Duplicate sensitive buffer and buffer length information
Detect FI attacks on buffer pointers and buffer lengths.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 2cd34b2..d560d35 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3286,6 +3286,7 @@
static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
size_t *signature_len )
{
+ volatile size_t *signature_len_dup = signature_len;
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
@@ -3673,7 +3674,11 @@
}
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
- return( 0 );
+ if( signature_len_dup == signature_len )
+ {
+ return( 0 );
+ }
+ return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
}
/* Prepare the ServerKeyExchange message and send it. For ciphersuites
@@ -4218,6 +4223,8 @@
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
unsigned char *p, *end;
+ volatile unsigned char *buf_dup = buf;
+ volatile size_t buflen_dup = buflen;
p = buf + mbedtls_ssl_hs_hdr_len( ssl );
end = buf + buflen;
@@ -4412,8 +4419,11 @@
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
-
- return( ret );
+ if( buf_dup == buf && buflen_dup == buflen )
+ {
+ return( ret );
+ }
+ return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
}
/* Update the handshake state */