commit 91d79387619e0a4fe6a0cc6e045102820b1a18d1
author Teppo Järvelin <teppo.jarvelin@arm.com> Wed Oct 02 09:09:31 2019 +0300
committer Teppo Järvelin <teppo.jarvelin@arm.com> Wed Oct 30 14:07:04 2019 +0200
tree 2b9aeda258513183faab54cdc313c91e5ce989ff
parent aeecf04be3ab7939a93ad6ad613a1f74a56c21b7

Changed every memcpy to SCA equivalent mbedtls_platform_memcpy

This makes physical attacks more difficult.

library/ssl_cli.c

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 16f1329..5770c75 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -111,7 +111,7 @@
 
     p = mbedtls_platform_put_uint16_be( p, hostname_len );
 
-    memcpy( p, ssl->hostname, hostname_len );
+    mbedtls_platform_memcpy( p, ssl->hostname, hostname_len );
 
     *olen = hostname_len + 9;
 }
@@ -150,7 +150,7 @@
     *p++ = ( ssl->verify_data_len + 1 ) & 0xFF;
     *p++ = ssl->verify_data_len & 0xFF;
 
-    memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
+    mbedtls_platform_memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
 
     *olen = 5 + ssl->verify_data_len;
 }
@@ -375,7 +375,7 @@
             return;
         }
 
-        memcpy( ssl->handshake->ecjpake_cache, p + 2, kkpp_len );
+        mbedtls_platform_memcpy( ssl->handshake->ecjpake_cache, p + 2, kkpp_len );
         ssl->handshake->ecjpake_cache_len = kkpp_len;
     }
     else
@@ -390,7 +390,7 @@
             return;
         }
 
-        memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len );
+        mbedtls_platform_memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len );
     }
 
     p = mbedtls_platform_put_uint16_be( p, kkpp_len );
@@ -440,7 +440,7 @@
     p = mbedtls_platform_put_uint16_be( p, ext_len );
 
     *p++ = (uint8_t) ssl->own_cid_len;
-    memcpy( p, ssl->own_cid, ssl->own_cid_len );
+    mbedtls_platform_memcpy( p, ssl->own_cid, ssl->own_cid_len );
 
     *olen = ssl->own_cid_len + 5;
 }
@@ -614,7 +614,7 @@
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "sending session ticket of length %d", tlen ) );
 
-    memcpy( p, ssl->session_negotiate->ticket, tlen );
+    mbedtls_platform_memcpy( p, ssl->session_negotiate->ticket, tlen );
 
     *olen += tlen;
 }
@@ -663,7 +663,7 @@
     for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
     {
         *p = (unsigned char)( strlen( *cur ) & 0xFF );
-        memcpy( p + 1, *cur, *p );
+        mbedtls_platform_memcpy( p + 1, *cur, *p );
         p += 1 + *p;
     }
 
@@ -838,7 +838,7 @@
         return( ret );
     }
 
-    memcpy( p, ssl->handshake->randbytes, 32 );
+    mbedtls_platform_memcpy( p, ssl->handshake->randbytes, 32 );
     MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", p, 32 );
     p += 32;
 
@@ -918,7 +918,7 @@
                               ssl->handshake->verify_cookie_len );
 
             *p++ = ssl->handshake->verify_cookie_len;
-            memcpy( p, ssl->handshake->verify_cookie,
+            mbedtls_platform_memcpy( p, ssl->handshake->verify_cookie,
                        ssl->handshake->verify_cookie_len );
             p += ssl->handshake->verify_cookie_len;
         }
@@ -1272,7 +1272,7 @@
 
     ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED;
     ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len;
-    memcpy( ssl->handshake->peer_cid, buf, peer_cid_len );
+    mbedtls_platform_memcpy( ssl->handshake->peer_cid, buf, peer_cid_len );
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) );
     MBEDTLS_SSL_DEBUG_BUF( 3, "Server CID", buf, peer_cid_len );
@@ -1558,7 +1558,7 @@
         return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
     }
 
-    memcpy( ssl->handshake->verify_cookie, p, cookie_len );
+    mbedtls_platform_memcpy( ssl->handshake->verify_cookie, p, cookie_len );
     ssl->handshake->verify_cookie_len = cookie_len;
 
     /* Start over at ClientHello */
@@ -1717,7 +1717,7 @@
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu",
         (unsigned long)mbedtls_platform_get_uint32_be( &buf[2] ) ) );
 
-    memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 );
+    mbedtls_platform_memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 );
 
     n = buf[34];
 
@@ -1848,7 +1848,7 @@
         ssl->session_negotiate->compression = comp;
 #endif
         ssl->session_negotiate->id_len = n;
-        memcpy( ssl->session_negotiate->id, buf + 35, n );
+        mbedtls_platform_memcpy( ssl->session_negotiate->id, buf + 35, n );
     }
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
@@ -2553,7 +2553,7 @@
         mbedtls_uecc_keypair *peer_key =
             mbedtls_pk_uecc( *peer_pk );
 
-        memcpy( ssl->handshake->ecdh_peerkey,
+        mbedtls_platform_memcpy( ssl->handshake->ecdh_peerkey,
                 peer_key->public_key,
                 sizeof( ssl->handshake->ecdh_peerkey ) );
 #else /* MBEDTLS_USE_TINYCRYPT */
@@ -3652,7 +3652,7 @@
 
         p = mbedtls_platform_put_uint16_be( p, n );
 
-        memcpy( p, ssl->conf->psk_identity, n );
+        mbedtls_platform_memcpy( p, ssl->conf->psk_identity, n );
         p += ssl->conf->psk_identity_len;
 
 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
@@ -4106,7 +4106,7 @@
         return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
     }
 
-    memcpy( ticket, msg + 6, ticket_len );
+    mbedtls_platform_memcpy( ticket, msg + 6, ticket_len );
 
     ssl->session_negotiate->ticket = ticket;
     ssl->session_negotiate->ticket_len = ticket_len;