tbbr: Use constant-time bcmp() to compare hashes To avoid timing side-channel attacks, it is needed to use a constant time memory comparison function when comparing hashes. The affected code only cheks for equality so it isn't needed to use any variant of memcmp(), bcmp() is enough. Also, timingsafe_bcmp() is as fast as memcmp() when the two compared regions are equal, so this change incurrs no performance hit in said case. In case they are unequal, the boot sequence wouldn't continue as normal, so performance is not an issue. Change-Id: I1c7c70ddfa4438e6031c8814411fef79fd3bb4df Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

commit: 6adeeda3be9a99cbd780d66492d44bcc04e6dcbe [log] [tgz]
author: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Fri Jan 13 13:53:32 2017 +0000
committer: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Tue Jan 24 14:42:13 2017 +0000
tree: e26cbe6607da8407709277b5d4808bb759e501cb
parent: 2165a3ecf9d2d4385c7ef7a473b1c4f3501b92ca [diff] [blame]
diff --git a/drivers/auth/mbedtls/mbedtls_crypto.c b/drivers/auth/mbedtls/mbedtls_crypto.c
index 1a96e8f..11d3ede 100644
--- a/drivers/auth/mbedtls/mbedtls_crypto.c
+++ b/drivers/auth/mbedtls/mbedtls_crypto.c

@@ -217,7 +217,7 @@
 	}
 
 	/* Compare values */
-	rc = memcmp(data_hash, hash, mbedtls_md_get_size(md_info));
+	rc = timingsafe_bcmp(data_hash, hash, mbedtls_md_get_size(md_info));
 	if (rc != 0) {
 		return CRYPTO_ERR_HASH;
 	}
commit	6adeeda3be9a99cbd780d66492d44bcc04e6dcbe	[log] [tgz]
author	Antonio Nino Diaz <antonio.ninodiaz@arm.com>	Fri Jan 13 13:53:32 2017 +0000
committer	Antonio Nino Diaz <antonio.ninodiaz@arm.com>	Tue Jan 24 14:42:13 2017 +0000
tree	e26cbe6607da8407709277b5d4808bb759e501cb
parent	2165a3ecf9d2d4385c7ef7a473b1c4f3501b92ca [diff] [blame]