out_msgtype = rec.type;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID )
- mbedtls_platform_memcpy( ssl->out_cid, rec.cid, rec.cid_len );
+ /* Not using more secure mbedtls_platform_memcpy as cid is public */
+ memcpy( ssl->out_cid, rec.cid, rec.cid_len );
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->out_msglen = len = rec.data_len;
(void)mbedtls_platform_put_uint16_be( ssl->out_len, rec.data_len );
@@ -5328,7 +5334,8 @@
/* configured CID len is guaranteed at most 255, see
* MBEDTLS_SSL_CID_OUT_LEN_MAX in check_config.h */
rec->cid_len = (uint8_t) rec_hdr_cid_len;
- mbedtls_platform_memcpy( rec->cid, buf + rec_hdr_cid_offset, rec_hdr_cid_len );
+ /* Not using more secure mbedtls_platform_memcpy as cid is public */
+ memcpy( rec->cid, buf + rec_hdr_cid_offset, rec_hdr_cid_len );
}
else
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@@ -5372,7 +5379,8 @@
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
/* Copy explicit record sequence number from input buffer. */
- mbedtls_platform_memcpy( &rec->ctr[0], buf + rec_hdr_ctr_offset,
+ /* Not using more secure mbedtls_platform_memcpy as sequence number is public */
+ memcpy( &rec->ctr[0], buf + rec_hdr_ctr_offset,
rec_hdr_ctr_len );
}
MBEDTLS_SSL_TRANSPORT_ELSE
@@ -5380,7 +5388,8 @@
#if defined(MBEDTLS_SSL_PROTO_TLS)
{
/* Copy implicit record sequence number from SSL context structure. */
- mbedtls_platform_memcpy( &rec->ctr[0], ssl->in_ctr, rec_hdr_ctr_len );
+ /* Not using more secure mbedtls_platform_memcpy as sequence number is public */
+ memcpy( &rec->ctr[0], ssl->in_ctr, rec_hdr_ctr_len );
}
#endif /* MBEDTLS_SSL_PROTO_TLS */
@@ -9019,7 +9028,8 @@
if( ssl->hostname == NULL )
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
- mbedtls_platform_memcpy( ssl->hostname, hostname, hostname_len );
+ /* Not using more secure mbedtls_platform_memcpy as hostname is public in initial handshake */
+ memcpy( ssl->hostname, hostname, hostname_len );
ssl->hostname[hostname_len] = '\0';
}
@@ -9828,7 +9838,8 @@
#endif
*p++ = (unsigned char)( session->id_len & 0xFF );
- mbedtls_platform_memcpy( p, session->id, 32 );
+ /* Not using more secure mbedtls_platform_memcpy as session id is public */
+ memcpy( p, session->id, 32 );
p += 32;
mbedtls_platform_memcpy( p, session->master, 48 );
@@ -10055,7 +10066,8 @@
#endif
session->id_len = *p++;
- mbedtls_platform_memcpy( session->id, p, 32 );
+ /* Not using more secure mbedtls_platform_memcpy as session id is public */
+ memcpy( session->id, p, 32 );
p += 32;
mbedtls_platform_memcpy( session->master, p, 48 );
@@ -11313,11 +11325,13 @@
if( used <= buf_len )
{
*p++ = ssl->transform->in_cid_len;
- mbedtls_platform_memcpy( p, ssl->transform->in_cid, ssl->transform->in_cid_len );
+ /* Not using more secure mbedtls_platform_memcpy as cid is public */
+ memcpy( p, ssl->transform->in_cid, ssl->transform->in_cid_len );
p += ssl->transform->in_cid_len;
*p++ = ssl->transform->out_cid_len;
- mbedtls_platform_memcpy( p, ssl->transform->out_cid, ssl->transform->out_cid_len );
+ /* Not using more secure mbedtls_platform_memcpy as cid is public */
+ memcpy( p, ssl->transform->out_cid, ssl->transform->out_cid_len );
p += ssl->transform->out_cid_len;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@@ -11554,7 +11568,8 @@
if( (size_t)( end - p ) < ssl->transform->in_cid_len + 1u )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- mbedtls_platform_memcpy( ssl->transform->in_cid, p, ssl->transform->in_cid_len );
+ /* Not using more secure mbedtls_platform_memcpy as cid is public */
+ memcpy( ssl->transform->in_cid, p, ssl->transform->in_cid_len );
p += ssl->transform->in_cid_len;
ssl->transform->out_cid_len = *p++;
@@ -11562,7 +11577,8 @@
if( (size_t)( end - p ) < ssl->transform->out_cid_len )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- mbedtls_platform_memcpy( ssl->transform->out_cid, p, ssl->transform->out_cid_len );
+ /* Not using more secure mbedtls_platform_memcpy as cid is public */
+ memcpy( ssl->transform->out_cid, p, ssl->transform->out_cid_len );
p += ssl->transform->out_cid_len;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */