Revert a part of the sensitive information duplication changes
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c16bd61..bbe94cb 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -177,8 +177,6 @@
size_t buflen )
{
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
- volatile unsigned char *buf_dup = buf;
- volatile size_t buflen_dup = buflen;
mbedtls_record rec;
MBEDTLS_SSL_DEBUG_MSG( 1, ( "=> mbedtls_ssl_check_record" ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "record buffer", buf, buflen );
@@ -230,10 +228,6 @@
ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD;
}
- if( buf_dup != buf || buflen_dup != buflen )
- {
- return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
- }
MBEDTLS_SSL_DEBUG_MSG( 1, ( "<= mbedtls_ssl_check_record" ) );
return( ret );
}
@@ -288,9 +282,6 @@
unsigned char const *own_cid,
size_t own_cid_len )
{
- volatile unsigned char const *own_cid_dup = own_cid;
- volatile size_t own_cid_len_dup = own_cid_len;
-
if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -317,12 +308,7 @@
* MBEDTLS_SSL_CID_IN_LEN_MAX at most 255. */
ssl->own_cid_len = (uint8_t) own_cid_len;
- /* Secure against buffer substitution */
- if( own_cid_dup == own_cid && own_cid_len_dup == own_cid_len )
- {
- return( 0 );
- }
- return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ return( 0 );
}
int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
@@ -619,13 +605,7 @@
mbedtls_sha1_context sha1;
unsigned char padding[16];
unsigned char sha1sum[20];
- volatile const unsigned char *secret_dup = secret;
- volatile size_t slen_dup = slen;
- volatile const char *label_dup = label;
- volatile const unsigned char *random_dup = random;
- volatile size_t rlen_dup = rlen;
- volatile unsigned char *dstbuf_dup = dstbuf;
- volatile size_t dlen_dup = dlen;
+ ((void)label);
mbedtls_md5_init( &md5 );
mbedtls_sha1_init( &sha1 );
@@ -670,14 +650,7 @@
mbedtls_platform_zeroize( padding, sizeof( padding ) );
mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) );
- /* Secure against buffer substitution */
- if( secret_dup == secret && slen_dup == slen && label_dup == label &&
- random_dup == random && rlen_dup == rlen && dstbuf_dup == dstbuf &&
- dlen_dup == dlen )
- {
- return( ret );
- }
- return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ return( ret );
}
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
@@ -695,13 +668,6 @@
mbedtls_md_handle_t md_info;
mbedtls_md_context_t md_ctx;
int ret;
- volatile const unsigned char *secret_dup = secret;
- volatile size_t slen_dup = slen;
- volatile const char *label_dup = label;
- volatile const unsigned char *random_dup = random;
- volatile size_t rlen_dup = rlen;
- volatile unsigned char *dstbuf_dup = dstbuf;
- volatile size_t dlen_dup = dlen;
mbedtls_md_init( &md_ctx );
@@ -788,14 +754,7 @@
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
- /* Secure against buffer substitution */
- if( secret_dup == secret && slen_dup == slen && label_dup == label &&
- random_dup == random && rlen_dup == rlen && dstbuf_dup == dstbuf &&
- dlen_dup == dlen )
- {
- return( 0 );
- }
- return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ return( 0 );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */
@@ -818,13 +777,6 @@
mbedtls_md_handle_t md_info;
mbedtls_md_context_t md_ctx;
int ret;
- volatile const unsigned char *secret_dup = secret;
- volatile size_t slen_dup = slen;
- volatile const char *label_dup = label;
- volatile const unsigned char *random_dup = random;
- volatile size_t rlen_dup = rlen;
- volatile unsigned char *dstbuf_dup = dstbuf;
- volatile size_t dlen_dup = dlen;
mbedtls_md_init( &md_ctx );
@@ -884,14 +836,7 @@
(void)mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
(void)mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
- /* Secure against buffer substitution */
- if( secret_dup == secret && slen_dup == slen && label_dup == label &&
- random_dup == random && rlen_dup == rlen && dstbuf_dup == dstbuf &&
- dlen_dup == dlen )
- {
- return( 0 );
- }
- return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ return( 0 );
}
#if defined(MBEDTLS_SHA256_C)
@@ -1883,7 +1828,6 @@
const mbedtls_ssl_context *ssl )
{
int ret;
- volatile unsigned char *master_dup = master;
/* #if !defined(MBEDTLS_DEBUG_C) && !defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) */
/* ssl = NULL; /\* make sure we don't use it except for debug and EMS *\/ */
@@ -1944,12 +1888,7 @@
mbedtls_platform_zeroize( handshake->premaster,
sizeof(handshake->premaster) );
- /* Secure against buffer substitution */
- if( master_dup == master )
- {
- return( 0 );
- }
- return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ return( 0 );
}
int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
@@ -2466,9 +2405,6 @@
size_t pad = ( MBEDTLS_SSL_CID_PADDING_GRANULARITY -
( len + 1 ) % MBEDTLS_SSL_CID_PADDING_GRANULARITY ) %
MBEDTLS_SSL_CID_PADDING_GRANULARITY;
- volatile unsigned char *content_dup = content;
- volatile size_t *content_size_dup = content_size;
- volatile size_t remaining_dup = remaining;
/* Write real content type */
if( remaining == 0 )
@@ -2484,14 +2420,7 @@
remaining -= pad;
*content_size = len;
-
- /* Secure against buffer substitution */
- if( content_dup == content && content_size_dup == content_size &&
- ( remaining_dup - 1 - pad ) == remaining )
- {
- return( 0 );
- }
- return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ return( 0 );
}
/* This function parses a DTLSInnerPlaintext structure.
@@ -13028,10 +12957,6 @@
{
int ret = 0;
mbedtls_md_context_t ctx;
- volatile unsigned char* hash_dup = hash;
- volatile size_t *hashlen_dup = hashlen;
- volatile unsigned char* data_dup = data;
- volatile size_t data_len_dup = data_len;
mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( md_alg );
*hashlen = mbedtls_md_get_size( md_info );
@@ -13078,13 +13003,7 @@
mbedtls_ssl_pend_fatal_alert( ssl,
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
- /* Secure against buffer substitution */
- if( hash_dup == hash && hashlen_dup == hashlen &&
- data_dup == data && data_len_dup == data_len )
- {
- return( ret );
- }
- return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+ return( ret );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
MBEDTLS_SSL_PROTO_TLS1_2 */