Make authmode volatile This is to enforce reading it from memory for the double check to prevent compiler from optimising it away.

commit: 015aa44b93ae04ac50ccd763a5d152e2c44b0ab0 [log] [tgz]
author: Jarno Lamsa <jarno.lamsa@arm.com> Fri Dec 20 12:09:37 2019 +0200
committer: Jarno Lamsa <jarno.lamsa@arm.com> Fri Dec 20 12:09:37 2019 +0200
tree: 257a9853c831f931ed7e7650da871d49cdc89067
parent: af60cd769890259fb646c3a38ab2770d44ec8e1f [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 46b6679..611f26f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -7931,11 +7931,11 @@
     volatile int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
 
 #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET
+    volatile const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET
                        ? ssl->handshake->sni_authmode
                        : mbedtls_ssl_conf_get_authmode( ssl->conf );
 #else
-    const int authmode = mbedtls_ssl_conf_get_authmode( ssl->conf );
+    volatile const int authmode = mbedtls_ssl_conf_get_authmode( ssl->conf );
 #endif
 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
     volatile int crt_expected = SSL_CERTIFICATE_EXPECTED;
@@ -7989,6 +7989,7 @@
         1 )
 #endif
     {
+        mbedtls_platform_enforce_volatile_reads();
         if( authmode == MBEDTLS_SSL_VERIFY_NONE ||
             authmode == MBEDTLS_SSL_VERIFY_OPTIONAL ||
 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
commit	015aa44b93ae04ac50ccd763a5d152e2c44b0ab0	[log] [tgz]
author	Jarno Lamsa <jarno.lamsa@arm.com>	Fri Dec 20 12:09:37 2019 +0200
committer	Jarno Lamsa <jarno.lamsa@arm.com>	Fri Dec 20 12:09:37 2019 +0200
tree	257a9853c831f931ed7e7650da871d49cdc89067
parent	af60cd769890259fb646c3a38ab2770d44ec8e1f [diff] [blame]