Some side-channel attacks involve an attacker inferring something from
the time taken for a memory compare operation to complete, for example
when comparing hashes during image authentication. To mitigate this,
timingsafe_bcmp() must be used for such operations instead of the
standard memcmp().
This function executes in constant time and so doesn't leak any timing
information to the caller.
Change-Id: I470a723dc3626a0ee6d5e3f7fd48d0a57b8aa5fd
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This code has been imported and slightly adapted from FreeBSD:
6253393ad8/lib/libc/string/strnlen.c
Change-Id: Ie5ef5f92e6e904adb88f8628077fdf1d27470eb3
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
There is no guarantee on the signedness of char. It can be either
signed or unsigned. On ARM it is unsigned and hence this memcmp()
implementation works as intended.
On other machines, char can be signed (x86 for example). In that case
(and assuming a 2's complement implementation), interpreting a
bit-pattern of 0xFF as signed char can yield -1. If *s1 is 0 and *s2
is 255 then the difference *s1 - *s2 should be negative. The C
integer promotion rules guarantee that the unsigned chars will be
converted to int before the operation takes place. The current
implementation will return a positive value (0 - (-1)) instead, which
is wrong.
Fix it by changing the signedness to unsigned to avoid surprises for
anyone using this code on non-ARM systems.
Change-Id: Ie222fcaa7c0c4272d7a521a6f2f51995fd5130cc
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
* Move stdlib header files from include/stdlib to include/lib/stdlib for
consistency with other library headers.
* Fix checkpatch paths to continue excluding stdlib files.
* Create stdlib.mk to define the stdlib source files and include directories.
* Include stdlib.mk from the top level Makefile.
* Update stdlib header path in the fip_create Makefile.
* Update porting-guide.md with the new paths.
Change-Id: Ia92c2dc572e9efb54a783e306b5ceb2ce24d27fa
All C files of stdlib were included into std.c, which was the file
that the Makefile actually compiled. This is a poor way of compiling
all the files and, while it may work fine most times, it's
discouraged.
In this particular case, each C file included its own headers, which
were later included into std.c. For example, this caused problems
because a duplicated typedef of u_short in both subr_prf.c and
types.h. While that may require an issue on its own, this kind of
problems are avoided if all C files are as independent as possible.
Change-Id: I9a7833fd2933003f19a5d7db921ed8542ea2d04a
This patch adds the missing features to the C library included
in the Trusted Firmware to build PolarSSL:
- strcasecmp() function
- exit() function
- sscanf()* function
- time.h header file (and its dependencies)
* NOTE: the sscanf() function is not a real implementation. It just
returns the number of expected arguments by counting the number of
'%' characters present in the formar string. This return value is
good enough for PolarSSL because during the certificate parsing
only the return value is checked. The certificate validity period
is ignored.
Change-Id: I43bb3742f26f0bd458272fccc3d72a7f2176ab3d
Fix the following issues with the console log output:
* Make sure the welcome string is the first thing in the log output
(during normal boot).
* Prefix each message with the BL image name so it's clear which
BL the output is coming from.
* Ensure all output is wrapped in one of the log output macros so it can
be easily compiled out if necessary. Change some of the INFO() messages
to VERBOSE(), especially in the TSP.
* Create some extra NOTICE() and INFO() messages during cold boot.
* Remove all usage of \r in log output.
FixesARM-software/tf-issues#231
Change-Id: Ib24f7acb36ce64bbba549f204b9cde2dbb46c8a3
This patch implements a "tf_printf" which supports only the commonly
used format specifiers in Trusted Firmware, which uses a lot less
stack space than the stdlib printf function.
FixesARM-software/tf-issues#116
Change-Id: I7dfa1944f4c1e634b3e2d571f49afe02d109a351
This is intended primarily for use as a storage abstraction.
It allows operations such as image-loading to be implemented
in a platform-independent fashion. Each platform registers
a set of IO drivers during initialisation. The platform must
also provide a function that will return a device and a specifier
that can be used to access specified content.
Clients of the API will primarily use device and entity handles.
The term "entity" is deliberately vague, to allow for different
representations of content accessed using different types of
specifier, but will often be interpreted as a "file" where the
specifier will normally be its path.
This commit builds, but is intended to be paired with a sample
implementation of "load_image" using a semi-hosting driver on FVP.
Change-Id: Id3b52f1c0eb9ce76b44b99fc6b6460803668cc86
memmove needs to allow for overlapping memory regions and, together
with memcpy, should return the input destination pointer, not the
address after the end of the copied data.
fixesARM-software/tf-issues#18
Signed-off-by: Jon Medhurst <tixy@linaro.org>
- This change is split into two separate patches in order to
simplify the history as interpreted by 'git'. The split is
between the move/rename and addition of new files.
- Remove dependency on toolchain C library headers and functions in
order to ensure behavioural compatibility between toolchains.
- Use FreeBSD as reference for C library implementation.
- Do not let GCC use default library include paths.
- Remove unused definitions in modified headers and implementations.
- Move C library files to 'lib/stdlib' and 'include/stdlib'.
- Break std.c functions out into separate files.
Change-Id: I3e3d8d992052264d2a02489034ae4c03bf0f5512
- This change is split into two separate patches in order to
simplify the history as interpreted by 'git'. The split is
between the move/rename and addition of new files.
- Remove dependency on toolchain C library headers and functions in
order to ensure behavioural compatibility between toolchains.
- Use FreeBSD as reference for C library implementation.
- Do not let GCC use default library include paths.
- Remove unused definitions in modified headers and implementations.
- Move C library files to 'lib/stdlib' and 'include/stdlib'.
- Break std.c functions out into separate files.
Change-Id: I91cddfb3229775f770ad781589670c57d347a154
Antonio Nino Diaz
Sandrine Bailleux
dp-arm
Dan Handley
Juan Castillo
Soby Mathew
James Morrissey
Jon Medhurst
Harry Liebel